Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijacked Browser

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hijacked Browser

Unread postby 96halx » October 2nd, 2010, 6:23 pm

Not completely sure what happened, did a search on google and was right-clicking on some of the pages to open them in a new tab (3 different pages) and all three were redirected to ad-type sites.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:13:20 PM, on 10/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
D:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {078FD650-12C7-4244-BF43-B69F11575817} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {250AEAEE-7055-A78B-FB34-5A2305D9616F} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: WIKI.DLL
O20 - Winlogon Notify: 80fc4f63985 - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 4680 bytes



Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.12 (Unicode)
avast! Free Antivirus
Belkin Wireless G Plus MIMO Notebook Card
Bonjour
Broadcom 440x 10/100 Integrated Controller
CCleaner
C-Major Audio
Conexant D110 MDC V.92 Modem
Defraggler
File Shredder 2.0
Glary Utilities 2.27.0.982
Google SketchUp 7
HiJackThis
Intel(R) Graphics Media Accelerator Driver for Mobile
iTunes
Java(TM) 6 Update 21
Malwarebytes' Anti-Malware
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.10)
OOo-dev 3.3
QuickTime
Security Update for Windows XP (KB923789)
Serious Samurize
Skype Toolbars
Skype™ 4.2
Speccy
Spybot - Search & Destroy
Unlocker 1.9.0
Windows XP Service Pack 3
XP Smoker Free Edition 5.7
96halx
Active Member
 
Posts: 5
Joined: October 2nd, 2010, 6:16 pm
Advertisement
Register to Remove

Re: Hijacked Browser

Unread postby askey127 » October 4th, 2010, 9:59 am

Hi 96halx,
-----------------------------------------------------------
Download and Run a Diagnostic Tool (MGADiag.exe) from here and save this to your desktop.
http://go.microsoft.com/fwlink/?linkid=56062
* Double-click on MGADiag.exe
* When the program has finished, click on the Validation tab and then click on Copy to Clipboard.
* Please post the results in your next reply.
---------------------------------------------
Please download OTL.exe by OldTimer and save it to your desktop.
  • Double click on the icon to run it. For Vista or Win7, right click the icon and choose "Run as administrator".
  • Make sure all other windows are closed to let it run uninterrupted.
  • Copy the text in the code box below and paste it into the Custom Scans/Fixes box.
    Code: Select all
    netsvcs
    drivers32 
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg 
    %systemroot%\*.jpg 
    %systemroot%\*.png 
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.* 
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav 
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x 
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

So we are looking for the log from MGADiag, and the two logs from OTL.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Hijacked Browser

Unread postby 96halx » October 4th, 2010, 12:28 pm

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Validation Control not Installed
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-PKKT3-24BHQ-YTC7M
Windows Product Key Hash: NCfImBr8PjSPKFg/Z3cpekUWDhY=
Windows Product ID: 76477-OEM-2161254-82944
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {5F94D30F-367A-48E5-AB38-53E6D6950BCA}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{5F94D30F-367A-48E5-AB38-53E6D6950BCA}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-YTC7M</PKey><PID>76477-OEM-2161254-82944</PID><PIDType>3</PIDType><SID>S-1-5-21-1844237615-220523388-725345543</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 6000 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A03</Version><SMBIOSVersion major="2" minor="3"/><Date>20050112000000.000000+000</Date></BIOS><HWID>B4AD3107018400F2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 183F2:Dell Inc|183F2:Microsoft Corporation
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A


OTL logfile created on: 10/4/2010 12:21:09 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\96halx\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 17.58 Gb Total Space | 8.97 Gb Free Space | 51.04% Space Free | Partition Type: NTFS
Drive D: | 19.67 Gb Total Space | 14.55 Gb Free Space | 73.96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEANS
Current User Name: 96halx
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/04 12:15:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\96halx\desktop\OTL.exe
PRC - [2010/09/22 11:19:19 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/09/22 11:19:11 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/10/07 14:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/07/27 16:41:08 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/06/28 23:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe


========== Modules (SafeList) ==========

MOD - [2010/10/04 12:15:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\96halx\desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\UIUSys.sys -- (UIUSys)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/08/15 00:04:31 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/29 20:43:25 | 000,215,872 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2005/09/28 20:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/08/26 23:39:08 | 000,352,768 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2005/06/18 02:48:46 | 000,019,968 | ---- | M] (WikiTek Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ss.sys -- (StreamSurge) StreamSurge Driver (miniport)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 16:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/03/02 13:47:54 | 000,015,872 | ---- | M] (Gemtek Technology Co.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Belkin\F5D9010\BKNDIS5.sys -- (BKNDIS5)
DRV - [2004/05/26 15:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 50 D6 8F 07 C7 12 44 42 BF 43 B6 9F 11 57 58 17 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {b422f337-27e5-4d5c-bb07-c189e7e7d7f2}:0.4.5
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {aa5aa470-3262-4e71-b05a-1d58dca19682}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/03 11:36:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/03 11:36:11 | 000,000,000 | ---D | M]

