[Solved] XP Antivirus 2012 malware and Google Redirect

Halfday24 · Dec 12, 2011

I'm glad to hear it's looking better. I don't have access to the computer right now, but will be able to run the OTL app in about 5 hours. I will post the logs for you to review when I finish.

Broni · Dec 12, 2011

No problem

Halfday24 · Dec 12, 2011

OTL logfile created on: 12/12/2011 5:51:02 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Lorrie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.40% Memory free
3.84 Gb Paging File | 3.36 Gb Available in Paging File | 87.54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 133.04 Gb Total Space | 110.52 Gb Free Space | 83.08% Space Free | Partition Type: NTFS
Drive D: | 16.00 Gb Total Space | 10.69 Gb Free Space | 66.82% Space Free | Partition Type: NTFS

Computer Name: PH10-22-2009 | User Name: Lorrie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/12 17:48:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lorrie\Desktop\OTL.exe
PRC - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\windows\system32\mfevtps.exe
PRC - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/09/16 17:38:10 | 001,318,552 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/11/13 05:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/06/18 10:29:12 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\windows\explorer.exe
PRC - [2008/03/27 09:13:23 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2600 Series\ezprint.exe
PRC - [2008/03/27 09:13:18 | 000,660,136 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
PRC - [2008/02/27 17:07:26 | 000,594,600 | ---- | M] ( ) -- C:\windows\system32\lxdncoms.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/07/10 11:53:08 | 000,872,448 | ---- | M] () -- C:\windows\SMINST\Scheduler.exe

========== Modules (No Company Name) ==========

MOD - [2008/03/27 09:13:18 | 000,660,136 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
MOD - [2008/03/14 23:34:14 | 000,782,336 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdndrs.dll
MOD - [2008/03/14 23:33:42 | 000,380,928 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdnscw.dll
MOD - [2008/02/27 05:05:40 | 000,115,200 | ---- | M] () -- C:\windows\system32\spool\prtprocs\w32x86\lxdndrpp.dll
MOD - [2007/11/20 18:02:39 | 000,782,336 | ---- | M] () -- C:\windows\system32\lxdndrs.dll
MOD - [2007/11/20 17:44:48 | 000,081,920 | ---- | M] () -- C:\windows\system32\lxdncaps.dll
MOD - [2007/11/20 17:44:48 | 000,081,920 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdncaps.dll
MOD - [2007/10/12 20:24:46 | 000,364,544 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\iptk.dll
MOD - [2007/10/02 16:51:09 | 000,069,632 | ---- | M] () -- C:\windows\system32\lxdncnv4.dll
MOD - [2007/10/02 16:51:09 | 000,069,632 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdncnv4.dll
MOD - [2007/05/29 09:39:08 | 000,589,824 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdndatr.dll
MOD - [2006/07/10 11:53:08 | 000,872,448 | ---- | M] () -- C:\windows\SMINST\Scheduler.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\windows\system32\mfevtps.exe -- (mfevtp)
SRV - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/06/23 14:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/11/13 05:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/06/18 10:29:12 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008/02/27 17:07:26 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdncoms.exe -- (lxdn_device)
SRV - [2008/02/27 17:07:14 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - [2011/10/15 13:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/10/15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\windows\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/10/15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\windows\system32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2011/10/15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\windows\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/10/15 13:16:16 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\windows\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/10/15 13:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\windows\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/10/15 13:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\windows\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/10/15 13:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/10/15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\windows\system32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2011/10/15 13:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\windows\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2009/06/11 17:34:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 19:04:34 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2008/04/13 19:04:32 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2008/04/13 19:04:30 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2008/04/13 19:04:30 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2008/04/13 19:04:30 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2008/04/13 19:04:30 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2008/04/13 19:04:30 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2008/04/13 19:04:30 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2008/04/13 19:04:28 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2008/04/13 19:04:28 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2008/04/13 19:04:28 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2008/04/13 19:04:28 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2008/04/13 19:04:28 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2008/04/13 19:04:28 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2008/04/13 19:04:28 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2008/01/04 00:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\windows\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/11/06 19:23:56 | 004,622,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\windows\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\windows\system32\drivers\regi.sys -- (regi)
DRV - [2007/01/24 12:28:00 | 000,080,128 | ---- | M] (OEM) [Kernel | System | Running] -- C:\windows\system32\drivers\oxpar.sys -- (oxpar)
DRV - [2007/01/24 12:28:00 | 000,070,784 | ---- | M] (OEM) [Kernel | On_Demand | Running] -- C:\windows\system32\drivers\oxser.sys -- (oxser)
DRV - [2007/01/24 12:28:00 | 000,021,888 | ---- | M] (OEM) [Kernel | On_Demand | Running] -- C:\windows\system32\drivers\oxmf.sys -- (oxmf)
DRV - [2007/01/24 12:28:00 | 000,005,888 | ---- | M] (OEM) [Kernel | On_Demand | Running] -- C:\windows\system32\drivers\oxmfuf.sys -- (Oxmfuf)
DRV - [2002/04/04 08:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2001/08/17 12:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\ADM8511.SYS -- (ADM8511)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-21-765832434-3566525949-56134348-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.aol.com/
IE - HKU\S-1-5-21-765832434-3566525949-56134348-1009\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-765832434-3566525949-56134348-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://my.screenname.aol.com/"

