View Full Version : Fast Find Answers redirect problem
ascom2010
2011-08-15, 03:09
Hello, I've been getting several redirects to Fast Find Answers everytime I use Firefox. I noticed a few similar threads on this so I figured I'd post my problem as well. Any help would be greatly appreciated, thanks in advance.
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Run by alle at 20:52:29 on 2011-08-14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1209 [GMT -4:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *Enabled*
.
============== Running Processes ===============
.
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\norton antivirus\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\alle\application data\mozilla\firefox\profiles\ydgd2gdn.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 63717
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1206000.01d\symds.sys [2011-5-2 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1206000.01d\symefa.sys [2011-5-2 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20110723.001\BHDrvx86.sys [2011-7-22 815736]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1206000.01d\ironx86.sys [2011-5-2 136312]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\norton antivirus\engine\18.6.0.29\ccsvchst.exe [2011-5-2 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-27 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20110812.030\IDSXpx86.sys [2011-8-13 355256]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20110814.003\NAVENG.SYS [2011-8-14 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20110814.003\NAVEX15.SYS [2011-8-14 1576312]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2008-7-11 33800]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
=============== Created Last 30 ================
.
2011-08-13 22:40:43 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-13 22:31:37 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-07-16 04:04:06 -------- d-----w- c:\documents and settings\alle\local settings\application data\NPE
2011-07-16 01:17:29 0 ---ha-w- c:\documents and settings\alle\dxxbmzjwpm.tmp
.
==================== Find3M ====================
.
2011-08-14 13:34:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-13 22:57:48 4530 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 20:54:08.29 ===============
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Sorry for the delay but things get a little crazy around here most times.
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1 (http://jpshortstuff.247fixes.com/GooredFix.exe)
Download Mirror #2 (http://downloads.securitycadets.com/GooredFix.exe)
Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
ascom2010
2011-08-21, 04:19
Thanks for the response Ken, here are the logs:
GooredFix by jpshortstuff (03.07.10.1)
Log created at 21:38 on 20/08/2011 (alle)
Firefox version 5.0 (en-US)
========== GooredScan ==========
Deleting "C:\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069}" -> Success!
========== GooredLog ==========
C:\Program Files\Mozilla Firefox\extensions\
{8545daff-ad1e-493f-a37e-eed1ac79682b} [20:51 20/03/2011]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [18:47 28/12/2008]
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [14:28 23/03/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [15:39 12/04/2009]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [18:10 31/08/2009]
C:\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [22:22 24/01/2011]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [04:39 15/08/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [01:45 25/10/2008]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\" [22:03 06/10/2010]
-=E.O.F=-
ascom2010
2011-08-21, 04:21
(I pressed submit on accident a minute ago, no bumping intended)
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7523
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
8/20/2011 10:06:55 PM
mbam-log-2011-08-20 (22-06-55).txt
Scan type: Quick scan
Objects scanned: 227623
Time elapsed: 8 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\active setup\installed components\ViewSonic Explorer V5.3 (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Just a question: Do I delete 'Goored Fix' and the 'Goored Fix Backups' folder? And for MBAM - I deleted the trojans in quarantine too, just letting you know. Thanks in advance!
Good Morning,
When where done we will remove all the tools we will use to clean you up, some you can keep like Malwarebytes, but just hang on until where done.
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
ascom2010
2011-08-22, 00:26
Ok, no problem!
OTL logfile created on: 8/21/2011 6:09:28 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\alle\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.94 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 73.87% Memory free
2.44 Gb Paging File | 2.04 Gb Available in Paging File | 83.43% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 72.42 Gb Total Space | 49.14 Gb Free Space | 67.85% Space Free | Partition Type: NTFS
Computer Name: WINXP_HOME | User Name: alle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\alle\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe (Symantec Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
========== Driver Services (SafeList) ==========
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110821.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110821.003\NAVENG.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110819.030\IDSXpx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110812.001\BHDrvx86.sys (Symantec Corporation)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\windows\System32\Drivers\NAV\1206000.01D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\windows\system32\drivers\NAV\1206000.01D\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\windows\System32\Drivers\NAV\1206000.01D\SYMTDI.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS (Symantec Corporation)
DRV - (MSHUSBVideo) -- C:\WINDOWS\system32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (USB_RNDIS_XP) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (VIAudio) Vinyl AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\vinyl97.sys (VIA Technologies, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (viaagp1) -- C:\windows\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 9D A7 16 D3 07 1C 40 B7 E5 3B 6E B0 B6 EF 11 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 9D A7 16 D3 07 1C 40 B7 E5 3B 6E B0 B6 EF 11 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 9D A7 16 D3 07 1C 40 B7 E5 3B 6E B0 B6 EF 11 [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 9D A7 16 D3 07 1C 40 B7 E5 3B 6E B0 B6 EF 11 [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
IE - HKU\S-1-5-21-3151372477-303091292-839091910-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3151372477-303091292-839091910-1006\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 9D A7 16 D3 07 1C 40 B7 E5 3B 6E B0 B6 EF 11 [binary data]
IE - HKU\S-1-5-21-3151372477-303091292-839091910-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3151372477-303091292-839091910-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 63717
FF - prefs.js..network.proxy.type: 4
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2011/08/17 10:11:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/28 11:39:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/28 09:10:57 | 000,000,000 | ---D | M]
[2008/12/28 14:47:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\alle\Application Data\Mozilla\Extensions
[2011/08/20 21:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions
[2011/01/24 18:22:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/21 21:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/20 16:51:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{8545daff-ad1e-493f-a37e-eed1ac79682b}
File not found (No name found) --
[2011/08/17 10:11:12 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPLGN
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YDGD2GDN.DEFAULT\EXTENSIONS\{D364076C-3592-462F-8238-10667957D069}
[2011/06/28 11:39:15 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/21 21:59:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/08/14 20:05:08 | 000,435,637 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15020 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3151372477-303091292-839091910-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3151372477-303091292-839091910-1006\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
O4 - HKLM..\Run: [SoundMan] C:\windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3151372477-303091292-839091910-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3151372477-303091292-839091910-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3151372477-303091292-839091910-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3151372477-303091292-839091910-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3151372477-303091292-839091910-1006\..Trusted Domains: //@install.mar@/ ([]msni in My Computer)
O15 - HKU\S-1-5-21-3151372477-303091292-839091910-1006\..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKU\S-1-5-21-3151372477-303091292-839091910-1006\..Trusted Domains: //@mail.mar@/ ([]msni in Local intranet)
O15 - HKU\S-1-5-21-3151372477-303091292-839091910-1006\..Trusted Domains: //@signup.mar@ ([]msn in My Computer)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220280676984 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3151372477-303091292-839091910-1006 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\alle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\alle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/11 05:11:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3ae2d98c-f8d2-11d9-84cf-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{3ae2d98c-f8d2-11d9-84cf-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3ae2d98c-f8d2-11d9-84cf-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{a5e42ec6-82b1-11dd-972e-0013d31758cf}\Shell - "" = AutoRun
O33 - MountPoints2\{a5e42ec6-82b1-11dd-972e-0013d31758cf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a5e42ec6-82b1-11dd-972e-0013d31758cf}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/08/21 18:03:28 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\alle\Desktop\OTL.exe
[2011/08/20 21:49:36 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/08/20 21:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/20 21:49:32 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/08/20 21:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/20 21:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alle\Desktop\GooredFix Backups
[2011/08/20 21:36:05 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\alle\Desktop\GooredFix.exe
[2011/08/20 21:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSNDynFiles
[2011/08/15 16:26:14 | 002,558,968 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\alle\Desktop\NPE.exe
[2011/08/13 18:40:43 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\rdpwd.sys
[2011/08/13 18:31:37 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ndistapi.sys
[9 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[4 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Documents and Settings\alle\Desktop\*.tmp files -> C:\Documents and Settings\alle\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\alle\*.tmp files -> C:\Documents and Settings\alle\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/08/21 18:03:26 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\alle\Desktop\OTL.exe
[2011/08/21 17:39:58 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2011/08/20 21:49:37 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/20 21:36:01 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\alle\Desktop\GooredFix.exe
[2011/08/20 21:15:33 | 000,012,598 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2011/08/15 16:26:14 | 002,558,968 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\alle\Desktop\NPE.exe
[2011/08/14 20:05:08 | 000,435,637 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2011/08/14 09:34:06 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2011/08/14 00:31:47 | 000,000,026 | ---- | M] () -- C:\windows\ulead32.ini
[2011/08/13 18:53:50 | 000,001,374 | ---- | M] () -- C:\windows\imsins.BAK
[2011/07/29 16:47:15 | 000,000,082 | ---- | M] () -- C:\windows\System32\316413642
[2011/07/25 11:17:44 | 005,969,920 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mshtml.dll
[9 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[4 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Documents and Settings\alle\Desktop\*.tmp files -> C:\Documents and Settings\alle\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\alle\*.tmp files -> C:\Documents and Settings\alle\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/08/20 21:49:37 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/18 17:56:32 | 000,002,940 | ---- | C] () -- C:\Documents and Settings\alle\Application Data\5E76.86D
[2010/12/07 15:20:56 | 000,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
[2010/11/09 19:52:27 | 000,032,396 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2010/10/05 17:55:35 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\alle\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/04/02 00:29:28 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\alle\Local Settings\Application Data\PUTTY.RND
[2008/12/28 14:48:02 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2008/04/06 13:22:33 | 000,000,026 | ---- | C] () -- C:\windows\ulead32.ini
[2008/04/04 15:11:38 | 000,000,116 | ---- | C] () -- C:\windows\NeroDigital.ini
[2007/09/01 20:52:51 | 000,000,288 | ---- | C] () -- C:\windows\ODBC.INI
[2006/12/11 17:27:43 | 000,000,047 | ---- | C] () -- C:\windows\JMAN.INI
[2006/12/11 17:23:49 | 000,000,072 | ---- | C] () -- C:\windows\filog.ini
[2006/10/16 14:38:05 | 000,000,004 | ---- | C] () -- C:\windows\System32\proc1395793746.bin
[2006/07/19 17:42:57 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\alle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/19 18:55:03 | 000,006,550 | ---- | C] () -- C:\windows\jautoexp.dat
[2006/04/11 21:35:32 | 000,000,000 | ---- | C] () -- C:\windows\QuickInstall.INI
[2006/03/13 18:23:38 | 000,000,038 | ---- | C] () -- C:\windows\TLTitleData.ini
[2006/02/10 19:49:52 | 000,286,720 | ---- | C] () -- C:\windows\System32\sndp2022.dll
[2006/02/10 19:49:52 | 000,229,376 | ---- | C] () -- C:\windows\System32\sndp2023.dll
[2006/02/10 19:49:52 | 000,224,640 | ---- | C] () -- C:\windows\System32\drivers\sndp202.sys
[2006/02/10 19:49:52 | 000,045,056 | ---- | C] () -- C:\windows\System32\dsndp202.dll
[2006/02/10 19:49:52 | 000,015,581 | ---- | C] () -- C:\windows\sndp202.ini
[2006/02/10 19:49:44 | 000,036,864 | ---- | C] () -- C:\windows\System32\vsndp202.dll
[2006/02/10 19:49:44 | 000,020,480 | ---- | C] () -- C:\windows\dsndp202.exe
[2006/02/10 19:47:36 | 000,000,071 | ---- | C] () -- C:\windows\pex.INI
[2006/01/20 23:31:04 | 000,000,004 | ---- | C] () -- C:\windows\System32\msvcf5bf.sys
[2005/12/19 15:50:04 | 000,000,017 | ---- | C] () -- C:\windows\Missing.ini
[2005/12/13 21:10:59 | 000,000,169 | ---- | C] () -- C:\windows\RtlRack.ini
[2005/12/13 20:54:39 | 000,079,674 | ---- | C] () -- C:\windows\hpfins05.dat
[2005/12/13 20:54:39 | 000,001,350 | ---- | C] () -- C:\windows\hpfmdl05.dat
[2005/12/09 22:08:40 | 000,001,087 | ---- | C] () -- C:\windows\eReg.dat
[2005/12/09 21:12:44 | 000,000,112 | ---- | C] () -- C:\windows\ActiveSkin.INI
[2005/12/09 20:51:26 | 000,000,000 | ---- | C] () -- C:\windows\PowerReg.dat
[2005/12/09 20:49:25 | 000,000,345 | ---- | C] () -- C:\windows\hegames.ini
[2005/09/07 11:08:06 | 000,004,569 | ---- | C] () -- C:\windows\System32\secupd.dat
[2005/09/07 11:07:49 | 000,272,128 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2005/09/07 11:07:49 | 000,028,626 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2005/09/07 11:07:31 | 000,000,741 | ---- | C] () -- C:\windows\System32\noise.dat
[2005/09/07 11:06:56 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2005/09/07 11:06:55 | 000,046,258 | ---- | C] () -- C:\windows\System32\mib.bin
[2005/09/07 11:05:32 | 000,218,003 | ---- | C] () -- C:\windows\System32\dssec.dat
[2005/09/07 11:04:57 | 000,001,804 | ---- | C] () -- C:\windows\System32\dcache.bin
[2005/07/22 00:17:22 | 000,036,864 | ---- | C] () -- C:\windows\System32\UnAudioNT.dll
[2005/07/20 23:55:20 | 000,000,060 | ---- | C] () -- C:\windows\System32\SYSDRV.DAT
[2005/06/11 09:24:49 | 000,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2005/06/11 05:17:58 | 000,000,164 | ---- | C] () -- C:\windows\avrack.ini
[2005/06/11 05:17:56 | 000,155,648 | ---- | C] () -- C:\windows\System32\RTLCPAPI.dll
[2005/06/11 05:16:15 | 000,003,359 | ---- | C] () -- C:\windows\Ascd_tmp.ini
[2005/06/11 05:16:14 | 000,005,824 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2005/06/11 05:13:36 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2005/06/11 05:09:48 | 000,021,640 | ---- | C] () -- C:\windows\System32\emptyregdb.dat
[2005/06/11 01:01:57 | 000,004,346 | ---- | C] () -- C:\windows\ODBCINST.INI
[2005/06/11 01:01:00 | 000,167,504 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2005/04/27 14:38:00 | 000,372,736 | ---- | C] () -- C:\windows\System32\hpzidi01.dll
[2005/04/27 14:37:49 | 000,077,824 | ---- | C] () -- C:\windows\System32\hpzids01.dll
[2005/01/13 18:19:23 | 000,000,436 | ---- | C] () -- C:\windows\System32\OEMINFO.INI
[2002/04/20 18:03:52 | 000,004,514 | ---- | C] () -- C:\windows\System32\oembios.dat
[2002/04/20 18:03:48 | 013,107,200 | ---- | C] () -- C:\windows\System32\oembios.bin
========== LOP Check ==========
[2005/09/15 05:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Simple Star
[2005/09/15 05:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.WINXP_HOME\Application Data\SampleView
[2005/09/15 05:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.WINXP_HOME\Application Data\Simple Star
[2005/09/15 05:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.WINXP_HOME\Application Data\Snapfish
[2009/04/03 19:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2006/03/21 20:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2007/11/19 20:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2011/08/20 21:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSNDynFiles
[2008/10/10 17:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2006/03/21 20:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2006/02/09 21:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/11/25 13:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/11/09 19:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/03 22:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/03/12 14:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alle\Application Data\Aim
[2007/07/11 19:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alle\Application Data\Azureus
[2008/08/11 19:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alle\Application Data\Dev-Cpp
[2007/04/28 16:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alle\Application Data\GanymedeNet
[2007/11/24 10:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alle\Application Data\GetRightToGo
[2006/02/26 11:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alle\Application Data\Image Zone Express
[2005/12/09 21:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alle\Application Data\Leadertech
[2011/07/01 12:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alle\Application Data\MSNInstaller
[2007/03/29 18:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alle\Application Data\Opera
[2005/09/15 05:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alle\Application Data\SampleView
[2009/11/30 19:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alle\Application Data\SecondLife
[2005/09/15 05:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alle\Application Data\Simple Star
[2007/01/01 18:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alle\Application Data\Snapfish
[2009/04/01 19:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alle\Application Data\TeamViewer
[2011/04/11 12:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alle\Application Data\Tific
[2006/02/10 19:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alle\Application Data\Ulead Systems
[2008/03/16 11:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles\Application Data\acccore
[2006/12/03 18:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles\Application Data\MSNInstaller
[2005/09/15 05:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles\Application Data\SampleView
[2005/09/15 05:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles\Application Data\Simple Star
[2005/09/15 05:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles\Application Data\Snapfish
[2005/09/15 05:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2005/09/15 05:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Simple Star
[2005/09/15 05:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Snapfish
[2005/07/20 20:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2002/02/15 09:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Simple Star
[2002/02/15 09:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2009/05/03 14:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sylve\Application Data\Image Zone Express
[2007/06/09 08:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sylve\Application Data\MSNInstaller
[2005/09/15 05:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sylve\Application Data\SampleView
[2005/09/15 05:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sylve\Application Data\Simple Star
[2005/09/15 05:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sylve\Application Data\Snapfish
========== Purity Check ==========
< End of report >
ascom2010
2011-08-22, 00:27
OTL Extras logfile created on: 8/21/2011 6:09:28 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\alle\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.94 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 73.87% Memory free
2.44 Gb Paging File | 2.04 Gb Available in Paging File | 83.43% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 72.42 Gb Total Space | 49.14 Gb Free Space | 67.85% Space Free | Partition Type: NTFS
Computer Name: WINXP_HOME | User Name: alle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-3151372477-303091292-839091910-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Documents and Settings\alle\Local Settings\Temp\IXP000.TMP\smwinvnc.exe" = C:\Documents and Settings\alle\Local Settings\Temp\IXP000.TMP\smwinvnc.exe:*:Enabled:TightVNC Win32 Server
"C:\Documents and Settings\alle\Local Settings\Temp\IXP000.TMP\SMPCSetup.exe" = C:\Documents and Settings\alle\Local Settings\Temp\IXP000.TMP\SMPCSetup.exe:*:Enabled:SMPCSetup
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Program Files\SecondLife\SLVoice.exe" = C:\Program Files\SecondLife\SLVoice.exe:*:Disabled:SLVoice
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-785F-478A-BAA2-87F1A136068C}" = MSN Encarta Plus Support Files
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{25EF03E6-F17B-11D6-88EA-000476CD2443}" = Verizon Online Help & Support
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 15
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C0BAFCA-BDB8-492B-8845-DC0A4B4C1823}" = HPDeskjet5400Series
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BCB7EAA-598C-4836-B7EA-3642E41AA222}" = Microsoft LifeCam
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Visual C++ 2005 CRT Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E85397AD-D60E-4141-82E6-FAA312A09271}" = Concord Camera Eye-Q 1200x
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}" = HP Deskjet 5400 series
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CSCLIB" = Canon Camera Support Core Library
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"EOS Utility" = Canon Utilities EOS Utility
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NAV" = Norton AntiVirus
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"S3" = UniChromeII Graphics Driver and Utilities
"Shockwave" = Shockwave
"Verizon Online DSL_is1" = Verizon Online DSL
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3151372477-303091292-839091910-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 6/21/2011 11:42:27 PM | Computer Name = WINXP_HOME | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service aspnet_state
(ASP.NET State Service) failed. The Error code is the first DWORD in Data section.
Error - 6/21/2011 11:42:30 PM | Computer Name = WINXP_HOME | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.
Error - 6/21/2011 11:42:30 PM | Computer Name = WINXP_HOME | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ASP.NET (ASP.NET)
failed. The Error code is the first DWORD in Data section.
Error - 7/17/2011 8:49:10 PM | Computer Name = WINXP_HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved
Error - 7/17/2011 8:49:16 PM | Computer Name = WINXP_HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 8/8/2011 7:18:44 PM | Computer Name = WINXP_HOME | Source = Application Hang | ID = 1002
Description = Hanging application msn.exe, version 10.0.79.2600, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 8/13/2011 6:57:43 PM | Computer Name = WINXP_HOME | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ASP.NET_2.0.50727
(ASP.NET_2.0.50727) failed. The Error code is the first DWORD in Data section.
Error - 8/13/2011 6:57:46 PM | Computer Name = WINXP_HOME | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service aspnet_state
(ASP.NET State Service) failed. The Error code is the first DWORD in Data section.
Error - 8/13/2011 6:57:48 PM | Computer Name = WINXP_HOME | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.
Error - 8/13/2011 6:57:48 PM | Computer Name = WINXP_HOME | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ASP.NET (ASP.NET)
failed. The Error code is the first DWORD in Data section.
[ System Events ]
Error - 8/20/2011 9:24:55 PM | Computer Name = WINXP_HOME | Source = Service Control Manager | ID = 7034
Description = The MSCamSvc service terminated unexpectedly. It has done this 1
time(s).
Error - 8/20/2011 9:24:58 PM | Computer Name = WINXP_HOME | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).
Error - 8/20/2011 9:43:02 PM | Computer Name = WINXP_HOME | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 8/20/2011 9:43:02 PM | Computer Name = WINXP_HOME | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 8/20/2011 10:15:08 PM | Computer Name = WINXP_HOME | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 8/20/2011 10:15:08 PM | Computer Name = WINXP_HOME | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 8/21/2011 5:44:09 PM | Computer Name = WINXP_HOME | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 8/21/2011 5:44:09 PM | Computer Name = WINXP_HOME | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 8/21/2011 5:45:00 PM | Computer Name = WINXP_HOME | Source = Service Control Manager | ID = 7034
Description = The MSCamSvc service terminated unexpectedly. It has done this 1
time(s).
Error - 8/21/2011 5:45:03 PM | Computer Name = WINXP_HOME | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).
< End of report >
Good Morning,
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
FF - prefs.js..network.proxy.http_port: 63717
[2011/08/20 21:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alle\Desktop\GooredFix Backups
[2011/08/20 21:36:05 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\alle\Desktop\GooredFix.exe
:Services
:Reg
:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
ascom2010
2011-08-22, 16:20
Good morning Ken, I encountered a small problem while running the OTL fix - an error message popped up saying:
"Cannot create file C:\Windows\System32\drivers\etc\hosts"
This was during the part when OTL was resetting the hosts, but it seemed to just stop after the error message. I waited 20 minutes before restarting the computer because it seemed to just pause. After restarting, this popped up (in Notepad):
Files\Folders moved on Reboot...
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069}\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069}\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069}\defaults scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069}\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069}\defaults scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069} scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069}\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069}\defaults scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069} scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069}\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069}\defaults scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069} scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069}\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069}\defaults scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069} scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069}\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069}\defaults scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069} scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069}\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069}\defaults scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069} scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069}\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069}\defaults scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069} scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069}\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069}\defaults scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069} scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069}\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069}\defaults scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069} scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069}\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069}\defaults scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069} scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069}\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069}\defaults scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069} scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups\C scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\alle\Desktop\GooredFix Backups scheduled to be moved on reboot.
C:\windows\System32\drivers\etc\Hosts moved successfully.
Registry entries deleted on Reboot...
Do you suggest we re-do this step? Let me also note that:
-Minimal output was already chosen under "Output"
-Scan All Users was unchecked already before the scan
- LOP and Purity were unchecked automatically too.
Hi, Tashi forwarded me your PM regarding the hosts file. As you where getting redirected its possible that the hosts file was infected and we tried to get OTL to replace the current one with a clean copy, Actually the sex links entry along with the rest point to Hosts: 127.0.0.1, which is your own computer , its safe , most likely you had Spybot enter them in the hosts file for safety. But being redirected we just wanted to replace them all to flush out any baddies that may be in there.
Do this
Do this first...Important
Disable the TeaTimer, leave it disabled, do not turn it back on until we're done or it will prevent fixes from taking
Run Spybot-S&D in Advanced Mode.
If it is not already set to do this Go to the Mode menu select "Advanced Mode"
On the left hand side, Click on Tools
Then click on the Resident Icon in the List
Uncheck "Resident TeaTimer" and OK any prompts.
Restart your computer.<--You need to do this for it to take effect
Please do not proceed until the TeaTimer is disabled
Then run this fix with OTL again
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
:Services
:Reg
:Files
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
ascom2010
2011-08-22, 18:53
Ah ok, thanks for the clear up! Teatimer was already disabled, but I went through the steps just to make sure and it was already unchecked. Here's the OTL fix before I run OTL again:
All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Administrator.WINXP_HOME
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: All Users
User: alle
->Temp folder emptied: 7405568 bytes
->Temporary Internet Files folder emptied: 99464611 bytes
->Java cache emptied: 33374934 bytes
->FireFox cache emptied: 60650508 bytes
->Flash cache emptied: 36453 bytes
User: charles
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 1015 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: sylve
->Temp folder emptied: 3804114 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 19432305 bytes
->FireFox cache emptied: 4773184 bytes
->Flash cache emptied: 53196 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2240559 bytes
%systemroot%\System32 .tmp files removed: 8561603 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 135715242 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 358.00 mb
OTL by OldTimer - Version 3.2.26.5 log created on 08222011_123937
Files\Folders moved on Reboot...
File\Folder C:\windows\temp\Perflib_Perfdata_5e0.dat not found!
Registry entries deleted on Reboot...
:bigthumb:
Go ahead and run a new scan with OTL and post the log
ascom2010
2011-08-22, 19:09
OTL logfile created on: 8/22/2011 12:57:27 PM - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\alle\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.94 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 73.38% Memory free
2.44 Gb Paging File | 2.01 Gb Available in Paging File | 82.17% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 72.42 Gb Total Space | 49.49 Gb Free Space | 68.33% Space Free | Partition Type: NTFS
Computer Name: WINXP_HOME | User Name: alle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\alle\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe (Symantec Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
========== Driver Services (SafeList) ==========
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110821.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110821.003\NAVENG.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110819.030\IDSXpx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110812.001\BHDrvx86.sys (Symantec Corporation)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\windows\System32\Drivers\NAV\1206000.01D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\windows\system32\drivers\NAV\1206000.01D\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\windows\System32\Drivers\NAV\1206000.01D\SYMTDI.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS (Symantec Corporation)
DRV - (MSHUSBVideo) -- C:\WINDOWS\system32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (USB_RNDIS_XP) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (VIAudio) Vinyl AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\vinyl97.sys (VIA Technologies, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (viaagp1) -- C:\windows\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 9D A7 16 D3 07 1C 40 B7 E5 3B 6E B0 B6 EF 11 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 9D A7 16 D3 07 1C 40 B7 E5 3B 6E B0 B6 EF 11 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 9D A7 16 D3 07 1C 40 B7 E5 3B 6E B0 B6 EF 11 [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 9D A7 16 D3 07 1C 40 B7 E5 3B 6E B0 B6 EF 11 [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
IE - HKU\S-1-5-21-3151372477-303091292-839091910-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3151372477-303091292-839091910-1006\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 9D A7 16 D3 07 1C 40 B7 E5 3B 6E B0 B6 EF 11 [binary data]
IE - HKU\S-1-5-21-3151372477-303091292-839091910-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3151372477-303091292-839091910-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.type: 4
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2011/08/17 10:11:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/28 11:39:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/28 09:10:57 | 000,000,000 | ---D | M]
[2008/12/28 14:47:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\alle\Application Data\Mozilla\Extensions
[2011/08/20 21:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions
[2011/01/24 18:22:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/21 21:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/20 16:51:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{8545daff-ad1e-493f-a37e-eed1ac79682b}
File not found (No name found) --
[2011/08/17 10:11:12 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPLGN
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YDGD2GDN.DEFAULT\EXTENSIONS\{D364076C-3592-462F-8238-10667957D069}
[2011/06/28 11:39:15 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/21 21:59:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/08/22 12:39:38 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3151372477-303091292-839091910-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3151372477-303091292-839091910-1006\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
O4 - HKLM..\Run: [SoundMan] C:\windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3151372477-303091292-839091910-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3151372477-303091292-839091910-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3151372477-303091292-839091910-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3151372477-303091292-839091910-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3151372477-303091292-839091910-1006\..Trusted Domains: //@install.mar@/ ([]msni in My Computer)
O15 - HKU\S-1-5-21-3151372477-303091292-839091910-1006\..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKU\S-1-5-21-3151372477-303091292-839091910-1006\..Trusted Domains: //@mail.mar@/ ([]msni in Local intranet)
O15 - HKU\S-1-5-21-3151372477-303091292-839091910-1006\..Trusted Domains: //@signup.mar@ ([]msn in My Computer)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220280676984 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3151372477-303091292-839091910-1006 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\alle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\alle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/11 05:11:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3ae2d98c-f8d2-11d9-84cf-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{3ae2d98c-f8d2-11d9-84cf-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3ae2d98c-f8d2-11d9-84cf-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{a5e42ec6-82b1-11dd-972e-0013d31758cf}\Shell - "" = AutoRun
O33 - MountPoints2\{a5e42ec6-82b1-11dd-972e-0013d31758cf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a5e42ec6-82b1-11dd-972e-0013d31758cf}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/08/22 09:31:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/21 18:03:28 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\alle\Desktop\OTL.exe
[2011/08/20 21:49:36 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/08/20 21:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/20 21:49:32 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/08/20 21:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/20 21:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alle\Desktop\GooredFix Backups
[2011/08/20 21:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSNDynFiles
[2011/08/15 16:26:14 | 002,558,968 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\alle\Desktop\NPE.exe
[2011/08/13 18:40:43 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\rdpwd.sys
[2011/08/13 18:31:37 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ndistapi.sys
[1 C:\Documents and Settings\alle\Desktop\*.tmp files -> C:\Documents and Settings\alle\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\alle\*.tmp files -> C:\Documents and Settings\alle\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/08/22 12:41:30 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2011/08/22 12:39:38 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2011/08/21 21:29:26 | 000,000,026 | ---- | M] () -- C:\windows\ulead32.ini
[2011/08/21 18:03:26 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\alle\Desktop\OTL.exe
[2011/08/20 21:49:37 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/20 21:15:33 | 000,012,598 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2011/08/15 16:26:14 | 002,558,968 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\alle\Desktop\NPE.exe
[2011/08/14 09:34:06 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2011/08/13 18:53:50 | 000,001,374 | ---- | M] () -- C:\windows\imsins.BAK
[2011/07/29 16:47:15 | 000,000,082 | ---- | M] () -- C:\windows\System32\316413642
[2011/07/25 11:17:44 | 005,969,920 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mshtml.dll
[1 C:\Documents and Settings\alle\Desktop\*.tmp files -> C:\Documents and Settings\alle\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\alle\*.tmp files -> C:\Documents and Settings\alle\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/08/20 21:49:37 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/18 17:56:32 | 000,002,940 | ---- | C] () -- C:\Documents and Settings\alle\Application Data\5E76.86D
[2010/12/07 15:20:56 | 000,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
[2010/11/09 19:52:27 | 000,032,396 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2010/10/05 17:55:35 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\alle\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/04/02 00:29:28 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\alle\Local Settings\Application Data\PUTTY.RND
[2008/12/28 14:48:02 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2008/04/06 13:22:33 | 000,000,026 | ---- | C] () -- C:\windows\ulead32.ini
[2008/04/04 15:11:38 | 000,000,116 | ---- | C] () -- C:\windows\NeroDigital.ini
[2007/09/01 20:52:51 | 000,000,288 | ---- | C] () -- C:\windows\ODBC.INI
[2006/12/11 17:27:43 | 000,000,047 | ---- | C] () -- C:\windows\JMAN.INI
[2006/12/11 17:23:49 | 000,000,072 | ---- | C] () -- C:\windows\filog.ini
[2006/10/16 14:38:05 | 000,000,004 | ---- | C] () -- C:\windows\System32\proc1395793746.bin
[2006/07/19 17:42:57 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\alle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/19 18:55:03 | 000,006,550 | ---- | C] () -- C:\windows\jautoexp.dat
[2006/04/11 21:35:32 | 000,000,000 | ---- | C] () -- C:\windows\QuickInstall.INI
[2006/03/13 18:23:38 | 000,000,038 | ---- | C] () -- C:\windows\TLTitleData.ini
[2006/02/10 19:49:52 | 000,286,720 | ---- | C] () -- C:\windows\System32\sndp2022.dll
[2006/02/10 19:49:52 | 000,229,376 | ---- | C] () -- C:\windows\System32\sndp2023.dll
[2006/02/10 19:49:52 | 000,224,640 | ---- | C] () -- C:\windows\System32\drivers\sndp202.sys
[2006/02/10 19:49:52 | 000,045,056 | ---- | C] () -- C:\windows\System32\dsndp202.dll
[2006/02/10 19:49:52 | 000,015,581 | ---- | C] () -- C:\windows\sndp202.ini
[2006/02/10 19:49:44 | 000,036,864 | ---- | C] () -- C:\windows\System32\vsndp202.dll
[2006/02/10 19:49:44 | 000,020,480 | ---- | C] () -- C:\windows\dsndp202.exe
[2006/02/10 19:47:36 | 000,000,071 | ---- | C] () -- C:\windows\pex.INI
[2006/01/20 23:31:04 | 000,000,004 | ---- | C] () -- C:\windows\System32\msvcf5bf.sys
[2005/12/19 15:50:04 | 000,000,017 | ---- | C] () -- C:\windows\Missing.ini
[2005/12/13 21:10:59 | 000,000,169 | ---- | C] () -- C:\windows\RtlRack.ini
[2005/12/13 20:54:39 | 000,079,674 | ---- | C] () -- C:\windows\hpfins05.dat
[2005/12/13 20:54:39 | 000,001,350 | ---- | C] () -- C:\windows\hpfmdl05.dat
[2005/12/09 22:08:40 | 000,001,087 | ---- | C] () -- C:\windows\eReg.dat
[2005/12/09 21:12:44 | 000,000,112 | ---- | C] () -- C:\windows\ActiveSkin.INI
[2005/12/09 20:51:26 | 000,000,000 | ---- | C] () -- C:\windows\PowerReg.dat
[2005/12/09 20:49:25 | 000,000,345 | ---- | C] () -- C:\windows\hegames.ini
[2005/09/07 11:08:06 | 000,004,569 | ---- | C] () -- C:\windows\System32\secupd.dat
[2005/09/07 11:07:49 | 000,272,128 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2005/09/07 11:07:49 | 000,028,626 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2005/09/07 11:07:31 | 000,000,741 | ---- | C] () -- C:\windows\System32\noise.dat
[2005/09/07 11:06:56 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2005/09/07 11:06:55 | 000,046,258 | ---- | C] () -- C:\windows\System32\mib.bin
[2005/09/07 11:05:32 | 000,218,003 | ---- | C] () -- C:\windows\System32\dssec.dat
[2005/09/07 11:04:57 | 000,001,804 | ---- | C] () -- C:\windows\System32\dcache.bin
[2005/07/22 00:17:22 | 000,036,864 | ---- | C] () -- C:\windows\System32\UnAudioNT.dll
[2005/07/20 23:55:20 | 000,000,060 | ---- | C] () -- C:\windows\System32\SYSDRV.DAT
[2005/06/11 09:24:49 | 000,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2005/06/11 05:17:58 | 000,000,164 | ---- | C] () -- C:\windows\avrack.ini
[2005/06/11 05:17:56 | 000,155,648 | ---- | C] () -- C:\windows\System32\RTLCPAPI.dll
[2005/06/11 05:16:15 | 000,003,359 | ---- | C] () -- C:\windows\Ascd_tmp.ini
[2005/06/11 05:16:14 | 000,005,824 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2005/06/11 05:13:36 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2005/06/11 05:09:48 | 000,021,640 | ---- | C] () -- C:\windows\System32\emptyregdb.dat
[2005/06/11 01:01:57 | 000,004,346 | ---- | C] () -- C:\windows\ODBCINST.INI
[2005/06/11 01:01:00 | 000,167,504 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2005/04/27 14:38:00 | 000,372,736 | ---- | C] () -- C:\windows\System32\hpzidi01.dll
[2005/04/27 14:37:49 | 000,077,824 | ---- | C] () -- C:\windows\System32\hpzids01.dll
[2005/01/13 18:19:23 | 000,000,436 | ---- | C] () -- C:\windows\System32\OEMINFO.INI
[2002/04/20 18:03:52 | 000,004,514 | ---- | C] () -- C:\windows\System32\oembios.dat
[2002/04/20 18:03:48 | 013,107,200 | ---- | C] () -- C:\windows\System32\oembios.bin
< End of report >
I am going to look over your log in a bit, at work and dont know how much longer I will have internet access , may not get back to you until late afternoon.
In the meantime, see if this makes sense to you
Hosts file info
This address is just made up to show you how it works. All web pages are assigned an address. So when you enter bobshoes.com in your address bar, windows converts it to the numbers, why, as humans its easier to tell some one you went online and bought those shoes at bobs shoes rather then tell them you got them at 126.117.214.165
Lets say goodsite.com is assigned IP address of 146.214.123.214, everytime you enter goodsite.com in your address bar, windows converts it 146.214.123.214 and it goes out and finds it and the page loads. What happens is sometimes malware infectes the hosts file and changes those numbers
Example
goodsite.com- 146.214.123.214 <--Remember this is made up but lets say its legit
Malware can do this
goodsite.com - 277.213.124.215 <-- converted the number to there own malware site
So when you enter goodsite.com it takes you to there malware site instead of goodsite where you wanted to go
Your log shows entries for sexlinks with a number of 127.0.0.1 <-- This was put there by Spybot so that if you should wander into sexlinks.com it will take you to your own computer, when it cant find the website it just goes away, its another layer of protection
Hang in, be back as soon as I can
ascom2010
2011-08-22, 19:33
It all makes sense now, Spybot works wonders! It's interesting to see that it managed to change the numbers in the hosts file to my computer in order to prevent more redirects. Thanks for the explanation, I would've never thought of it!
Looks fine, any redirects or unwanted popup windows ?
Please download JavaRa (http://raproducts.org/click/click.php?id=1) to your desktop and unzip it to its own folder
Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic
ascom2010
2011-08-23, 01:43
No problems so far! Just a question: Does it matter if I download the Windows x64 or x86 version? How do I find out which one is mine? Thanks in advance!
(From here: http://www.oracle.com/technetwork/java/javase/downloads/java-se-jre-7-download-432155.html )
Your system is 32 bit so you need the x86 version
ascom2010
2011-08-23, 06:10
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=f6c2c02d4f72cc45969ed05f52e9d2ce
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-23 03:57:17
# local_time=2011-08-22 11:57:17 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 76310441 76310441 0 0
# compatibility_mode=3584 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=79645
# found=3
# cleaned=3
# scan_time=3634
C:\Documents and Settings\sylve\Application Data\Mozilla\Firefox\Profiles\6zpdq4fl.default\extensions\{d364076c-3592-462f-8238-10667957d069}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Downloaded Program Files\vzbb.dll.old Win32/Adware.MegaSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08222011_093107\C_Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
Just some additional info: I downloaded the online version of the x86 (there was a choice between online and offline on that link above so I went for online). Also: At the end of the ESET scan, I had both "Uninstall application on close" and "Delete quarantined files" checked - but if we need to use it again, I'll get it again.
Looks like your good to go.
Malwarebytes is the free version and yours to keep, the pro version offers a protection moduale that will block access to known bad sites, the cost is minimal, I believe around $25 , a one time fee, not yearly, but this of course is up to you.
Any tools we used that OTL does not remove, you can just drag them to the trash
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
ascom2010
2011-08-23, 17:35
Thanks for all the help, Ken! :bigthumb: I really appreciate it :police:
I deleted all the past restore points and created a new one as a test like on the tutorial so I'm all set! Have a good day!
Your very welcome,
Take care
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.