[2010/07/01 19:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\96halx\Application Data\Mozilla\Extensions
[2010/07/01 19:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\96halx\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/03 14:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\96halx\Application Data\Mozilla\Firefox\Profiles\dor2c9ef.default\extensions
[2010/07/01 16:14:34 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\96halx\Application Data\Mozilla\Firefox\Profiles\dor2c9ef.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/08/17 17:02:26 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\96halx\Application Data\Mozilla\Firefox\Profiles\dor2c9ef.default\extensions\{aa5aa470-3262-4e71-b05a-1d58dca19682}
[2010/07/17 16:31:08 | 000,000,000 | ---D | M] (WataCrackaz AutoSMS) -- C:\Documents and Settings\96halx\Application Data\Mozilla\Firefox\Profiles\dor2c9ef.default\extensions\{b422f337-27e5-4d5c-bb07-c189e7e7d7f2}
[2010/10/03 14:15:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/02 18:02:22 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/19 02:12:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/19 02:12:16 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/17 23:18:09 | 000,416,619 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 http://www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 http://www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 http://www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 http://www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 http://www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 http://www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 http://www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 http://www.10sek.com
O1 - Hosts: 127.0.0.1 http://www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14381 more lines...
O2 - BHO: (no name) - {078FD650-12C7-4244-BF43-B69F11575817} - No CLSID value found.
O2 - BHO: (no name) - {250AEAEE-7055-A78B-FB34-5A2305D9616F} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.226.32.9 137.118.1.32
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (WIKI.DLL) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\80fc4f63985: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\96halx\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\96halx\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/29 19:59:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/04 12:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/10/04 12:17:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/10/04 12:16:19 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\96halx\Desktop\OTL.exe
[2010/10/04 12:13:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\96halx\Recent
[2010/10/01 15:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/01 15:15:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/01 15:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/23 23:41:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\96halx\Application Data\Audacity
[2010/09/05 19:38:35 | 000,262,144 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\vbaListView6.ocx
[2010/09/05 19:38:35 | 000,245,760 | ---- | C] (LansSoft Studio) -- C:\WINDOWS\System32\aUpdateNow.ocx
[2010/09/05 19:38:35 | 000,065,536 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\vbalProgBar6.ocx
[2010/09/05 19:38:35 | 000,053,248 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\SSubTmr6.dll
[2010/09/05 19:38:35 | 000,049,152 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\vbalAVI6.ocx
[2010/09/05 19:38:35 | 000,032,768 | ---- | C] (WareSoft Software) -- C:\WINDOWS\System32\ServiceRepair.exe
[2010/09/05 19:38:34 | 000,200,704 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\vbalExpBar6.ocx
[2010/09/05 19:38:34 | 000,094,208 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\vbalIml6.ocx
[2010/09/05 19:38:33 | 000,061,440 | ---- | C] (MKC Computers) -- C:\WINDOWS\System32\mkcHyperlink.ocx
[2010/09/05 19:38:33 | 000,032,768 | ---- | C] (Sanx Consulting) -- C:\WINDOWS\System32\svcmgr.ocx
[2010/08/19 02:28:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/08/19 02:20:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Stardock
[2010/08/19 02:20:34 | 000,042,672 | ---- | C] (Stardock.Net, Inc) -- C:\WINDOWS\System32\wbsys.dll
[2010/08/19 02:14:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\96halx\Application Data\OOo-dev
[2010/08/19 02:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\OOo-dev 3
[2010/08/19 02:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/19 02:12:32 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/08/19 02:12:32 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/08/19 02:12:32 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/08/19 02:12:32 | 000,073,728 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/08/19 02:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/08/19 02:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\96halx\Desktop\Autoruns
[2010/08/18 16:24:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/08/18 16:24:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/08/18 16:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\96halx\Local Settings\Application Data\Adobe
[2010/08/17 16:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\96halx\Application Data\WinRAR
[2010/08/17 16:57:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\852371460
[2010/08/15 00:21:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\DAEMON Tools Images
[2010/08/15 00:05:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\96halx\Local Settings\Application Data\Google
[2010/08/15 00:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\96halx\Application Data\DAEMON Tools Lite
[2010/08/15 00:02:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/08/09 15:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\96halx\Application Data\Google
[2010/08/09 15:03:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/08/02 18:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\96halx\Application Data\skypePM
[2010/08/02 18:02:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\96halx\Application Data\Skype
[2010/08/02 18:02:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/08/02 18:01:56 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/08/02 18:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/04 12:17:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/04 12:15:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\96halx\Desktop\OTL.exe
[2010/10/04 12:14:07 | 005,505,024 | ---- | M] () -- C:\Documents and Settings\96halx\NTUSER.DAT
[2010/10/04 12:04:20 | 000,055,808 | ---- | M] () -- C:\Documents and Settings\96halx\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/04 11:53:58 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/10/04 11:53:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/04 11:53:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/03 16:28:22 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\96halx\ntuser.ini
[2010/10/03 16:28:18 | 005,357,592 | -H-- | M] () -- C:\Documents and Settings\96halx\Local Settings\Application Data\IconCache.db
