Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Internet Explorer sometimes freezes up and causes immediate reboot

Started by stratec , Jan 27 2010 06:19 AM

  • Please log in to reply

#1
stratec
Posted 27 January 2010 - 06:19 AM

stratec

    Member

  • Member
  • PipPip
  • 52 posts
Greetings on wise one! This is my 8 or 9th post and you've always been able to help me. I've contributed money to the cause and will do the same after this.

I followed the Malware and Cleaning Guide step by step on 4 year old desktop running XP given to my parents by one of the grandchildren. I suspect it has a lot of programs which have or had malware or viruses. Besides any cleaning instructions if you see any programs running that are not needed for a vanilla user (they use Outlook Express and Internet Explorer only) please let me know. In general the machine runs fairly slow. Also, sometimes Internet Explorer will blue screen and then cause a reboot. Very strange.

MBAM, GMER, OTL and OTL Logs follow below. I run full scan with McAfee and found 13 items which I cleaned including Generic PUP.z 2 times.
Thanks!

***** MBAM log:
Malwarebytes' Anti-Malware 1.44
Database version: 3640
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/26/2010 7:16:07 AM
mbam-log-2010-01-26 (07-16-07).txt

Scan type: Quick Scan
Objects scanned: 120296
Time elapsed: 16 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\MyWay (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

********GMER log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-27 02:32:46
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fgldapog.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF576678A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xF5766821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF5766738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF576674C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xF5766835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF5766861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF57668CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF57668B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF57667CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF57668FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xF576680D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF5766710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF5766724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF576679E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xF5766937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF57668A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF576688D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xF576684B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xF5766923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xF576690F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF5766776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF5766762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xF5766877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF57667F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xF57668E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF57667E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF57667B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat F237FD20

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

********OTL log:
OTL logfile created on: 1/27/2010 2:38:43 AM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

991.00 Mb Total Physical Memory | 547.00 Mb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1486 1486 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.85 Gb Total Space | 20.71 Gb Free Space | 63.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERIC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/27 02:37:21 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/04 16:53:34 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/11/04 15:59:50 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/29 06:54:44 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/18 17:52:42 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/06/26 17:21:00 | 00,757,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2009/03/08 12:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/13 18:12:33 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\savedump.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/09/17 12:32:12 | 00,335,872 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\WDBtnMgr.exe
PRC - [2003/10/06 12:16:00 | 00,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe
PRC - [2002/05/02 18:51:36 | 00,061,440 | ---- | M] (Macromedia Inc.) -- C:\CFusionMX\runtime\bin\jrun.exe
PRC - [2002/05/02 18:51:36 | 00,057,344 | ---- | M] (Macromedia Inc.) -- C:\CFusionMX\runtime\bin\jrunsvc.exe
PRC - [2002/03/25 08:47:14 | 00,946,222 | ---- | M] () -- C:\CFusionMX\db\slserver52\bin\swsoc.exe
PRC - [2001/09/25 16:00:00 | 00,667,717 | ---- | M] () -- C:\CFusionMX\db\slserver52\bin\swagent.exe
PRC - [2001/09/25 16:00:00 | 00,102,469 | ---- | M] () -- C:\CFusionMX\db\slserver52\bin\swstrtr.exe
PRC - [2001/08/17 23:36:42 | 00,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\devldr32.exe
PRC - [1998/05/07 10:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\SYSTEM\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2010/01/27 02:37:21 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/04 16:53:34 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/04 15:59:50 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/29 06:54:44 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/10/28 11:50:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/18 17:52:42 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/10/06 12:16:00 | 00,081,920 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002/05/02 18:51:36 | 00,057,344 | ---- | M] (Macromedia Inc.) [Auto | Running] -- C:\CFusionMX\runtime\bin\jrunsvc.exe -- (ColdFusion MX Application Server)
SRV - [2001/09/25 16:00:00 | 00,667,717 | ---- | M] () [Auto | Running] -- C:\CFusionMX\db\slserver52\bin\swagent.exe -- (ColdFusion MX ODBC Agent)
SRV - [2001/09/25 16:00:00 | 00,102,469 | ---- | M] () [Auto | Running] -- C:\CFusionMX\db\slserver52\bin\swstrtr.exe -- (ColdFusion MX ODBC Server)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_srch-us3_URL = http://srch-us3.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,srch-us3 Page = http://srch-us3.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,srch-us3 Page = http://srch-us3.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.no_proxies_on: "localhost"

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/01/06 11:19:16 | 00,000,000 | ---D | M]

[2007/09/30 15:19:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9o2wwvbd.default\extensions
[2006/10/29 08:00:30 | 00,000,000 | ---D | M] (Saferfox Xpanded 2.3.1) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9o2wwvbd.default\extensions\{00D4154F-96D3-41ff-8E8E-113596D8670B}
[2006/10/29 08:00:30 | 00,000,000 | ---D | M] (Brushed) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9o2wwvbd.default\extensions\{07D70F98-08D3-432e-8BD6-496AD6481A68}
[2006/10/29 08:00:30 | 00,000,000 | ---D | M] (Plastikfox Crystal SVG) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9o2wwvbd.default\extensions\{4674e8a2-eb7e-4822-b517-b18328b3e8e8}
[2007/09/22 05:36:59 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9o2wwvbd.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2007/09/22 05:37:00 | 00,000,000 | ---D | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9o2wwvbd.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2006/10/29 08:00:30 | 00,000,000 | ---D | M] (Modern Pinball) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9o2wwvbd.default\extensions\{E800A8D5-6B36-4854-9F21-443F8CBFF835}
[2009/07/28 20:23:55 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2004/11/12 21:36:20 | 00,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
[2005/04/27 15:31:10 | 00,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPUploader.dll

O1 HOSTS File: ([2003/11/12 16:09:44 | 00,000,296 | ---- | M]) - C:\WINDOWS\SYSTEM32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 66.40.16.131 livesexlist.com
O1 - Hosts: 66.40.16.131 lanasbigboobs.com
O1 - Hosts: 66.40.16.131 thumbnailpost.com
O1 - Hosts: 66.40.16.131 adult-series.com
O1 - Hosts: 66.40.16.131 www.livesexlist.com
O1 - Hosts: 66.40.16.131 www.lanasbigboobs.com
O1 - Hosts: 66.40.16.131 www.thumbnailpost.com
O1 - Hosts: 66.40.16.131 www.adult-series.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - No CLSID value found.
O4 - HKLM..\Run: [AHQInit] C:\Program Files\Creative\SBLive2k\Program\AHQInit.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\SYSTEM\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_15.dll (Sun Microsystems, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} http://codecs.micros...386/i263_32.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akama...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7826.5654398148 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} http://officeupdate....nloads/outc.cab (Microsoft Office Tools on the Web Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\WEB\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\WEB\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/09/04 21:13:37 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\ias [2003/07/24 17:05:42 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/27 02:36:58 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/01/26 17:11:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Viewpoint
[2010/01/26 17:11:45 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Viewpoint
[2010/01/26 06:42:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/01/26 06:42:32 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/26 06:42:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/26 06:42:29 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/26 06:42:29 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/26 06:41:46 | 05,115,840 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2010/01/26 06:40:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/26 06:40:20 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/26 06:39:08 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/12/31 14:45:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2006/08/30 17:50:03 | 00,090,112 | R--- | C] ( ) -- C:\WINDOWS\System32\SCCD3X02.DLL
[2005/08/23 17:53:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2004/10/01 08:00:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2003/07/24 16:55:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2003/07/24 16:55:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2003/07/24 16:55:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/27 02:37:21 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/01/27 02:35:34 | 00,000,412 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/01/27 02:35:15 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/27 02:35:08 | 00,008,707 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/01/27 02:34:04 | 00,000,246 | ---- | M] () -- C:\WINDOWS\System\HPSYSDRV.DAT
[2010/01/27 02:33:58 | 00,000,022 | ---- | M] () -- C:\qpmd8376.bin
[2010/01/27 02:33:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/27 02:33:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/26 18:40:07 | 06,291,456 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/01/26 18:03:06 | 00,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/01/26 07:21:39 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/26 07:17:42 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/01/26 06:43:49 | 00,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2010/01/26 06:43:02 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/01/26 06:41:46 | 05,115,840 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2010/01/26 06:39:14 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/26 18:03:04 | 00,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2009/06/26 17:21:02 | 00,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2006/11/01 20:15:00 | 00,039,582 | ---- | C] () -- C:\WINDOWS\php.ini
[2006/11/01 20:11:40 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\sablot.dll
[2006/11/01 20:11:40 | 00,165,643 | ---- | C] () -- C:\WINDOWS\System32\libmhash.dll
[2006/11/01 20:11:40 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/11/01 20:11:40 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\mSQL.dll
[2006/11/01 20:11:40 | 00,047,027 | ---- | C] () -- C:\WINDOWS\System32\libintl-1.dll
[2006/11/01 20:11:39 | 00,839,680 | ---- | C] () -- C:\WINDOWS\System32\iconv.dll
[2006/11/01 20:11:39 | 00,696,320 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/01 20:11:39 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\expat.dll
[2006/08/30 17:50:03 | 00,131,072 | R--- | C] () -- C:\WINDOWS\System32\SCCD3X01.DLL
[2006/07/12 19:52:40 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/01/02 08:02:25 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/05 19:46:38 | 00,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2005/12/05 19:46:37 | 00,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2004/10/03 22:18:02 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2004/07/22 09:49:56 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/05/12 20:31:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2004/05/12 20:12:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QUICKI~1.INI
[2004/03/15 18:39:20 | 00,000,036 | ---- | C] () -- C:\WINDOWS\plugSpk.INI
[2003/10/06 12:16:00 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/09/13 08:34:42 | 00,000,202 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/09/01 17:01:01 | 00,000,102 | ---- | C] () -- C:\WINDOWS\TheMatrix.ini
[2003/07/24 17:03:06 | 00,136,192 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/07/24 16:16:44 | 00,001,125 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2003/07/24 16:16:41 | 00,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2003/07/24 16:15:25 | 00,000,809 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2003/07/24 16:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini
[2003/07/24 15:59:36 | 00,000,134 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/07/24 15:44:50 | 00,000,436 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2003/07/24 15:12:24 | 00,002,397 | ---- | C] () -- C:\WINDOWS\System32\drivers\biosread.sys
[2003/07/24 14:32:59 | 00,000,710 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/09/12 18:35:50 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2001/09/05 02:40:44 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2001/09/05 02:34:51 | 00,009,876 | ---- | C] () -- C:\WINDOWS\System32\usbbc.sys
[2001/09/05 02:12:57 | 00,000,044 | ---- | C] () -- C:\WINDOWS\fantasy2.ini
[2001/09/05 02:12:57 | 00,000,011 | ---- | C] () -- C:\WINDOWS\album.ini
[2001/09/05 02:12:57 | 00,000,008 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2001/09/05 01:51:03 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2001/09/04 21:18:27 | 00,000,775 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2001/09/04 21:08:58 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/09/04 21:01:02 | 00,000,503 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/08/23 13:00:00 | 00,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2001/08/08 07:13:22 | 00,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[2001/08/07 18:07:02 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2001/05/22 18:37:50 | 00,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2000/12/29 10:34:01 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll

========== LOP Check ==========

[2005/05/14 18:36:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2005/10/01 15:00:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2010/01/26 18:48:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/07/12 19:57:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2004/12/07 19:53:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2006/04/02 10:57:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Flickr
[2005/12/05 19:51:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FUJIFILM
[2004/05/12 20:10:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2006/11/05 21:23:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SorensonMedia
[2006/10/17 20:10:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SSH
[2005/01/06 21:07:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2006/09/26 19:10:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2003/07/24 14:17:55 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 2.job
[2003/07/24 14:17:55 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 3.job
[2009/12/31 14:36:21 | 00,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/01/01 01:00:26 | 00,000,318 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2003/07/24 14:17:54 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job
[2003/07/24 14:17:55 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/10/01 06:38:13 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/12/24 15:23:44 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/10/01 06:38:13 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/12/24 15:23:44 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\drivers\agp440.sys
[2004/08/04 00:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 00:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\AGP440.SYS
[2004/08/04 00:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\i386\AGP440.SYS
[2004/08/04 00:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0008\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2003/07/24 14:44:33 | 12,091,533 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/10/01 06:38:13 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/12/24 15:23:44 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2003/07/24 14:44:33 | 12,091,533 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2004/10/01 06:38:13 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/12/24 15:23:44 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\drivers\atapi.sys
[2004/08/03 23:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 01:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2009/02/06 12:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 12:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 01:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 01:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >
< End of report >

******* OTL Extra:
OTL Extras logfile created on: 1/27/2010 2:38:43 AM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

991.00 Mb Total Physical Memory | 547.00 Mb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1486 1486 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.85 Gb Total Space | 20.71 Gb Free Space | 63.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERIC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:UDP" = 5353:UDP:LocalSubNet:Enabled:AirPort Assistant Rendezvous Port

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Palm\HOTSYNC.EXE" = C:\Palm\HOTSYNC.EXE:*:Disabled:HotSync® Manager Application -- File not found
"C:\Program Files\hp center\137903\Program\BackWeb-137903.exe" = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe:*:Disabled:BackWeb-137903 -- ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\Common Files\AOL\1152755641\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1152755641\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\Common Files\AOL\1152755641\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1152755641\ee\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\utorrent\utorrent.exe" = C:\Program Files\utorrent\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42977380-5628-11D5-A8E1-00A0CC53785B}" = Speedway
"{50D8FFDD-90CD-4859-841F-AA1961C7767A}" = QuickTime
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{8214CC02-6271-4DC8-B8DD-779933450264}" = HP RecordNow
"{8851E12C-0EF9-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Platinum
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{934E9442-D305-4ACF-AD87-A6C11D677CB9}" = ImageMixer VCD2 for FinePix
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B40514BB-56EC-11D5-A8E1-00A0CC663B7C}" = GemMaster
"{C6AE8E1F-EC1B-11D4-A19D-00C04FA0FD08}" = Phone Link Updater
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{DADCF758-378B-4EF8-BB3F-AF60B5B6FCDD}" = AirPort
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"BackWeb-137903 Uninstaller" = hp center
"DIVXCodec" = DivX Codec 3.1alpha release
"ERUNT_is1" = ERUNT 1.1j
"HP Instant Support" = HP Instant Support
"HP Photo Printing Software" = HP Photo Printing Software
"ie8" = Windows Internet Explorer 8
"Inactive HP Printer Drivers (Remove only)" = Inactive HP Printer Drivers (Remove only)
"Inactive HP ScanJet Drivers (Remove only)" = Inactive HP ScanJet Drivers (Remove only)
"InstallShield_{DADCF758-378B-4EF8-BB3F-AF60B5B6FCDD}" = AirPort
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWASPI" = MicroStaff WINASPI
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Display Driver" = NVIDIA Display Driver
"S3 Gamma" = S3 Gamma
"S3switch2" = S3 Savage4 Family Display Switch2 Utility
"Shockwave" = Shockwave
"Sound Blaster Live!" = Sound Blaster Live!
"Tcl 8.0.5 for Windows" = Tcl 8.0.5 for Windows
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2001Setup" = Microsoft Works and Money 2001 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/7/2004 10:27:45 AM | Computer Name = ERIC | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.6353.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/18/2004 8:52:27 AM | Computer Name = ERIC | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.6353.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/19/2004 7:27:57 PM | Computer Name = ERIC | Source = TrueVector Service | ID = 5003
Description =

Error - 12/19/2004 7:27:59 PM | Computer Name = ERIC | Source = TrueVector Service | ID = 5003
Description =

Error - 1/14/2005 7:41:39 PM | Computer Name = ERIC | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 10.0.0.3646, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2005 1:45:55 PM | Computer Name = ERIC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/29/2005 10:32:25 AM | Computer Name = ERIC | Source = Application Error | ID = 1000
Description = Faulting application aim.exe, version 5.9.3690.0, faulting module
unknown, version 0.0.0.0, fault address 0x1221254f.

Error - 2/26/2005 10:40:28 AM | Computer Name = ERIC | Source = TrueVector Service | ID = 5003
Description =

Error - 2/26/2005 10:40:30 AM | Computer Name = ERIC | Source = TrueVector Service | ID = 5003
Description =

Error - 2/27/2005 10:02:49 AM | Computer Name = ERIC | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.0.0.0, faulting module
ntdll.dll, version 5.1.2600.2180, fault address 0x00011e58.

[ System Events ]
Error - 1/26/2010 8:46:53 PM | Computer Name = ERIC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/26/2010 8:46:53 PM | Computer Name = ERIC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/26/2010 8:46:53 PM | Computer Name = ERIC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/26/2010 8:46:53 PM | Computer Name = ERIC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/26/2010 8:46:53 PM | Computer Name = ERIC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/26/2010 8:46:53 PM | Computer Name = ERIC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/26/2010 8:46:53 PM | Computer Name = ERIC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/26/2010 8:46:53 PM | Computer Name = ERIC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/26/2010 8:46:54 PM | Computer Name = ERIC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/26/2010 8:46:54 PM | Computer Name = ERIC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >
  • 0

Advertisements

#2
stratec
Posted 30 January 2010 - 08:32 AM

stratec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Never mind. I looked at other posts and followed directions. I'm clean now.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP