I OTL logfile created on: 10/19/2010 9:05:32 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Sandy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,015.00 Mb Total Physical Memory | 427.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 58.81 Gb Free Space | 78.92% Space Free | Partition Type: NTFS
Computer Name: YOUR-5A66F93F18 | User Name: Sandy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Sandy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe ()
PRC - C:\WINDOWS\system32\lxeacoms.exe ( )
PRC - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Lexmark S300-S400 Series\ezprint.exe ()
PRC - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe ()
PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\IDT\WDM\STTRAY.EXE (IDT, Inc.)
PRC - c:\Program Files\IDT\WDM\STACSV.EXE (IDT, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\osk.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\msswchx.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\WINDOWS\system32\ICO.EXE (Primax Electronics Ltd.)
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Sandy\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\asOEHook.dll (Symantec Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (lxea_device) -- C:\WINDOWS\System32\lxeacoms.exe ( )
SRV - (Norton Internet Security) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (lxeaCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe ()
SRV - (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe ()
SRV - (STacSV) -- c:\Program Files\IDT\WDM\STACSV.EXE (IDT, Inc.)
========== Driver Services (SafeList) ========== DRV - (SYMREDRV) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SYMREDRV.SYS File not found
DRV - (SYMDNS) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SYMDNS.SYS File not found
DRV - (btwhid) -- C:\WINDOWS\System32\DRIVERS\btwhid.sys File not found
DRV - (BTWDNDIS) -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys File not found
DRV - (BTDriver) -- C:\WINDOWS\System32\DRIVERS\btport.sys File not found
DRV - (btaudio) -- C:\WINDOWS\System32\drivers\btaudio.sys File not found
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20101015.005\IDSXpx86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101019.022\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101019.022\NAVENG.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\ccHPx86.sys (Symantec Corporation)
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1008000.029\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SRTSP.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMFW.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NIS\1008000.029\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMIDS.SYS (Symantec Corporation)
DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SaibVd32) -- C:\WINDOWS\system32\drivers\SaibVd32.sys (Sonic Solutions)
DRV - (SahdIa32) -- C:\WINDOWS\System32\Drivers\SahdIa32.sys (Sonic Solutions)
DRV - (SaibIa32) -- C:\WINDOWS\System32\Drivers\SaibIa32.sys (Sonic Solutions)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)
DRV - (SysCow) -- C:\WINDOWS\system32\drivers\syscow32x.sys (Sonic Solutions)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (UCORESYS) -- C:\SwSetup\SP45107\UCORESYS.SYS ()
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (pelusblf) -- C:\WINDOWS\system32\drivers\PELUSBlf.SYS (Primax Electronics Ltd.)
DRV - (pelmouse) -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS (Primax Electronics Ltd.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2724955800-1548168951-689965736-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnbIE - HKU\S-1-5-21-2724955800-1548168951-689965736-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.aol.com/IE - HKU\S-1-5-21-2724955800-1548168951-689965736-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2724955800-1548168951-689965736-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 20:33:59 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2008/04/14 23:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2724955800-1548168951-689965736-1006\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-2724955800-1548168951-689965736-1006\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-2724955800-1548168951-689965736-1006\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark S300-S400 Series\ezprint.exe ()
O4 - HKLM..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IDTSysTrayApp] C:\WINDOWS\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [lxeamon.exe] C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe ()
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ICO.EXE (Primax Electronics Ltd.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\STTRAY.EXE (IDT, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2724955800-1548168951-689965736-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2724955800-1548168951-689965736-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A}
http://h20364.www2.hp.com/CSMWeb/Custom ... anager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B}
https://wimpro.cce.hp.com/ChatEntry/dow ... ysinfo.cab (SysData Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
http://download.bitdefender.com/resourc ... oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC}
https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203}
http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Sandy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sandy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1f7beea3-1b05-11df-a956-0025b345255d}\Shell\AutoRun\command - "" = D:\JDSecure\Windows\JDSecure20.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/10/19 21:02:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Desktop\Gmer
[2010/10/19 20:59:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Desktop\otel,extras.txt
[2010/10/19 20:52:53 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sandy\Desktop\OTL.exe
[2010/10/19 10:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/10/14 20:34:23 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40.dll
[2010/10/14 20:34:23 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010/10/14 20:34:22 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40u.dll
[2010/10/14 20:34:22 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/14 20:34:20 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42.dll
[2010/10/14 20:34:20 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/14 20:33:53 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/10/14 20:31:33 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2010/10/14 20:31:33 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2010/10/14 20:31:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010/10/14 20:31:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/10/14 20:31:30 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/10/14 20:31:30 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/10/14 20:31:30 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010/10/14 20:31:30 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/10/14 20:31:30 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/10/14 20:31:28 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010/10/14 20:31:28 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010/10/14 20:31:27 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/10/14 20:31:27 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/10/14 20:31:26 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010/10/14 20:31:24 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/10/14 20:31:20 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/10/14 20:31:20 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2010/10/14 20:31:20 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010/10/14 20:31:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2010/10/14 20:31:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2010/10/14 20:31:18 | 001,986,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/10/14 20:31:15 | 001,210,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/10/14 20:31:13 | 005,957,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/10/14 20:31:10 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010/10/14 20:31:10 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010/10/14 20:31:07 | 011,080,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/10/14 17:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/14 17:16:27 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2010/10/14 13:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Application Data\EurekaLog
[2010/10/14 13:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2010/10/14 13:28:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\My Documents\Anti-Malware
[2010/10/14 12:40:41 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Sandy\Desktop\HJTInstall.exe
[2010/10/14 09:45:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/10/12 23:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/10/12 23:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/10/12 21:42:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Application Data\IObit
[2010/10/12 21:07:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/10/12 21:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/10/12 20:48:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Application Data\Malwarebytes
[2010/10/12 20:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/12 20:42:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sandy\IECompatCache
[2010/10/12 19:25:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Local Settings\Application Data\Runscanner.net
[2010/07/25 15:10:49 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacoin.dll
[2009/12/07 13:19:40 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacomm.dll
[2009/05/14 15:27:12 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeapmui.dll
[2009/05/14 15:22:02 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeaserv.dll
[2009/05/14 15:19:52 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeahbn3.dll
[2009/05/14 15:18:54 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeausb1.dll
[2009/05/14 15:17:34 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeahcp.dll
[2009/05/14 15:16:20 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxealmpm.dll
[2009/05/14 15:15:48 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeaiesc.dll
[2009/05/14 15:15:38 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeainpa.dll
[2009/05/14 15:15:36 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacomc.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/10/19 21:08:38 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\BackOnTrack Instant Restore Idle.job
[2010/10/19 20:53:51 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\c4s6znsd.exe
[2010/10/19 20:53:02 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandy\Desktop\OTL.exe
[2010/10/19 20:32:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/19 20:32:24 | 1064,620,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/19 10:03:49 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\Revo Uninstaller.lnk
[2010/10/19 09:26:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/14 23:07:17 | 000,225,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/14 21:41:21 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/14 21:16:18 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/14 21:16:18 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/14 17:40:57 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\HijackThis.lnk
[2010/10/14 12:40:45 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Sandy\Desktop\HJTInstall.exe
[2010/10/14 11:56:04 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/14 09:29:32 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Sandy\Local Settings\Application Data\housecall.guid.cache
[2010/10/14 09:07:40 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/10/14 09:07:37 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/10/19 20:53:47 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\c4s6znsd.exe
[2010/10/19 10:03:49 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\Revo Uninstaller.lnk
[2010/10/14 17:56:31 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/10/14 17:20:17 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\HijackThis.lnk
[2010/10/14 17:11:49 | 1064,620,032 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/14 11:56:04 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/14 09:29:32 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Sandy\Local Settings\Application Data\housecall.guid.cache
[2010/10/14 09:07:39 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/10/14 09:07:36 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/07/25 15:10:37 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxeajswr.dll
[2010/07/25 15:10:36 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxeains.dll
[2010/07/25 15:10:36 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxeainsb.dll
[2010/07/25 15:10:33 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxeagcfg.dll
[2010/07/25 15:10:30 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxeacuir.dll
[2010/07/25 15:10:30 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxeacur.dll
[2010/07/25 15:10:29 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxeacui.dll
[2010/07/25 15:10:28 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxeacu.dll
[2010/03/23 14:25:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure20.INI
[2009/12/07 13:19:59 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\System32\lxearwrd.ini
[2009/12/07 13:19:57 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\LXEAinst.dll
[2009/07/27 10:38:50 | 000,004,734 | ---- | C] () -- C:\Documents and Settings\Sandy\Application Data\wklnhst.dat
[2009/07/19 15:51:29 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/07/19 15:14:01 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Definition Bundle
[2009/07/19 15:14:01 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Sandy\Application Data\CustomDataViews
[2009/07/19 15:14:01 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/07/19 14:50:45 | 000,000,612 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/07/19 14:41:45 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2009/07/19 14:41:44 | 000,007,731 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2009/07/02 21:23:29 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/22 07:59:46 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxeainsr.dll
[2009/05/22 07:58:42 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxeacub.dll
[2009/05/22 07:58:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxeagrd.dll
[2009/03/05 01:45:26 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/03/05 01:22:58 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/02/20 09:48:44 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\lxeasmr.dll
[2009/02/20 09:48:04 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\lxeasm.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/06/24 12:48:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/24 12:12:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/05 03:55:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxeavs.dll
[2008/01/14 18:47:06 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
< End of report >
OTL Extras logfile created on: 10/19/2010 9:05:32 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Sandy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,015.00 Mb Total Physical Memory | 427.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 58.81 Gb Free Space | 78.92% Space Free | Partition Type: NTFS
Computer Name: YOUR-5A66F93F18 | User Name: Sandy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\WINDOWS\system32\lxeacoms.exe" = C:\WINDOWS\system32\lxeacoms.exe:*:Enabled:S300-S400 Series Server -- ( )
"C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe" = C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader -- (ABBYY (BIT Software))
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0517F875-BBB2-4812-A63E-733B33CEF215}" = Roxio Instant Restore
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 19
"{275E7C8F-5407-4E2D-9506-0DC5BC59B14E}" = MigoMobile DESKTOP 4
"{2B682751-E749-441C-A4B3-1F538E26E56E}" = Roxio Instant Restore Recovery Disk
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32F9BACF-FCD3-4B6A-AD85-255A449B6FA5}" = Roxio BackOnTrack
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2AF17E-94F0-4F22-943D-216CE46AC502}" = HP Mobile Broadband Setup Utility
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 2.10 A2
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{87A83C6F-F53C-448A-B078-FF00E3EAEB29}" = Roxio Disaster Recovery
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B5B25043-42A0-4490-A425-C7A6284213E6}" = HP User Guides 0130
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"4F46AE07E545B0E89F0ECDA2928DE11652D170CF" = Windows Driver Package - MicroVision (Mvc25U870_VID_1262&PID_25FD) Image (01/14/2006 1.0.1.7)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AIM_6" = AIM 6
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HitmanPro35" = Hitman Pro 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Lexmark S300-S400 Series" = Lexmark S300-S400 Series
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Mouse Suite
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Revo Uninstaller" = Revo Uninstaller 1.90
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 7/22/2010 8:28:02 AM | Computer Name = YOUR-5A66F93F18 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 7/22/2010 8:28:02 AM | Computer Name = YOUR-5A66F93F18 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 10/12/2010 10:08:10 PM | Computer Name = YOUR-5A66F93F18 | Source = IS360srv.exe | ID = 0
Description =
Error - 10/14/2010 6:54:49 PM | Computer Name = YOUR-5A66F93F18 | Source = RstIdle | ID = 0
Description =
Error - 10/15/2010 1:18:41 AM | Computer Name = YOUR-5A66F93F18 | Source = RstIdle | ID = 0
Description =
[ System Events ]
Error - 10/15/2010 8:09:27 AM | Computer Name = YOUR-5A66F93F18 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxeaCATSCustConnectService
service to connect.
Error - 10/15/2010 8:09:27 AM | Computer Name = YOUR-5A66F93F18 | Source = Service Control Manager | ID = 7000
Description = The lxeaCATSCustConnectService service failed to start due to the
following error: %%1053
Error - 10/15/2010 1:51:12 PM | Computer Name = YOUR-5A66F93F18 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxeaCATSCustConnectService
service to connect.
Error - 10/15/2010 1:51:12 PM | Computer Name = YOUR-5A66F93F18 | Source = Service Control Manager | ID = 7000
Description = The lxeaCATSCustConnectService service failed to start due to the
following error: %%1053
Error - 10/19/2010 10:26:46 AM | Computer Name = YOUR-5A66F93F18 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxeaCATSCustConnectService
service to connect.
Error - 10/19/2010 10:26:46 AM | Computer Name = YOUR-5A66F93F18 | Source = Service Control Manager | ID = 7000
Description = The lxeaCATSCustConnectService service failed to start due to the
following error: %%1053
Error - 10/19/2010 8:04:03 PM | Computer Name = YOUR-5A66F93F18 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxeaCATSCustConnectService
service to connect.
Error - 10/19/2010 8:04:03 PM | Computer Name = YOUR-5A66F93F18 | Source = Service Control Manager | ID = 7000
Description = The lxeaCATSCustConnectService service failed to start due to the
following error: %%1053
Error - 10/19/2010 9:32:39 PM | Computer Name = YOUR-5A66F93F18 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxeaCATSCustConnectService
service to connect.
Error - 10/19/2010 9:32:39 PM | Computer Name = YOUR-5A66F93F18 | Source = Service Control Manager | ID = 7000
Description = The lxeaCATSCustConnectService service failed to start due to the
following error: %%1053
< End of report >
GMER 1.0.15.15477 -
http://www.gmer.netRootkit scan 2010-10-19 22:53:44
Windows 5.1.2600 Service Pack 3
Running: c4s6znsd.exe; Driver: C:\DOCUME~1\Sandy\LOCALS~1\Temp\axrorpow.sys
---- System - GMER 1.0.15 ----
SSDT 85F06740 ZwAlertResumeThread
SSDT 861153B0 ZwAlertThread
SSDT 85C65628 ZwAllocateVirtualMemory
SSDT 85A641B8 ZwAssignProcessToJobObject
SSDT 86023118 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAA4E6130]
SSDT 85C462B8 ZwCreateMutant
SSDT 85F37788 ZwCreateSymbolicLinkObject
SSDT 860D7A00 ZwCreateThread
SSDT 860C32C0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAA4E63B0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAA4E6910]
SSDT 85C657C0 ZwDuplicateObject
SSDT 85ED14D0 ZwFreeVirtualMemory
SSDT 85F17E38 ZwImpersonateAnonymousToken
SSDT 85ED4950 ZwImpersonateThread
SSDT 85EE8440 ZwLoadDriver
SSDT 85C692B0 ZwMapViewOfSection
SSDT 85BE5138 ZwOpenEvent
SSDT 860D71B8 ZwOpenProcess
SSDT 85F33428 ZwOpenProcessToken
SSDT 860BF750 ZwOpenSection
SSDT 860D70A8 ZwOpenThread
SSDT 85EC5640 ZwProtectVirtualMemory
SSDT 85ED77D8 ZwResumeThread
SSDT 85F87800 ZwSetContextThread
SSDT 85C5C378 ZwSetInformationProcess
SSDT 85C511C8 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAA4E6B60]
SSDT 85BB3138 ZwSuspendProcess
SSDT 85EEB2A8 ZwSuspendThread
SSDT 85F32190 ZwTerminateProcess
SSDT 860FC1E8 ZwTerminateThread
SSDT 85A2F140 ZwUnmapViewOfSection
SSDT 860BF7C0 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
? SYMEFA.SYS The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3936] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3936] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3936] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3936] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3936] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3936] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3936] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3936] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3936] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3936] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3936] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3936] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3936] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3936] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3936] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 SaibIa32.sys (Disk Filter Driver/Sonic Solutions)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- EOF - GMER 1.0.15 ----
The 3 anti-spyware programs that were indicated, were removed before running the above logs.