[2010/10/02 18:35:22 | 000,000,551 | ---- | M] () -- C:\Documents and Settings\96halx\Desktop\Glary Utilities.lnk
[2010/10/02 18:30:09 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/02 17:14:29 | 000,002,327 | ---- | M] () -- C:\Documents and Settings\96halx\Desktop\HiJackThis.lnk
[2010/10/02 15:09:43 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\96halx\Local Settings\Application Data\housecall.guid.cache
[2010/10/02 14:59:52 | 000,000,576 | ---- | M] () -- C:\Documents and Settings\96halx\Desktop\CCleaner.lnk
[2010/09/21 20:26:15 | 000,000,585 | ---- | M] () -- C:\Documents and Settings\96halx\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/09/21 14:55:12 | 000,010,174 | ---- | M] () -- C:\Documents and Settings\96halx\My Documents\The Lord's Prayer.odt
[2010/09/14 15:16:49 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/09/07 11:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/07 10:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/09/05 20:35:00 | 000,019,240 | ---- | M] () -- C:\Documents and Settings\96halx\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/05 19:38:39 | 000,030,026 | ---- | M] () -- C:\WINDOWS\System32\tcpipbak.reg
[2010/09/05 19:38:35 | 000,000,527 | ---- | M] () -- C:\Documents and Settings\96halx\Desktop\XP Smoker Free Edition.lnk
[2010/08/25 16:14:26 | 000,036,081 | ---- | M] () -- C:\Documents and Settings\96halx\My Documents\fudgy engine and cross.skp
[2010/08/25 15:33:29 | 000,032,318 | ---- | M] () -- C:\Documents and Settings\96halx\My Documents\fudgy engine and cross.skb
[2010/08/24 18:04:27 | 000,026,373 | ---- | M] () -- C:\Documents and Settings\96halx\My Documents\Fudgys engine and trans mockup.skp
[2010/08/19 02:27:35 | 000,118,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/19 02:26:52 | 000,002,560 | ---- | M] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/08/19 02:19:29 | 000,002,317 | ---- | M] () -- C:\Documents and Settings\96halx\My Documents\New Database.odb
[2010/08/19 02:13:55 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OOo-dev 3.3.lnk
[2010/08/19 02:12:16 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/08/19 02:12:16 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/08/19 02:12:16 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/08/19 02:12:16 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/08/19 02:12:15 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/17 23:18:09 | 000,416,619 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2010/08/17 23:18:09 | 000,416,619 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/17 22:22:54 | 000,003,636 | -HS- | M] () -- C:\Documents and Settings\96halx\Application Data\020000006370a21c985P.manifest
[2010/08/17 22:11:09 | 000,000,138 | -HS- | M] () -- C:\Documents and Settings\96halx\Application Data\020000006370a21c985O.manifest
[2010/08/17 22:11:09 | 000,000,051 | -HS- | M] () -- C:\Documents and Settings\96halx\Application Data\020000006370a21c985C.manifest
[2010/08/17 22:11:09 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\96halx\Application Data\020000006370a21c985S.manifest
[2010/08/17 16:57:17 | 000,203,776 | -HS- | M] () -- C:\WINDOWS\System32\unrar.exe
[2010/08/15 00:05:29 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\96halx\Desktop\Google Chrome.lnk
[2010/08/15 00:05:29 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\96halx\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/15 00:04:33 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010/08/15 00:04:31 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/08/14 23:34:51 | 000,000,678 | ---- | M] () -- C:\Documents and Settings\96halx\Desktop\Defraggler.lnk
[2010/08/14 14:27:07 | 000,000,556 | ---- | M] () -- C:\Documents and Settings\96halx\Desktop\Speccy.lnk
[2010/08/05 11:24:29 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/02 18:02:07 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/02 17:14:19 | 000,002,327 | ---- | C] () -- C:\Documents and Settings\96halx\Desktop\HiJackThis.lnk
[2010/10/02 15:09:43 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\96halx\Local Settings\Application Data\housecall.guid.cache
[2010/10/01 15:16:34 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/21 20:26:15 | 000,000,585 | ---- | C] () -- C:\Documents and Settings\96halx\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/09/21 14:55:11 | 000,010,174 | ---- | C] () -- C:\Documents and Settings\96halx\My Documents\The Lord's Prayer.odt
[2010/09/05 19:38:39 | 000,030,026 | ---- | C] () -- C:\WINDOWS\System32\tcpipbak.reg
[2010/09/05 19:38:35 | 000,000,527 | ---- | C] () -- C:\Documents and Settings\96halx\Desktop\XP Smoker Free Edition.lnk
[2010/09/05 19:38:34 | 017,434,964 | ---- | C] () -- C:\WINDOWS\ie-ads.reg
[2010/09/05 19:38:34 | 000,000,674 | ---- | C] () -- C:\WINDOWS\ie-ads-uninst.reg
[2010/09/05 19:38:34 | 000,000,492 | ---- | C] () -- C:\WINDOWS\System32\outfix.reg
[2010/09/05 19:38:34 | 000,000,300 | ---- | C] () -- C:\WINDOWS\totals.reg
[2010/08/25 15:33:29 | 000,032,318 | ---- | C] () -- C:\Documents and Settings\96halx\My Documents\fudgy engine and cross.skb
[2010/08/24 22:41:38 | 000,036,081 | ---- | C] () -- C:\Documents and Settings\96halx\My Documents\fudgy engine and cross.skp
[2010/08/24 18:04:27 | 000,026,373 | ---- | C] () -- C:\Documents and Settings\96halx\My Documents\Fudgys engine and trans mockup.skp
[2010/08/19 02:26:52 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/08/19 02:16:31 | 000,002,317 | ---- | C] () -- C:\Documents and Settings\96halx\My Documents\New Database.odb
[2010/08/19 02:13:55 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OOo-dev 3.3.lnk
[2010/08/17 16:57:17 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2010/08/17 16:56:58 | 000,003,636 | -HS- | C] () -- C:\Documents and Settings\96halx\Application Data\020000006370a21c985P.manifest
[2010/08/17 16:56:58 | 000,000,138 | -HS- | C] () -- C:\Documents and Settings\96halx\Application Data\020000006370a21c985O.manifest
[2010/08/17 16:56:58 | 000,000,051 | -HS- | C] () -- C:\Documents and Settings\96halx\Application Data\020000006370a21c985C.manifest
[2010/08/17 16:56:58 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\96halx\Application Data\020000006370a21c985S.manifest
[2010/08/15 00:05:29 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\96halx\Desktop\Google Chrome.lnk
[2010/08/15 00:05:29 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\96halx\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/15 00:04:33 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010/08/15 00:04:31 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/08/14 23:34:51 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\96halx\Desktop\Defraggler.lnk
[2010/08/14 14:27:07 | 000,000,556 | ---- | C] () -- C:\Documents and Settings\96halx\Desktop\Speccy.lnk
[2010/08/02 18:04:42 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/02 18:02:07 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/06/29 20:59:34 | 000,055,808 | ---- | C] () -- C:\Documents and Settings\96halx\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/29 20:08:32 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\F5D9010.dll
[2010/06/29 20:07:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll

========== LOP Check ==========

[2010/09/23 23:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\96halx\Application Data\Audacity
[2010/08/15 00:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\96halx\Application Data\DAEMON Tools Lite
[2010/07/10 15:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\96halx\Application Data\GlarySoft
[2010/08/19 02:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\96halx\Application Data\OOo-dev
[2010/06/29 20:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\96halx\Application Data\TrueCrypt
[2010/06/29 20:24:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/15 00:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/10/01 15:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/29 22:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/10/04 11:53:58 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/06/29 19:59:11 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/29 19:51:09 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/06/29 19:59:11 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/06/29 19:59:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/29 19:59:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/06/30 00:45:59 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/04 11:53:25 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/06/29 19:58:34 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/06/29 15:43:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/06/29 15:43:15 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/06/29 15:43:15 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/06/30 00:52:14 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/06/30 01:05:53 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\96halx\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/06/29 20:04:25 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\96halx\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/10/04 12:14:44 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\96halx\desktop\MGADiag.exe
[2010/10/04 12:15:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\96halx\desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-01 14:26:35
< End of report >




OTL Extras logfile created on: 10/4/2010 12:21:09 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\96halx\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 17.58 Gb Total Space | 8.97 Gb Free Space | 51.04% Space Free | Partition Type: NTFS
Drive D: | 19.67 Gb Total Space | 14.55 Gb Free Space | 73.96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEANS
Current User Name: 96halx
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A43D5F06-45CC-4040-B85E-AB993D13D73D}" = Belkin Wireless G Plus MIMO Notebook Card
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B3F6591E-D615-4123-87B1-49E7DEDD2F66}" = OOo-dev 3.3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"Defraggler" = Defraggler
"File Shredder_is1" = File Shredder 2.0
"Glary Utilities_is1" = Glary Utilities 2.28.0.1011
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Speccy" = Speccy
"Unlocker" = Unlocker 1.9.0
"Windows XP Service Pack" = Windows XP Service Pack 3
"XP Smoker Free Edition_is1" = XP Smoker Free Edition 5.7

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/2/2010 6:04:43 PM | Computer Name = BEANS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/2/2010 6:04:43 PM | Computer Name = BEANS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/14/2010 2:10:37 PM | Computer Name = BEANS | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/17/2010 4:57:03 PM | Computer Name = BEANS | Source = Application Error | ID = 1000
Description = Faulting application patch.exe, version 0.0.0.0, faulting module patch.exe,
version 0.0.0.0, fault address 0x00002864.

Error - 8/17/2010 4:58:20 PM | Computer Name = BEANS | Source = Application Error | ID = 1000
Description = Faulting application patch.exe, version 0.0.0.0, faulting module patch.exe,
version 0.0.0.0, fault address 0x00002864.

Error - 8/17/2010 4:59:46 PM | Computer Name = BEANS | Source = Application Error | ID = 1000
Description = Faulting application patch.exe, version 0.0.0.0, faulting module patch.exe,
version 0.0.0.0, fault address 0x00002864.

Error - 8/17/2010 4:59:46 PM | Computer Name = BEANS | Source = Application Error | ID = 1000
Description = Faulting application patch.exe, version 0.0.0.0, faulting module patch.exe,
version 0.0.0.0, fault address 0x00002864.

Error - 8/17/2010 4:59:49 PM | Computer Name = BEANS | Source = Application Error | ID = 1000
Description = Faulting application patch.exe, version 0.0.0.0, faulting module patch.exe,
version 0.0.0.0, fault address 0x00002864.

Error - 8/17/2010 5:01:37 PM | Computer Name = BEANS | Source = Application Error | ID = 1000
Description = Faulting application patch.exe, version 0.0.0.0, faulting module patch.exe,
version 0.0.0.0, fault address 0x00002864.

Error - 8/17/2010 5:02:27 PM | Computer Name = BEANS | Source = Application Error | ID = 1000
Description = Faulting application patch.exe, version 0.0.0.0, faulting module patch.exe,
version 0.0.0.0, fault address 0x00002864.

[ System Events ]
Error - 8/25/2010 3:01:27 PM | Computer Name = BEANS | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 8/25/2010 3:01:27 PM | Computer Name = BEANS | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 8/25/2010 3:01:27 PM | Computer Name = BEANS | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 8/25/2010 3:01:27 PM | Computer Name = BEANS | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 8/25/2010 3:01:27 PM | Computer Name = BEANS | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 8/25/2010 3:01:27 PM | Computer Name = BEANS | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 8/25/2010 3:01:27 PM | Computer Name = BEANS | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 8/25/2010 3:01:27 PM | Computer Name = BEANS | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 8/25/2010 3:01:27 PM | Computer Name = BEANS | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 8/28/2010 9:14:01 PM | Computer Name = BEANS | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001CDF55FC7D. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.


< End of report >


Also, it seems that the majority of the problem is when I use google's search engine, yahoo's is either not affected as much or at all.
96halx
Active Member
 
Posts: 5
Joined: October 2nd, 2010, 6:16 pm

Re: Hijacked Browser

Unread postby askey127 » October 4th, 2010, 12:59 pm

96halx,
----------------------------------------------
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Now Ensure all Firefox windows are closed.
  • To run the tool, double-click it.
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
----------------------------------------------
Is there any reason why you have not Validated Windows yet? Windows really needs to get validated or it will get re-infected quickly.

Go to the Microsoft Diagnostics Site
Be sure to use Internet Explorer for this (not Firefox).
It's HERE
Click "Start Diagnostics" button. If it shows some items failed, follow the steps to fix it, and click "Try Again".

Then Please visit This website using Internet Explorer.
Follow the instructions to Validate Windows, then run MGADiag.exe again and post the new log in your next reply.

Let me know how it goes.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Hijacked Browser

Unread postby 96halx » October 4th, 2010, 1:50 pm

GooredFix by jpshortstuff (03.07.10.1)
Log created at 13:41 on 04/10/2010 (96halx)
Firefox version 3.6.10 (en-US)

========== GooredScan ==========

Deleting "C:\Documents and Settings\96halx\Application Data\Mozilla\Firefox\Profiles\dor2c9ef.default\extensions\{aa5aa470-3262-4e71-b05a-1d58dca19682}" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [00:21 30/06/2010]
{AB2CE124-6272-4b12-94A9-7303C7397BD1} [22:02 02/08/2010]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [06:12 19/08/2010]

C:\Documents and Settings\96halx\Application Data\Mozilla\Firefox\Profiles\dor2c9ef.default\extensions\
{7b13ec3e-999a-4b70-b9cb-2617b8323822} [20:14 01/07/2010]
{b422f337-27e5-4d5c-bb07-c189e7e7d7f2} [20:31 17/07/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [06:12 19/08/2010]

-=E.O.F=-



Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-PKKT3-24BHQ-YTC7M
Windows Product Key Hash: NCfImBr8PjSPKFg/Z3cpekUWDhY=
Windows Product ID: 76477-OEM-2161254-82944
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {5F94D30F-367A-48E5-AB38-53E6D6950BCA}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{5F94D30F-367A-48E5-AB38-53E6D6950BCA}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-YTC7M</PKey><PID>76477-OEM-2161254-82944</PID><PIDType>3</PIDType><SID>S-1-5-21-1844237615-220523388-725345543</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 6000 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A03</Version><SMBIOSVersion major="2" minor="3"/><Date>20050112000000.000000+000</Date></BIOS><HWID>B4AD3107018400F2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 183F2:Dell Inc|183F2:Microsoft Corporation
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A
96halx
Active Member
 