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/10 16:11:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011/12/12 17:44:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6173\FF\

[2011/02/28 21:52:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lorrie\Application Data\Mozilla\Firefox\Profiles\i6dq6qdt.default\extensions
[2011/02/28 21:52:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Lorrie\Application Data\Mozilla\Firefox\Profiles\i6dq6qdt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\DANISH@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\DE-DE-COMB@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\EN-AU@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\ES-AR@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\ES-ES@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\FI@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\FR@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\FR-FR@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\IT-IT@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-DA@FIREFOX.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-DE@FIREFOX.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-EN-GB@FIREFOX.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-ES-AR@FIREFOX.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-ES-ES@FIREFOX.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-FI@FIREFOX.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-FR@FIREFOX.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-HU@FIREFOX.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-IT@FIREFOX.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-JA@FIREFOX.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-KO@FIREFOX.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-NL@FIREFOX.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-PL@FIREFOX.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-PT-PT@FIREFOX.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-RU@FIREFOX.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\NL-NL@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\PL@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\PT-PT@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\RU@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\SL@DICTIONARIES.ADDONS.MOZILLA.ORG

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\gears.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.131.2_0\McChPlg.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: SiteAdvisor = C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\
CHR - Extension: Poppit = C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/12/12 07:58:19 | 000,000,027 | ---- | M]) - C:\windows\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111109160617.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Recguard] C:\windows\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\windows\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\windows\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-765832434-3566525949-56134348-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-765832434-3566525949-56134348-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-765832434-3566525949-56134348-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-765832434-3566525949-56134348-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{796C7FDE-68DC-4BE8-A52E-A4488C5916E8}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\windows\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Lorrie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lorrie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\windows\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\windows\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/12 17:48:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lorrie\Desktop\OTL.exe
[2011/12/12 17:43:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/12/12 08:00:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/12/12 07:23:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/12 07:23:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/12 07:23:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/12 07:23:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/12 07:23:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/12 07:23:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lorrie\My Documents\My Videos
[2011/12/12 07:23:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lorrie\Start Menu\Programs\Administrative Tools
[2011/12/12 07:03:48 | 004,336,613 | R--- | C] (Swearware) -- C:\Documents and Settings\Lorrie\Desktop\ComboFix.exe
[2011/12/11 23:27:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lorrie\Desktop\bootkit_remover
[2011/12/11 22:51:59 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Lorrie\Desktop\aswMBR.exe
[2011/12/11 13:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lorrie\Desktop\Malware downloads
[2011/12/11 01:04:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/12/11 00:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lorrie\Desktop\New Folder
[2011/12/11 00:53:24 | 013,474,504 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Lorrie\Desktop\SUPERAntiSpyware.exe
[2011/12/11 00:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hitman Pro 3.5
[2011/12/11 00:20:57 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/12/11 00:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/12/11 00:19:06 | 006,480,192 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Lorrie\Desktop\HitmanPro35.exe
[2011/12/10 22:12:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/10 21:46:49 | 000,000,000 | ---D | C] -- C:\LORRIE TEMP BAD
[2011/12/10 20:18:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/10 20:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/11/30 22:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lorrie\My Documents\My Digital Editions
[2011/11/30 22:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
[2009/10/26 21:48:59 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDNhcp.dll
[2008/02/27 17:07:28 | 000,320,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnih.exe
[2008/02/27 17:07:26 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncoms.exe
[2008/02/27 17:07:23 | 000,365,224 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncfg.exe
[2007/11/28 17:19:08 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnpmui.dll
[2007/11/28 17:16:04 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnserv.dll
[2007/11/28 17:13:37 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnlmpm.dll
[2007/11/28 17:13:30 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdniesc.dll
[2007/11/28 17:13:22 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomm.dll
[2007/11/28 17:12:26 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnhbn3.dll
[2007/11/28 17:12:07 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnusb1.dll
[2007/11/28 17:11:47 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomc.dll
[2007/11/28 17:10:51 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnprox.dll
[2007/11/28 17:09:17 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdninpa.dll

Halfday24 · Dec 12, 2011

- OTL.txt continued -

========== Files - Modified Within 30 Days ==========

[2011/12/12 17:48:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lorrie\Desktop\OTL.exe
[2011/12/12 17:43:51 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/12/12 17:40:58 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/12 17:40:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/12 07:58:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/12 07:34:03 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-765832434-3566525949-56134348-1009UA.job
[2011/12/12 07:04:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/12 07:03:54 | 004,336,613 | R--- | M] (Swearware) -- C:\Documents and Settings\Lorrie\Desktop\ComboFix.exe
[2011/12/12 06:59:05 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Lorrie\Desktop\MBR.dat
[2011/12/11 23:26:12 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\Lorrie\Desktop\bootkit_remover.zip
[2011/12/11 22:52:02 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Lorrie\Desktop\aswMBR.exe
[2011/12/11 22:34:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-765832434-3566525949-56134348-1009Core.job
[2011/12/11 21:02:44 | 000,013,332 | -HS- | M] () -- C:\Documents and Settings\Lorrie\Local Settings\Application Data\51q1x325g7yxn5t42h4wy
[2011/12/11 21:02:44 | 000,013,332 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\51q1x325g7yxn5t42h4wy
[2011/12/11 01:56:04 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/12/11 00:53:37 | 013,474,504 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Lorrie\Desktop\SUPERAntiSpyware.exe
[2011/12/11 00:47:48 | 000,010,850 | ---- | M] () -- C:\Documents and Settings\Lorrie\My Documents\Hitman log.xml
[2011/12/11 00:20:58 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/12/11 00:19:06 | 006,480,192 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Lorrie\Desktop\HitmanPro35.exe
[2011/12/10 22:25:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/10 20:42:53 | 000,012,816 | -HS- | M] () -- C:\Documents and Settings\Lorrie\Local Settings\Application Data\5q77xb5p14p437
[2011/12/10 20:42:53 | 000,012,816 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\5q77xb5p14p437
[2011/12/07 20:23:42 | 000,001,728 | -H-- | M] () -- C:\Documents and Settings\Lorrie\My Documents\Default.rdp
[2011/11/30 22:45:39 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Digital Editions.lnk
[2011/11/25 09:43:52 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Lorrie\Desktop\Google Chrome.lnk
[2011/11/25 09:43:52 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Lorrie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2011/12/12 07:23:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/12 07:23:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/12 07:23:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/12 07:23:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/12 07:23:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/12 06:59:05 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Lorrie\Desktop\MBR.dat
[2011/12/11 23:26:11 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\Lorrie\Desktop\bootkit_remover.zip
[2011/12/11 19:35:42 | 000,013,332 | -HS- | C] () -- C:\Documents and Settings\Lorrie\Local Settings\Application Data\51q1x325g7yxn5t42h4wy
[2011/12/11 19:35:42 | 000,013,332 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\51q1x325g7yxn5t42h4wy
[2011/12/11 00:47:48 | 000,010,850 | ---- | C] () -- C:\Documents and Settings\Lorrie\My Documents\Hitman log.xml
[2011/12/11 00:20:58 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/12/11 00:20:58 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/12/10 20:20:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/10 20:07:54 | 000,012,816 | -HS- | C] () -- C:\Documents and Settings\Lorrie\Local Settings\Application Data\5q77xb5p14p437
[2011/12/10 20:07:54 | 000,012,816 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5q77xb5p14p437
[2011/11/30 22:45:39 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Digital Editions.lnk
[2011/11/30 22:45:39 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Digital Editions.lnk
[2011/04/24 00:00:02 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Lorrie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/28 21:33:28 | 000,000,731 | ---- | C] () -- C:\WINDOWS\System32\McOEMAppRules.dat
[2010/06/08 20:26:50 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/10/26 21:49:03 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdnrwrd.ini
[2009/10/26 21:48:59 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDNinst.dll
[2009/10/26 21:47:25 | 000,348,160 | R--- | C] () -- C:\WINDOWS\System32\lxdncoin.dll
[2009/10/07 20:50:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/10/07 20:31:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/10/07 20:13:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
[2009/04/06 09:00:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/06 08:51:50 | 000,492,132 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/06 08:51:50 | 000,090,696 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/06 08:48:38 | 000,274,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/06 08:40:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/06 08:35:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/14 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/02/07 14:13:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdngrd.dll
[2007/11/28 11:51:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdnvs.dll
[2007/11/20 18:02:39 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdndrs.dll
[2007/11/20 17:44:48 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdncaps.dll
[2007/10/02 16:51:09 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdncnv4.dll
[2002/05/28 10:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 10:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/05/08 12:12:22 | 000,000,790 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

========== LOP Check ==========

[2010/04/07 14:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/02/28 06:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Foxit Software
[2010/06/08 20:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2009/10/07 20:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2010/03/29 12:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TomTom
[2011/12/11 01:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/12/08 00:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDFC
[2010/03/29 12:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/10/07 20:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2009/10/07 20:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2011/02/28 20:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lorrie\Application Data\Foxit Software
[2009/10/07 20:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lorrie\Application Data\SampleView
[2009/10/07 20:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\SampleView

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/03/23 08:23:20 | 000,051,465 | ---- | M] () -- C:\AR00007168ARR001.J01
[2009/10/26 18:19:02 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/12/10 22:25:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/12/12 08:00:54 | 000,012,214 | ---- | M] () -- C:\ComboFix.txt
[2011/02/27 20:52:23 | 000,020,734 | ---- | M] () -- C:\JavaRa.log
[2010/03/25 11:59:18 | 000,030,720 | ---- | M] () -- C:\Mary Zylka Resume.doc
[2008/04/14 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 03:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/12/12 17:40:03 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/04/06 08:40:04 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/02/27 05:05:40 | 000,115,200 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdndrpp.dll
[2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >
[2007/02/12 15:58:11 | 000,473,403 | ---- | M] () -- C:\WINDOWS\HP2_1024x768.jpg
[2008/03/25 17:38:54 | 000,152,632 | ---- | M] () -- C:\WINDOWS\HP3_1024x768.jpg

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/04/06 01:24:55 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/04/06 01:24:55 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/04/06 01:24:55 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/04/06 08:41:31 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2009/10/07 20:40:05 | 000,000,152 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\BCM_DropUserDatabases.txt

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/02/28 20:38:50 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Lorrie\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/04/06 08:50:34 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Lorrie\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/12/11 22:52:02 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Lorrie\Desktop\aswMBR.exe
[2011/12/12 07:03:54 | 004,336,613 | R--- | M] (Swearware) -- C:\Documents and Settings\Lorrie\Desktop\ComboFix.exe
[2011/12/11 00:19:06 | 006,480,192 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Lorrie\Desktop\HitmanPro35.exe
[2011/12/12 17:48:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lorrie\Desktop\OTL.exe
[2011/12/11 00:53:37 | 013,474,504 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Lorrie\Desktop\SUPERAntiSpyware.exe
[2011/02/26 19:38:21 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lorrie\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/02/28 20:38:50 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Lorrie\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/12/10 21:27:33 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\FastPics.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/11/06 07:15:41 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Lorrie\Cookies\desktop.ini
[2011/12/12 17:48:32 | 000,196,608 | -HS- | M] () -- C:\Documents and Settings\Lorrie\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/14 03:00:00 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 03:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2007/04/03 03:37:24 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2007/04/03 03:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 08:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/14 03:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 09:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/03 03:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/03 03:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/03 03:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007/04/03 03:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/03 03:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >

Halfday24 · Dec 12, 2011

OTL Extras logfile created on: 12/12/2011 5:51:02 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Lorrie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.40% Memory free
3.84 Gb Paging File | 3.36 Gb Available in Paging File | 87.54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 133.04 Gb Total Space | 110.52 Gb Free Space | 83.08% Space Free | Partition Type: NTFS
Drive D: | 16.00 Gb Total Space | 10.69 Gb Free Space | 66.82% Space Free | Partition Type: NTFS

Computer Name: PH10-22-2009 | User Name: Lorrie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"C:\windows\system32\lxdncoms.exe" = C:\windows\system32\lxdncoms.exe:*:Enabled:2600 Series Server -- ( )
"C:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe" = C:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe:*:Enabledrinter Status Window Interface -- ()
"C:\Program Files\Lexmark 2600 Series\lxdnmon.exe" = C:\Program Files\Lexmark 2600 Series\lxdnmon.exe:*:Enabledrinter Device Monitor -- ()
"C:\windows\system32\spool\drivers\w32x86\3\lxdnjswx.exe" = C:\windows\system32\spool\drivers\w32x86\3\lxdnjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\windows\system32\spool\drivers\w32x86\3\lxdntime.exe" = C:\windows\system32\spool\drivers\w32x86\3\lxdntime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\Program Files\Lexmark 2600 Series\lxdnlscn.exe" = C:\Program Files\Lexmark 2600 Series\lxdnlscn.exe:*:Enabled: -- ()
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{4571CC76-42C4-7D67-E024-0AEB166E1C6F}" = Acrobat.com
"{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Digital Editions" = Adobe Digital Editions
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HitmanPro35" = Hitman Pro 3.5
"ie8" = Windows Internet Explorer 8
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"Lexmark 2600 Series" = Lexmark 2600 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSC" = McAfee AntiVirus Plus
"PDF Complete" = PDF Complete Special Edition
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Winmail Opener" = Winmail Opener 1.4
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-765832434-3566525949-56134348-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/12/2011 7:40:33 PM | Computer Name = PH10-22-2009 | Source = MSSQL$MSSMLBIZ | ID = 17049
Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG.5' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.6'
due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 12/12/2011 7:40:33 PM | Computer Name = PH10-22-2009 | Source = MSSQL$MSSMLBIZ | ID = 17049
Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG.4' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.5'
due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 12/12/2011 7:40:33 PM | Computer Name = PH10-22-2009 | Source = MSSQL$MSSMLBIZ | ID = 17049
Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG.3' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.4'
due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 12/12/2011 7:40:33 PM | Computer Name = PH10-22-2009 | Source = MSSQL$MSSMLBIZ | ID = 17049
Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG.2' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.3'
due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 12/12/2011 7:40:34 PM | Computer Name = PH10-22-2009 | Source = MSSQL$MSSMLBIZ | ID = 17049
Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG.1' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.2'
due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 12/12/2011 7:40:34 PM | Computer Name = PH10-22-2009 | Source = MSSQL$MSSMLBIZ | ID = 17049
Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.1'
due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 12/12/2011 7:40:50 PM | Computer Name = PH10-22-2009 | Source = MSSQL$MSSMLBIZ | ID = 17207
Description = FCB::Open: Operating system error 5(Access is denied.) occurred while
creating or opening file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 12/12/2011 7:40:50 PM | Computer Name = PH10-22-2009 | Source = MSSQL$MSSMLBIZ | ID = 17204
Description = FCB::Open failed: Could not open file c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\DATA\master.mdf for file number 1. OS error: 5(Access is
denied.).

Error - 12/12/2011 7:40:50 PM | Computer Name = PH10-22-2009 | Source = MSSQL$MSSMLBIZ | ID = 17207
Description = FCB::Open: Operating system error 5(Access is denied.) occurred while
creating or opening file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 12/12/2011 7:40:50 PM | Computer Name = PH10-22-2009 | Source = MSSQL$MSSMLBIZ | ID = 17204
Description = FCB::Open failed: Could not open file c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\DATA\mastlog.ldf for file number 2. OS error: 5(Access is
denied.).

[ OSession Events ]
Error - 3/31/2010 4:15:41 AM | Computer Name = PH10-22-2009 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 18100
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/12/2011 9:33:01 AM | Computer Name = PH10-22-2009 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService
service to connect.

Error - 12/12/2011 9:33:01 AM | Computer Name = PH10-22-2009 | Source = Service Control Manager | ID = 7000
Description = The lxdnCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 12/12/2011 9:33:01 AM | Computer Name = PH10-22-2009 | Source = Service Control Manager | ID = 7024
Description = The SQL Server (MSSMLBIZ) service terminated with service-specific
error 3417 (0xD59).

Error - 12/12/2011 9:38:16 AM | Computer Name = PH10-22-2009 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Microsoft SQL Server 2005 Express Edition Service Pack 4
(KB2463332).

Error - 12/12/2011 9:48:59 AM | Computer Name = PH10-22-2009 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService
service to connect.

Error - 12/12/2011 9:48:59 AM | Computer Name = PH10-22-2009 | Source = Service Control Manager | ID = 7000
Description = The lxdnCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 12/12/2011 9:48:59 AM | Computer Name = PH10-22-2009 | Source = Service Control Manager | ID = 7024
Description = The SQL Server (MSSMLBIZ) service terminated with service-specific
error 3417 (0xD59).

Error - 12/12/2011 7:40:55 PM | Computer Name = PH10-22-2009 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService
service to connect.

Error - 12/12/2011 7:40:55 PM | Computer Name = PH10-22-2009 | Source = Service Control Manager | ID = 7000
Description = The lxdnCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 12/12/2011 7:40:55 PM | Computer Name = PH10-22-2009 | Source = Service Control Manager | ID = 7024
Description = The SQL Server (MSSMLBIZ) service terminated with service-specific
error 3417 (0xD59).

< End of report >

Broni · Dec 12, 2011

Any current issues?
.
Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
[2011/12/11 21:02:44 | 000,013,332 | -HS- | M] () -- C:\Documents and Settings\Lorrie\Local Settings\Application Data\51q1x325g7yxn5t42h4wy
[2011/12/11 21:02:44 | 000,013,332 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\51q1x325g7yxn5t42h4wy
[2011/12/10 20:42:53 | 000,012,816 | -HS- | M] () -- C:\Documents and Settings\Lorrie\Local Settings\Application Data\5q77xb5p14p437
[2011/12/10 20:42:53 | 000,012,816 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\5q77xb5p14p437


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
===========================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Halfday24 · Dec 12, 2011

McAfee alert: "Potentially Unwanted Program Blocked". Name: Tool-NirCmd It was quarantined from C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B4513DA5B5D}\RP699\A0032668.exe
I have the option to Remove, Allow or Close.
What should I do with this?

Halfday24 · Dec 12, 2011

When I have AOL open, and I open a message to read it, I get a pop up that says:
Data Execution Prevention-Microsoft Windows
To help protect your computer, Windows has closed this program.
Internet Explorer.
It closes AOL (but keeps the tab open that I'm using for Techspot).

Halfday24 · Dec 12, 2011

All processes killed
========== OTL ==========
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
C:\Documents and Settings\Lorrie\Local Settings\Application Data\51q1x325g7yxn5t42h4wy moved successfully.
C:\Documents and Settings\All Users\Application Data\51q1x325g7yxn5t42h4wy moved successfully.
C:\Documents and Settings\Lorrie\Local Settings\Application Data\5q77xb5p14p437 moved successfully.
C:\Documents and Settings\All Users\Application Data\5q77xb5p14p437 moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Lorrie
->Temp folder emptied: 743827 bytes
->Temporary Internet Files folder emptied: 17148903 bytes
->Java cache emptied: 33555 bytes
->Google Chrome cache emptied: 24134347 bytes
->Flash cache emptied: 456 bytes

User: Master
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 9732230 bytes
->Java cache emptied: 45408 bytes
->Flash cache emptied: 50380 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 50.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: Lorrie
->Flash cache emptied: 0 bytes

User: Master
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 12122011_194146

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Halfday24 · Dec 12, 2011

I'm trying to download the security check app, but it stalls out half way through loading the page. It appears Internet Explorer is having issues. I've tried turning off McAfee Anti-virus and Firewall.
Any suggestions?

Broni · Dec 12, 2011

McAfee is so annoying with all those false positives.

Uploaded SecurityCheck for you here: http://www.filedropper.com/securitycheck

Halfday24 · Dec 12, 2011

Thank you! Got it. Here is the log. I will run the other scans now.

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
McAfee AntiVirus Plus
McAfee Virtual Technician
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Java(TM) 6 Update 7
Out of date Java installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
mcafee VIRUSS~1 mcvsshld.exe
``````````End of Log````````````

Broni · Dec 12, 2011

Cool

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

Halfday24 · Dec 13, 2011

I updated Java, and uninstalled the older versions. I then ran the ESET online virus scan. This is that log.

C:\Qoobox\Quarantine\C\windows\system32\Drivers\mrxsmb.sys.vir a variant of Win32/Rootkit.Kryptik.GG trojan cleaned by deleting - quarantined

Do I need to uninstall the ESET so it doesn't interfere with the McAfee?
What is my next step. I haven't tried Google search yet. I'm waiting for your direction.

Broni · Dec 13, 2011

You can uninstall Eset.

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

Halfday24 · Dec 13, 2011

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Lorrie
->Temp folder emptied: 142506 bytes
->Temporary Internet Files folder emptied: 16542435 bytes
->Java cache emptied: 2027 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 991 bytes

User: Master
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 16.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: Lorrie
->Flash cache emptied: 0 bytes

User: Master
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 12132011_000310

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Halfday24 · Dec 13, 2011

When I go into my System Restore, there aren't any restore points. Should I create one now? Also, I keep getting a pop-up for jusched.exe has encountered a problem and needs to close. We are sorry for the inconvenience. Is that the java updater? What do I do about that?

Halfday24 · Dec 13, 2011

It looks like things are working correctly. Thank you so much for your assistance. I will let you know if I encounter any other odd behaviors.

Broni · Dec 13, 2011

You should have just one there.
If it's not there create new one manually.

Then...
Disable jusched.exe as a startup: http://www.howtogeek.com/howto/windows-vista/what-is-juschedexe-and-why-is-it-running/

Good luck and stay safe

TechSpot

[Solved] XP Antivirus 2012 malware and Google Redirect

Halfday24 Newcomer, in training

Broni Malware Annihilator

Halfday24 Newcomer, in training

Halfday24 Newcomer, in training

Halfday24 Newcomer, in training

Broni Malware Annihilator

Halfday24 Newcomer, in training

Halfday24 Newcomer, in training

Halfday24 Newcomer, in training

Halfday24 Newcomer, in training

Broni Malware Annihilator

Halfday24 Newcomer, in training

Broni Malware Annihilator

Halfday24 Newcomer, in training

Broni Malware Annihilator

Halfday24 Newcomer, in training

Halfday24 Newcomer, in training

Halfday24 Newcomer, in training

Broni Malware Annihilator