Posts: 5
Joined: October 2nd, 2010, 6:16 pm

Re: Hijacked Browser

Unread postby askey127 » October 4th, 2010, 2:39 pm

96halx,
----------------------------------------------
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :OTL
    FF - prefs.js..extensions.enabledItems: {b422f337-27e5-4d5c-bb07-c189e7e7d7f2}:0.4.5
    [2010/07/01 16:14:34 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\96halx\Application Data\Mozilla\Firefox\Profiles\dor2c9ef.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    [2010/07/17 16:31:08 | 000,000,000 | ---D | M] (WataCrackaz AutoSMS) -- C:\Documents and Settings\96halx\Application Data\Mozilla\Firefox\Profiles\dor2c9ef.default\extensions\{b422f337-27e5-4d5c-bb07-c189e7e7d7f2}
    FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
    
    :Commands
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
---------------------------------------------------------
Download IE8 and install it (you can use Firefox for the download):
http://www.microsoft.com/windows/intern ... sites.aspx

Let me know how it goes, and whether you are still getting redirects.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Hijacked Browser

Unread postby 96halx » October 4th, 2010, 6:29 pm

OTL logfile created on: 10/4/2010 6:21:02 PM - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\96halx\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 17.58 Gb Total Space | 9.63 Gb Free Space | 54.76% Space Free | Partition Type: NTFS
Drive D: | 19.67 Gb Total Space | 14.38 Gb Free Space | 73.08% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEANS
Current User Name: 96halx
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/04 12:15:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\96halx\desktop\OTL.exe
PRC - [2010/09/22 11:19:19 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/09/22 11:19:11 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/10/07 14:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/07/27 16:41:08 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/06/28 23:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe


========== Modules (SafeList) ==========

MOD - [2010/10/04 12:15:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\96halx\desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\UIUSys.sys -- (UIUSys)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/08/15 00:04:31 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/29 20:43:25 | 000,215,872 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2005/09/28 20:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/08/26 23:39:08 | 000,352,768 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2005/06/18 02:48:46 | 000,019,968 | ---- | M] (WikiTek Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ss.sys -- (StreamSurge) StreamSurge Driver (miniport)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 16:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/03/02 13:47:54 | 000,015,872 | ---- | M] (Gemtek Technology Co.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Belkin\F5D9010\BKNDIS5.sys -- (BKNDIS5)
DRV - [2004/05/26 15:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 50 D6 8F 07 C7 12 44 42 BF 43 B6 9F 11 57 58 17 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/04 15:32:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/04 15:32:40 | 000,000,000 | ---D | M]

[2010/07/01 19:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\96halx\Application Data\Mozilla\Extensions
[2010/07/01 19:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\96halx\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/04 18:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\96halx\Application Data\Mozilla\Firefox\Profiles\dor2c9ef.default\extensions
[2010/10/03 14:15:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/02 18:02:22 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/19 02:12:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/19 02:12:16 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/17 23:18:09 | 000,416,619 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14381 more lines...
O2 - BHO: (no name) - {078FD650-12C7-4244-BF43-B69F11575817} - No CLSID value found.
O2 - BHO: (no name) - {250AEAEE-7055-A78B-FB34-5A2305D9616F} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://go.microsoft.com/fwlink/?LinkId=82580 (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.226.32.9 137.118.1.32
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (WIKI.DLL) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\80fc4f63985: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\96halx\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\96halx\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/29 19:59:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/04 18:16:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/04 18:03:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\96halx\Recent
[2010/10/04 15:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/04 15:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/10/04 13:41:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\96halx\Desktop\GooredFix Backups
[2010/10/04 13:40:41 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\96halx\Desktop\GooredFix.exe
[2010/10/04 12:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/10/04 12:17:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/10/04 12:16:19 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\96halx\Desktop\OTL.exe
[2010/10/01 15:15:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/01 15:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/23 23:41:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\96halx\Application Data\Audacity
[2010/09/05 19:38:35 | 000,262,144 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\vbaListView6.ocx
[2010/09/05 19:38:35 | 000,245,760 | ---- | C] (LansSoft Studio) -- C:\WINDOWS\System32\aUpdateNow.ocx
[2010/09/05 19:38:35 | 000,065,536 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\vbalProgBar6.ocx
[2010/09/05 19:38:35 | 000,053,248 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\SSubTmr6.dll
[2010/09/05 19:38:35 | 000,049,152 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\vbalAVI6.ocx
[2010/09/05 19:38:35 | 000,032,768 | ---- | C] (WareSoft Software) -- C:\WINDOWS\System32\ServiceRepair.exe
[2010/09/05 19:38:34 | 000,200,704 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\vbalExpBar6.ocx
[2010/09/05 19:38:34 | 000,094,208 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\vbalIml6.ocx
[2010/09/05 19:38:33 | 000,061,440 | ---- | C] (MKC Computers) -- C:\WINDOWS\System32\mkcHyperlink.ocx
[2010/09/05 19:38:33 | 000,032,768 | ---- | C] (Sanx Consulting) -- C:\WINDOWS\System32\svcmgr.ocx
[2010/08/19 02:28:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/08/19 02:20:34 | 000,042,672 | ---- | C] (Stardock.Net, Inc) -- C:\WINDOWS\System32\wbsys.dll
[2010/08/19 02:14:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\96halx\Application Data\OOo-dev
[2010/08/19 02:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\OOo-dev 3
[2010/08/19 02:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/19 02:12:32 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/08/19 02:12:32 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/08/19 02:12:32 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/08/19 02:12:32 | 000,073,728 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/08/19 02:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/08/19 02:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\96halx\Desktop\Autoruns
[2010/08/18 16:24:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/08/18 16:24:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/08/18 16:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\96halx\Local Settings\Application Data\Adobe
[2010/08/17 16:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\96halx\Application Data\WinRAR
[2010/08/17 16:57:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\852371460
[2010/08/15 00:21:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\DAEMON Tools Images
[2010/08/15 00:05:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\96halx\Local Settings\Application Data\Google
[2010/08/15 00:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\96halx\Application Data\DAEMON Tools Lite
[2010/08/15 00:02:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/08/09 15:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\96halx\Application Data\Google
[2010/08/09 15:03:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/08/02 18:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\96halx\Application Data\skypePM
[2010/08/02 18:02:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\96halx\Application Data\Skype
[2010/08/02 18:02:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/08/02 18:01:56 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/08/02 18:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype

========== Files - Modified Within 90 Days ==========

[2010/10/04 18:22:23 | 004,561,690 | ---- | M] () -- C:\Documents and Settings\96halx\Desktop\IE8-WindowsXP-x86-ENU.exe.part
[2010/10/04 18:22:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\96halx\Desktop\IE8-WindowsXP-x86-ENU.exe
[2010/10/04 18:18:03 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/10/04 18:17:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/04 18:17:46 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/04 18:17:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/04 18:16:54 | 005,505,024 | ---- | M] () -- C:\Documents and Settings\96halx\NTUSER.DAT
[2010/10/04 18:16:54 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\96halx\ntuser.ini
[2010/10/04 17:56:28 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\96halx\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/04 15:41:40 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/04 15:32:24 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/04 15:28:35 | 005,358,498 | -H-- | M] () -- C:\Documents and Settings\96halx\Local Settings\Application Data\IconCache.db
[2010/10/04 13:40:41 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\96halx\Desktop\GooredFix.exe
[2010/10/04 12:15:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\96halx\Desktop\OTL.exe
[2010/10/02 18:35:22 | 000,000,551 | ---- | M] () -- C:\Documents and Settings\96halx\Desktop\Glary Utilities.lnk
[2010/10/02 17:14:29 | 000,002,327 | ---- | M] () -- C:\Documents and Settings\96halx\Desktop\HiJackThis.lnk
[2010/10/02 15:09:43 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\96halx\Local Settings\Application Data\housecall.guid.cache
[2010/10/02 14:59:52 | 000,000,576 | ---- | M] () -- C:\Documents and Settings\96halx\Desktop\CCleaner.lnk
[2010/09/21 20:26:15 | 000,000,585 | ---- | M] () -- C:\Documents and Settings\96halx\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/09/14 15:16:49 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/09/07 11:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/07 10:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/09/05 20:35:00 | 000,019,240 | ---- | M] () -- C:\Documents and Settings\96halx\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/05 19:38:39 | 000,030,026 | ---- | M] () -- C:\WINDOWS\System32\tcpipbak.reg
[2010/09/05 19:38:35 | 000,000,527 | ---- | M] () -- C:\Documents and Settings\96halx\Desktop\XP Smoker Free Edition.lnk
[2010/08/19 02:27:35 | 000,118,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/19 02:26:52 | 000,002,560 | ---- | M] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/08/19 02:13:55 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OOo-dev 3.3.lnk
[2010/08/19 02:12:16 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/08/19 02:12:16 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/08/19 02:12:16 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/08/19 02:12:16 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/08/19 02:12:15 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/17 23:18:09 | 000,416,619 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2010/08/17 23:18:09 | 000,416,619 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/17 22:22:54 | 000,003,636 | -HS- | M] () -- C:\Documents and Settings\96halx\Application Data\020000006370a21c985P.manifest
[2010/08/17 22:11:09 | 000,000,138 | -HS- | M] () -- C:\Documents and Settings\96halx\Application Data\020000006370a21c985O.manifest
[2010/08/17 22:11:09 | 000,000,051 | -HS- | M] () -- C:\Documents and Settings\96halx\Application Data\020000006370a21c985C.manifest
[2010/08/17 22:11:09 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\96halx\Application Data\020000006370a21c985S.manifest
[2010/08/17 16:57:17 | 000,203,776 | -HS- | M] () -- C:\WINDOWS\System32\unrar.exe
[2010/08/15 00:05:29 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\96halx\Desktop\Google Chrome.lnk
[2010/08/15 00:05:29 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\96halx\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/15 00:04:33 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010/08/15 00:04:31 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/08/14 23:34:51 | 000,000,678 | ---- | M] () -- C:\Documents and Settings\96halx\Desktop\Defraggler.lnk
[2010/08/14 14:27:07 | 000,000,556 | ---- | M] () -- C:\Documents and Settings\96halx\Desktop\Speccy.lnk
[2010/08/05 11:24:29 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/02 18:02:07 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2010/10/04 15:34:00 | 000,002,055 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/04 15:32:24 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/02 17:14:19 | 000,002,327 | ---- | C] () -- C:\Documents and Settings\96halx\Desktop\HiJackThis.lnk
[2010/10/02 15:09:43 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\96halx\Local Settings\Application Data\housecall.guid.cache
[2010/09/21 20:26:15 | 000,000,585 | ---- | C] () -- C:\Documents and Settings\96halx\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/09/05 19:38:39 | 000,030,026 | ---- | C] () -- C:\WINDOWS\System32\tcpipbak.reg
[2010/09/05 19:38:35 | 000,000,527 | ---- | C] () -- C:\Documents and Settings\96halx\Desktop\XP Smoker Free Edition.lnk
[2010/09/05 19:38:34 | 017,434,964 | ---- | C] () -- C:\WINDOWS\ie-ads.reg
[2010/09/05 19:38:34 | 000,000,674 | ---- | C] () -- C:\WINDOWS\ie-ads-uninst.reg
[2010/09/05 19:38:34 | 000,000,492 | ---- | C] () -- C:\WINDOWS\System32\outfix.reg
[2010/09/05 19:38:34 | 000,000,300 | ---- | C] () -- C:\WINDOWS\totals.reg
[2010/08/19 02:26:52 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/08/19 02:13:55 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OOo-dev 3.3.lnk
[2010/08/17 16:57:17 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2010/08/17 16:56:58 | 000,003,636 | -HS- | C] () -- C:\Documents and Settings\96halx\Application Data\020000006370a21c985P.manifest
[2010/08/17 16:56:58 | 000,000,138 | -HS- | C] () -- C:\Documents and Settings\96halx\Application Data\020000006370a21c985O.manifest
[2010/08/17 16:56:58 | 000,000,051 | -HS- | C] () -- C:\Documents and Settings\96halx\Application Data\020000006370a21c985C.manifest
[2010/08/17 16:56:58 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\96halx\Application Data\020000006370a21c985S.manifest
[2010/08/15 00:05:29 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\96halx\Desktop\Google Chrome.lnk
[2010/08/15 00:05:29 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\96halx\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/15 00:04:33 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010/08/15 00:04:31 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/08/14 23:34:51 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\96halx\Desktop\Defraggler.lnk
[2010/08/14 14:27:07 | 000,000,556 | ---- | C] () -- C:\Documents and Settings\96halx\Desktop\Speccy.lnk
[2010/08/02 18:04:42 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/02 18:02:07 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/06/29 20:59:34 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\96halx\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/29 20:08:32 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\F5D9010.dll
[2010/06/29 20:07:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL

========== LOP Check ==========

[2010/09/23 23:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\96halx\Application Data\Audacity
[2010/08/15 00:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\96halx\Application Data\DAEMON Tools Lite
[2010/07/10 15:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\96halx\Application Data\GlarySoft
[2010/08/19 02:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\96halx\Application Data\OOo-dev
[2010/06/29 20:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\96halx\Application Data\TrueCrypt
[2010/06/29 20:24:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/15 00:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/10/01 15:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/29 22:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/10/04 18:18:03 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========


< End of report >


That seems to have solved the problem! I thank you very much for your time and expertise; hopefully I won't have to bother you again :-)
96halx
Active Member
 
Posts: 5
Joined: October 2nd, 2010, 6:16 pm

Re: Hijacked Browser

Unread postby askey127 » October 4th, 2010, 7:04 pm

96halx,
Don't go away just yet !
Let's get rid of a couple stray entries, and some settings left over from the infection.
----------------------------------------------
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :OTL
    O2 - BHO: (no name) - {078FD650-12C7-4244-BF43-B69F11575817} - No CLSID value found.
    O2 - BHO: (no name) - {250AEAEE-7055-A78B-FB34-5A2305D9616F} - No CLSID value found.
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O20 - Winlogon\Notify\80fc4f63985: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    
    :Commands
    [CLEARALLRESTOREPOINTS]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.

You can remove OTL from your desktop.
You should be good to go.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Hijacked Browser

Unread postby 96halx » October 4th, 2010, 7:20 pm

Thanks so much, really appreciate it.
96halx
Active Member
 
Posts: 5
Joined: October 2nd, 2010, 6:16 pm

Re: Hijacked Browser

Unread postby askey127 » October 5th, 2010, 6:43 am

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 305 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware