TechSpot

XP Antivirus 2012 malware and Google Redirect

By Halfday24
Dec 11, 2011
  1. Hello:
    I am running Windows XP Pro sp3.
    I have acquired some malware that I would appreciate your assistance removing from my computer. I ran the Malwarebytes, Gmer, and DDS apps and will include the logs below. However, I believe the Malwarebytes log does not show the fake alert. The first time I ran it, I was able to remove it, however, it's back and now I am not able to run Malwarebytes.

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8351

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/11/2011 1:41:03 PM
    mbam-log-2011-12-11 (13-41-03).txt

    Scan type: Quick scan
    Objects scanned: 208925
    Time elapsed: 9 minute(s), 51 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-12-11 14:28:14
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160318AS rev.HP34
    Running: se77ficd.exe; Driver: C:\DOCUME~1\Lorrie\LOCALS~1\Temp\kfddyfog.sys


    ---- System - GMER 1.0.15 ----

    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9EAA4C0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9EAA4D4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9EAA500]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9EAA556]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9EAA4AC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9EAA484]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9EAA498]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9EAA4EA]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9EAA52C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9EAA516]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9EAA580]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9EAA56C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9EAA540]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    ---- EOF - GMER 1.0.15 ----


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/26/2009 7:19:30 PM
    System Uptime: 12/11/2011 1:21:42 PM (0 hours ago)

    Motherboard: PEGATRON CORPORATION | | 2A73h
    Processor: Intel Pentium III Xeon processor | CPU 1 | 2933/1066mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 133 GiB total, 109.951 GiB free.
    D: is FIXED (NTFS) - 16 GiB total, 10.692 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP605: 9/13/2011 3:00:16 AM - Software Distribution Service 3.0
    RP606: 9/14/2011 3:00:17 AM - Software Distribution Service 3.0
    RP607: 9/15/2011 3:49:22 AM - System Checkpoint
    RP608: 9/16/2011 3:00:17 AM - Software Distribution Service 3.0
    RP609: 9/17/2011 4:00:07 AM - System Checkpoint
    RP610: 9/18/2011 3:00:14 AM - Software Distribution Service 3.0
    RP611: 9/19/2011 3:00:14 AM - Software Distribution Service 3.0
    RP612: 9/20/2011 3:00:14 AM - Software Distribution Service 3.0
    RP613: 9/21/2011 3:00:14 AM - Software Distribution Service 3.0
    RP614: 9/22/2011 3:00:14 AM - Software Distribution Service 3.0
    RP615: 9/23/2011 3:00:14 AM - Software Distribution Service 3.0
    RP616: 9/23/2011 1:46:39 PM - Software Distribution Service 3.0
    RP617: 9/25/2011 11:32:01 PM - System Checkpoint
    RP618: 9/26/2011 3:00:14 AM - Software Distribution Service 3.0
    RP619: 9/27/2011 3:00:14 AM - Software Distribution Service 3.0
    RP620: 9/28/2011 3:00:15 AM - Software Distribution Service 3.0
    RP621: 9/29/2011 3:00:15 AM - Software Distribution Service 3.0
    RP622: 9/30/2011 3:00:14 AM - Software Distribution Service 3.0
    RP623: 10/1/2011 3:00:14 AM - Software Distribution Service 3.0
    RP624: 10/2/2011 3:00:14 AM - Software Distribution Service 3.0
    RP625: 10/3/2011 3:00:14 AM - Software Distribution Service 3.0
    RP626: 10/4/2011 3:00:14 AM - Software Distribution Service 3.0
    RP627: 10/5/2011 3:00:14 AM - Software Distribution Service 3.0
    RP628: 10/6/2011 3:00:14 AM - Software Distribution Service 3.0
    RP629: 10/7/2011 3:00:14 AM - Software Distribution Service 3.0
    RP630: 10/8/2011 3:00:14 AM - Software Distribution Service 3.0
    RP631: 10/9/2011 3:00:14 AM - Software Distribution Service 3.0
    RP632: 10/10/2011 3:00:14 AM - Software Distribution Service 3.0
    RP633: 10/11/2011 3:00:14 AM - Software Distribution Service 3.0
    RP634: 10/12/2011 3:00:14 AM - Software Distribution Service 3.0
    RP635: 10/13/2011 3:47:52 AM - System Checkpoint
    RP636: 10/13/2011 3:03:29 PM - Software Distribution Service 3.0
    RP637: 10/14/2011 3:17:22 PM - System Checkpoint
    RP638: 10/15/2011 3:51:10 PM - System Checkpoint
    RP639: 10/16/2011 3:00:14 AM - Software Distribution Service 3.0
    RP640: 10/17/2011 3:00:14 AM - Software Distribution Service 3.0
    RP641: 10/18/2011 3:00:14 AM - Software Distribution Service 3.0
    RP642: 10/19/2011 3:00:14 AM - Software Distribution Service 3.0
    RP643: 10/20/2011 3:00:14 AM - Software Distribution Service 3.0
    RP644: 10/21/2011 3:00:14 AM - Software Distribution Service 3.0
    RP645: 10/22/2011 3:00:14 AM - Software Distribution Service 3.0
    RP646: 10/23/2011 3:00:14 AM - Software Distribution Service 3.0
    RP647: 10/24/2011 3:00:14 AM - Software Distribution Service 3.0
    RP648: 10/25/2011 3:00:14 AM - Software Distribution Service 3.0
    RP649: 10/26/2011 3:00:15 AM - Software Distribution Service 3.0
    RP650: 10/27/2011 3:00:14 AM - Software Distribution Service 3.0
    RP651: 10/28/2011 3:00:14 AM - Software Distribution Service 3.0
    RP652: 10/29/2011 3:00:14 AM - Software Distribution Service 3.0
    RP653: 10/30/2011 3:00:14 AM - Software Distribution Service 3.0
    RP654: 10/31/2011 3:00:14 AM - Software Distribution Service 3.0
    RP655: 11/1/2011 3:00:15 AM - Software Distribution Service 3.0
    RP656: 11/2/2011 3:00:14 AM - Software Distribution Service 3.0
    RP657: 11/3/2011 3:00:14 AM - Software Distribution Service 3.0
    RP658: 11/4/2011 3:00:14 AM - Software Distribution Service 3.0
    RP659: 11/5/2011 3:00:14 AM - Software Distribution Service 3.0
    RP660: 11/6/2011 2:00:14 AM - Software Distribution Service 3.0
    RP661: 11/6/2011 3:00:14 AM - Software Distribution Service 3.0
    RP662: 11/7/2011 3:00:14 AM - Software Distribution Service 3.0
    RP663: 11/8/2011 3:00:18 AM - Software Distribution Service 3.0
    RP664: 11/9/2011 3:00:14 AM - Software Distribution Service 3.0
    RP665: 11/10/2011 3:31:09 AM - System Checkpoint
    RP666: 11/11/2011 3:00:13 AM - Software Distribution Service 3.0
    RP667: 11/12/2011 3:00:17 AM - Software Distribution Service 3.0
    RP668: 11/13/2011 3:00:15 AM - Software Distribution Service 3.0
    RP669: 11/14/2011 3:00:14 AM - Software Distribution Service 3.0
    RP670: 11/15/2011 3:00:14 AM - Software Distribution Service 3.0
    RP671: 11/16/2011 3:00:14 AM - Software Distribution Service 3.0
    RP672: 11/17/2011 3:00:13 AM - Software Distribution Service 3.0
    RP673: 11/18/2011 3:00:14 AM - Software Distribution Service 3.0
    RP674: 11/19/2011 3:00:14 AM - Software Distribution Service 3.0
    RP675: 11/20/2011 3:00:14 AM - Software Distribution Service 3.0
    RP676: 11/21/2011 3:00:13 AM - Software Distribution Service 3.0
    RP677: 11/22/2011 3:00:13 AM - Software Distribution Service 3.0
    RP678: 11/23/2011 3:00:14 AM - Software Distribution Service 3.0
    RP679: 11/24/2011 3:00:14 AM - Software Distribution Service 3.0
    RP680: 11/25/2011 3:00:15 AM - Software Distribution Service 3.0
    RP681: 11/26/2011 3:00:14 AM - Software Distribution Service 3.0
    RP682: 11/27/2011 3:00:14 AM - Software Distribution Service 3.0
    RP683: 11/28/2011 3:00:14 AM - Software Distribution Service 3.0
    RP684: 11/29/2011 3:00:14 AM - Software Distribution Service 3.0
    RP685: 11/30/2011 3:00:15 AM - Software Distribution Service 3.0
    RP686: 12/1/2011 3:00:14 AM - Software Distribution Service 3.0
    RP687: 12/2/2011 3:00:16 AM - Software Distribution Service 3.0
    RP688: 12/3/2011 3:00:15 AM - Software Distribution Service 3.0
    RP689: 12/4/2011 3:00:14 AM - Software Distribution Service 3.0
    RP690: 12/5/2011 3:00:14 AM - Software Distribution Service 3.0
    RP691: 12/6/2011 3:22:42 AM - System Checkpoint
    RP692: 12/7/2011 3:00:15 AM - Software Distribution Service 3.0
    RP693: 12/8/2011 3:00:14 AM - Software Distribution Service 3.0
    RP694: 12/9/2011 3:00:15 AM - Software Distribution Service 3.0
    RP695: 12/10/2011 3:00:15 AM - Software Distribution Service 3.0
    RP696: 12/10/2011 8:43:44 PM - Restore Operation
    RP697: 12/10/2011 8:47:29 PM - Software Distribution Service 3.0
    RP698: 12/11/2011 3:00:23 AM - Software Distribution Service 3.0

    ==== Installed Programs ======================

    Acrobat.com
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe AIR
    Adobe Digital Editions
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.1)
    Apple Application Support
    Apple Software Update
    Google Chrome
    Hitman Pro 3.5
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952117-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB958756)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Backup and Recovery Manager
    HP Help and Support
    Intel(R) Graphics Media Accelerator Driver
    InterVideo WinDVD 8
    Java Auto Updater
    Java(TM) 6 Update 24
    Java(TM) 6 Update 7
    Lexmark 2600 Series
    Malwarebytes' Anti-Malware version 1.51.2.1300
    McAfee AntiVirus Plus
    McAfee Virtual Technician
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser
    PDF Complete Special Edition
    QuickTime
    Realtek High Definition Audio Driver
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Spelling Dictionaries Support For Adobe Reader 9
    TomTom HOME 2.7.3.1894
    TomTom HOME Visual Studio Merge Modules
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 8
    Windows Presentation Foundation
    Winmail Opener 1.4
    XML Paper Specification Shared Components Pack 1.0

    ==== Event Viewer Messages From Past Week ========

    12/7/2011 7:29:28 PM, error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/7/2011 7:29:28 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/7/2011 7:29:28 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/7/2011 7:29:28 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/7/2011 7:29:28 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/11/2011 2:06:40 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    12/11/2011 12:21:27 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    12/10/2011 8:50:34 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 4 (KB2463332).
    12/10/2011 11:42:51 PM, error: Service Control Manager [7024] - The SQL Server (MSSMLBIZ) service terminated with service-specific error 3417 (0xD59).
    12/10/2011 11:42:51 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService service to connect.
    12/10/2011 11:42:51 PM, error: Service Control Manager [7000] - The lxdnCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/10/2011 11:42:18 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

    ==== End Of File ===========================


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Lorrie at 13:26:29.71 on Sun 12/11/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1315 [GMT -6:00]

    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\WINDOWS\system32\lxdncoms.exe
    c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\Program Files\PDF Complete\pdfsvc.exe
    C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\SMINST\Scheduler.exe
    C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
    C:\Program Files\Lexmark 2600 Series\ezprint.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Documents and Settings\Lorrie\Desktop\Malware downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://mail.aol.com/
    uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //eml:c:\documents and settings\lorrie\local settings\temporary internet files\content.ie5\noyjvooy\A_small_request_by_Friday[1].eml
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111109160617.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\lorrie\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
    mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
    mRun: [Recguard] c:\windows\sminst\Recguard.exe
    mRun: [Reminder] c:\windows\creator\Remind_XP.exe
    mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
    mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
    mRun: [EzPrint] "c:\program files\lexmark 2600 series\ezprint.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: igfxcui - igfxdev.dll

    ============= SERVICES / DRIVERS ===============

    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-12-22 464176]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-12-22 89792]
    R1 oxpar;%OXPAR.SVCDESC%;c:\windows\system32\drivers\oxpar.sys [2007-1-24 80128]
    R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-2-3 94880]
    R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-12-22 214904]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-12-22 214904]
    R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-12-22 214904]
    R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-12-22 166288]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-12-22 160608]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-12-22 150856]
    R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2009-10-7 635416]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-12-22 57600]
    R3 MfeAVFK;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-12-22 180816]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-12-22 338176]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-12-22 83856]
    R3 oxmf;OXPCI Bus enumerator;c:\windows\system32\drivers\oxmf.sys [2007-1-24 21888]
    R3 Oxmfuf;Filter driver for OX16PCI95x ports;c:\windows\system32\drivers\oxmfuf.sys [2007-1-24 5888]
    R3 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\oxser.sys [2007-1-24 70784]
    S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2008-2-27 98984]
    S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2009-10-26 20160]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 MfeBOPK;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-12-22 59456]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-12-22 83856]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-12-22 87656]

    =============== Created Last 30 ================

    2011-12-11 07:04:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2011-12-11 06:20:58 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-12-11 06:20:57 -------- d-----w- c:\program files\Hitman Pro 3.5
    2011-12-11 06:19:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
    2011-12-11 03:46:49 -------- d-----w- C:\LORRIE TEMP BAD
    2011-12-11 02:44:35 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-12-11 02:44:35 -------- d-----w- c:\windows\system32\wbem\Repository

    ==================== Find3M ====================

    2011-10-18 20:32:30 150856 ----a-w- c:\windows\system32\mfevtps.exe
    2011-10-13 01:32:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

    ============= FINISH: 13:27:04.12 ===============
     
  2. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==========================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. Halfday24

    Halfday24 TS Rookie Topic Starter Posts: 51

    Hello. I downloaded aswMBR, and when I click on it to run, I get an "Open With" window. When I right click on the icon, on the properties tab, at the bottom there is a security notation that says, "This file cam from another computer and might be blocked to help protect this computer." There is a button to unblock. Should I do that? If not, how do I get the app to run?
     
  4. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Yes.
     
  5. Halfday24

    Halfday24 TS Rookie Topic Starter Posts: 51

    I clicked on the unblock button, and applied it. The app still will not run. Double click results in the "Open With" window opening.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Run this instead....

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  7. Halfday24

    Halfday24 TS Rookie Topic Starter Posts: 51

    I downloaded it, and when I click on it to run, it too opens up the "Open With" window. It appears that something is blocking my ability to run an exe file.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Download and run exeHelper.

    • Please download exeHelper from Raktor to your desktop.
    • Double-click on exeHelper.com to run the fix.
    • A black window should pop up, press any key to close once the fix is completed.
    • A log file named log.txt will be created in the directory where you ran exeHelper.com
    • Attach the log.txt file to your next message.

    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
     
  9. Halfday24

    Halfday24 TS Rookie Topic Starter Posts: 51

    When I try to download the exeHelper, My McAfee Site Adivsor warns that it may be dangerous. However, I continued anyhow. It downloads 99% and then gives a message that says "Error copying file or Folder. Cannot copy exeHelper[1]: Access is denied. Make sure the disk is not full or write-protected and that the fiel is not currently in use."
     
  10. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Disable McAfee antivirus and download again.
     
  11. Halfday24

    Halfday24 TS Rookie Topic Starter Posts: 51

    I have a McAfee message indicating a risky connection blocked. It's blocking a ping command.
    I now get a message that says McAfee has blocked the exehelper file because it contains a Trojan.
     
  12. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Read my previous reply.
    McAfee is stupidly oversensitive.
     
  13. Halfday24

    Halfday24 TS Rookie Topic Starter Posts: 51

    exeHelper by Raktor
    Build 20100414
    Run at 23:50:01 on 12/11/11
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--
     
  14. Halfday24

    Halfday24 TS Rookie Topic Starter Posts: 51

    What do you want me to try to run first?
     
  15. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Try aswMBR again.
    If that doesn't work then go for Bootkit Remover.
    Then Combofix.
     
  16. Halfday24

    Halfday24 TS Rookie Topic Starter Posts: 51

    I'm running aswMBR now. How long will that run for? It's been going for about 30 minutes already. And it seems to be stalled on Scanning: C:\Doucments and Settings\All users\Application data\Adobe\ARM\Reader_... I can't read the rest of the line. If the screen saver kicks in, will that kill the application? Every once in awhile I get a single "donk". The hard drive is clicking away. McAfee is activated. Does that need to be disabled while this runs? I have several lines highlighted in red.
     
  17. Halfday24

    Halfday24 TS Rookie Topic Starter Posts: 51

    My computer appears to be hung up now. The mouse isn't responding to movement.
     
  18. Halfday24

    Halfday24 TS Rookie Topic Starter Posts: 51

    I had to restart the computer. I turned off the screen saver, and let it run. Here is the log:

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-12 01:28:13
    -----------------------------
    01:28:13.562 OS Version: Windows 5.1.2600 Service Pack 3
    01:28:13.562 Number of processors: 2 586 0x170A
    01:28:13.562 ComputerName: PH10-22-2009 UserName: Lorrie
    01:28:16.000 Initialize success
    01:28:23.515 AVAST engine defs: 11121102
    01:28:57.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    01:28:57.390 Disk 0 Vendor: ST3160318AS HP34 Size: 152627MB BusType: 3
    01:28:59.406 Disk 0 MBR read successfully
    01:28:59.406 Disk 0 MBR scan
    01:28:59.453 Disk 0 unknown MBR code
    01:28:59.453 Disk 0 scanning sectors +312576000
    01:28:59.515 Disk 0 scanning C:\WINDOWS\system32\drivers
    01:29:09.687 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Alureon-AOT [Rtk]
    01:29:14.484 Service scanning
    01:29:15.562 Modules scanning
    01:29:18.828 Module: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys **SUSPICIOUS**
    01:29:20.296 Disk 0 trace - called modules:
    01:29:20.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x88ce5f10]<<
    01:29:20.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89dc7ab8]
    01:29:20.312 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x89406030]
    01:29:20.312 \Driver\00000449[0x88d6c270] -> IRP_MJ_CREATE -> 0x88ce5f10
    01:29:20.734 AVAST engine scan C:\WINDOWS
    01:29:35.062 AVAST engine scan C:\WINDOWS\system32
    01:32:34.546 AVAST engine scan C:\WINDOWS\system32\drivers
    01:32:42.218 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Alureon-AOT [Rtk]
    01:32:48.562 AVAST engine scan C:\Documents and Settings\Lorrie
    01:39:09.375 AVAST engine scan C:\Documents and Settings\All Users
    02:42:29.859 Scan finished successfully
    06:59:05.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Lorrie\Desktop\MBR.dat"
    06:59:05.937 The log file has been saved successfully to "C:\Documents and Settings\Lorrie\Desktop\aswMBR.txt"
     
  19. Halfday24

    Halfday24 TS Rookie Topic Starter Posts: 51

    Results of aswMBR:
    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-12 01:28:13
    -----------------------------
    01:28:13.562 OS Version: Windows 5.1.2600 Service Pack 3
    01:28:13.562 Number of processors: 2 586 0x170A
    01:28:13.562 ComputerName: PH10-22-2009 UserName: Lorrie
    01:28:16.000 Initialize success
    01:28:23.515 AVAST engine defs: 11121102
    01:28:57.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    01:28:57.390 Disk 0 Vendor: ST3160318AS HP34 Size: 152627MB BusType: 3
    01:28:59.406 Disk 0 MBR read successfully
    01:28:59.406 Disk 0 MBR scan
    01:28:59.453 Disk 0 unknown MBR code
    01:28:59.453 Disk 0 scanning sectors +312576000
    01:28:59.515 Disk 0 scanning C:\WINDOWS\system32\drivers
    01:29:09.687 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Alureon-AOT [Rtk]
    01:29:14.484 Service scanning
    01:29:15.562 Modules scanning
    01:29:18.828 Module: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys **SUSPICIOUS**
    01:29:20.296 Disk 0 trace - called modules:
    01:29:20.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x88ce5f10]<<
    01:29:20.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89dc7ab8]
    01:29:20.312 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x89406030]
    01:29:20.312 \Driver\00000449[0x88d6c270] -> IRP_MJ_CREATE -> 0x88ce5f10
    01:29:20.734 AVAST engine scan C:\WINDOWS
    01:29:35.062 AVAST engine scan C:\WINDOWS\system32
    01:32:34.546 AVAST engine scan C:\WINDOWS\system32\drivers
    01:32:42.218 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Alureon-AOT [Rtk]
    01:32:48.562 AVAST engine scan C:\Documents and Settings\Lorrie
    01:39:09.375 AVAST engine scan C:\Documents and Settings\All Users
    02:42:29.859 Scan finished successfully
    06:59:05.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Lorrie\Desktop\MBR.dat"
    06:59:05.937 The log file has been saved successfully to "C:\Documents and Settings\Lorrie\Desktop\aswMBR.txt"


    Results of ComboFix:
    ComboFix 11-12-12.01 - Lorrie 12/12/2011 7:34.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1647 [GMT -6:00]
    Running from: c:\documents and settings\Lorrie\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\$NtUninstallKB35734$
    c:\windows\$NtUninstallKB35734$\1455434601
    c:\windows\$NtUninstallKB35734$\3580255984\@
    c:\windows\$NtUninstallKB35734$\3580255984\bckfg.tmp
    c:\windows\$NtUninstallKB35734$\3580255984\cfg.ini
    c:\windows\$NtUninstallKB35734$\3580255984\Desktop.ini
    c:\windows\$NtUninstallKB35734$\3580255984\keywords
    c:\windows\$NtUninstallKB35734$\3580255984\kwrd.dll
    c:\windows\$NtUninstallKB35734$\3580255984\L\ktrspibc
    c:\windows\$NtUninstallKB35734$\3580255984\lsflt7.ver
    c:\windows\$NtUninstallKB35734$\3580255984\U\00000001.@
    c:\windows\$NtUninstallKB35734$\3580255984\U\00000002.@
    c:\windows\$NtUninstallKB35734$\3580255984\U\00000004.@
    c:\windows\$NtUninstallKB35734$\3580255984\U\80000000.@
    c:\windows\$NtUninstallKB35734$\3580255984\U\80000004.@
    c:\windows\$NtUninstallKB35734$\3580255984\U\80000032.@
    .
    Infected copy of c:\windows\system32\drivers\mrxsmb.sys was found and disinfected
    Restored copy from - The cat found it :)
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-12 to 2011-12-12 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-12 13:48 . 2011-12-12 13:48 118784 ----a-w- c:\windows\system32\chg.exe
    2011-12-12 13:26 . 2011-07-15 13:29 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-12-11 07:04 . 2011-12-11 07:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-12-11 06:20 . 2011-12-11 07:56 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-12-11 06:20 . 2011-12-11 06:20 -------- d-----w- c:\program files\Hitman Pro 3.5
    2011-12-11 06:19 . 2011-12-11 07:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
    2011-12-11 03:46 . 2011-12-11 06:38 -------- d-----w- C:\LORRIE TEMP BAD
    2011-12-11 03:27 . 2011-12-11 03:27 -------- d-----w- c:\documents and settings\Master
    2011-12-11 02:44 . 2011-12-11 02:44 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-12-11 02:18 . 2011-12-11 02:18 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-18 20:32 . 2010-12-22 11:52 150856 ----a-w- c:\windows\system32\mfevtps.exe
    2011-10-15 19:16 . 2010-12-22 11:52 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-10-15 19:16 . 2010-12-22 11:52 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2011-10-15 19:16 . 2010-12-22 11:52 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-10-15 19:16 . 2010-12-22 11:52 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2011-10-15 19:16 . 2010-12-22 11:52 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-10-15 19:16 . 2010-12-22 11:52 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-10-15 19:16 . 2010-12-22 11:52 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-10-15 19:16 . 2010-12-22 11:52 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-10-15 19:16 . 2010-12-22 11:52 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-10-15 19:16 . 2010-12-22 11:52 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-10-13 01:32 . 2011-07-08 00:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-10 14:22 . 2008-04-14 09:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06 . 2008-04-14 09:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 16:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 16:41 . 2008-04-14 09:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 16:41 . 2008-04-14 09:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-26 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-26 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-26 137752]
    "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]
    "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-21 525824]
    "Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
    "Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
    "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
    "lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]
    "EzPrint"="c:\program files\Lexmark 2600 Series\ezprint.exe" [2008-03-27 107176]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1318552]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\SMINST\\Scheduler.exe"=
    "c:\\windows\\system32\\lxdncoms.exe"=
    "c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
    "c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
    "c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
    "c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
    "c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
    .
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [12/22/2010 5:52 AM 89792]
    R1 oxpar;%OXPAR.SVCDESC%;c:\windows\system32\drivers\oxpar.sys [1/24/2007 12:28 PM 80128]
    R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2/3/2010 9:58 PM 94880]
    R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/22/2010 5:51 AM 214904]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [12/22/2010 5:51 AM 214904]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [12/22/2010 5:52 AM 160608]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [12/22/2010 5:52 AM 150856]
    R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [10/7/2009 8:40 PM 635416]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 9:09 PM 11032]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 5:31 AM 92008]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [12/22/2010 5:52 AM 57600]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [12/22/2010 5:52 AM 338176]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/22/2010 5:52 AM 83856]
    R3 oxmf;OXPCI Bus enumerator;c:\windows\system32\drivers\oxmf.sys [1/24/2007 12:28 PM 21888]
    R3 Oxmfuf;Filter driver for OX16PCI95x ports;c:\windows\system32\drivers\oxmfuf.sys [1/24/2007 12:28 PM 5888]
    R3 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\oxser.sys [1/24/2007 12:28 PM 70784]
    S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2/27/2008 5:07 PM 98984]
    S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [10/26/2009 9:43 PM 20160]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/22/2010 5:52 AM 83856]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [12/22/2010 5:52 AM 87656]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-765832434-3566525949-56134348-1009Core.job
    - c:\documents and settings\Lorrie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-22 21:27]
    .
    2011-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-765832434-3566525949-56134348-1009UA.job
    - c:\documents and settings\Lorrie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-22 21:27]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://mail.aol.com/
    uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //eml:c:\documents and settings\Lorrie\Local Settings\Temporary Internet Files\Content.IE5\NOYJVOOY\A_small_request_by_Friday[1].eml
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-12 07:58
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
    "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3080)
    c:\windows\system32\WININET.dll
    c:\progra~1\mcafee\SITEAD~1\saHook.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\windows\system32\lxdncoms.exe
    c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\igfxsrvc.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-12 08:00:54 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-12 14:00
    .
    Pre-Run: 117,031,534,592 bytes free
    Post-Run: 118,651,691,008 bytes free
    .
    - - End Of File - - A2D138A51A88D6C6CD3FB785E048A2FC
     
  20. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Looks good :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  21. Halfday24

    Halfday24 TS Rookie Topic Starter Posts: 51

    I'm glad to hear it's looking better. I don't have access to the computer right now, but will be able to run the OTL app in about 5 hours. I will post the logs for you to review when I finish.
     
  22. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    No problem :)
     
  23. Halfday24

    Halfday24 TS Rookie Topic Starter Posts: 51

    OTL logfile created on: 12/12/2011 5:51:02 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Lorrie\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.40% Memory free
    3.84 Gb Paging File | 3.36 Gb Available in Paging File | 87.54% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 133.04 Gb Total Space | 110.52 Gb Free Space | 83.08% Space Free | Partition Type: NTFS
    Drive D: | 16.00 Gb Total Space | 10.69 Gb Free Space | 66.82% Space Free | Partition Type: NTFS

    Computer Name: PH10-22-2009 | User Name: Lorrie | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/12/12 17:48:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lorrie\Desktop\OTL.exe
    PRC - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\windows\system32\mfevtps.exe
    PRC - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    PRC - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    PRC - [2011/09/16 17:38:10 | 001,318,552 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    PRC - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    PRC - [2009/11/13 05:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    PRC - [2009/06/18 10:29:12 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
    PRC - [2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\windows\explorer.exe
    PRC - [2008/03/27 09:13:23 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2600 Series\ezprint.exe
    PRC - [2008/03/27 09:13:18 | 000,660,136 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
    PRC - [2008/02/27 17:07:26 | 000,594,600 | ---- | M] ( ) -- C:\windows\system32\lxdncoms.exe
    PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    PRC - [2006/07/10 11:53:08 | 000,872,448 | ---- | M] () -- C:\windows\SMINST\Scheduler.exe


    ========== Modules (No Company Name) ==========

    MOD - [2008/03/27 09:13:18 | 000,660,136 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
    MOD - [2008/03/14 23:34:14 | 000,782,336 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdndrs.dll
    MOD - [2008/03/14 23:33:42 | 000,380,928 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdnscw.dll
    MOD - [2008/02/27 05:05:40 | 000,115,200 | ---- | M] () -- C:\windows\system32\spool\prtprocs\w32x86\lxdndrpp.dll
    MOD - [2007/11/20 18:02:39 | 000,782,336 | ---- | M] () -- C:\windows\system32\lxdndrs.dll
    MOD - [2007/11/20 17:44:48 | 000,081,920 | ---- | M] () -- C:\windows\system32\lxdncaps.dll
    MOD - [2007/11/20 17:44:48 | 000,081,920 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdncaps.dll
    MOD - [2007/10/12 20:24:46 | 000,364,544 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\iptk.dll
    MOD - [2007/10/02 16:51:09 | 000,069,632 | ---- | M] () -- C:\windows\system32\lxdncnv4.dll
    MOD - [2007/10/02 16:51:09 | 000,069,632 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdncnv4.dll
    MOD - [2007/05/29 09:39:08 | 000,589,824 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdndatr.dll
    MOD - [2006/07/10 11:53:08 | 000,872,448 | ---- | M] () -- C:\windows\SMINST\Scheduler.exe


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\windows\system32\mfevtps.exe -- (mfevtp)
    SRV - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
    SRV - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2011/06/23 14:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV - [2009/11/13 05:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2009/06/18 10:29:12 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
    SRV - [2008/02/27 17:07:26 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdncoms.exe -- (lxdn_device)
    SRV - [2008/02/27 17:07:14 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)
    SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/10/15 13:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\windows\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2011/10/15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\windows\system32\drivers\mfefirek.sys -- (mfefirek)
    DRV - [2011/10/15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\windows\system32\drivers\mfeavfk.sys -- (MfeAVFK)
    DRV - [2011/10/15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\windows\system32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2011/10/15 13:16:16 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\windows\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
    DRV - [2011/10/15 13:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\windows\system32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2011/10/15 13:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\windows\system32\drivers\mfendisk.sys -- (mfendiskmp)
    DRV - [2011/10/15 13:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\mfendisk.sys -- (mfendisk)
    DRV - [2011/10/15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\windows\system32\drivers\mfebopk.sys -- (MfeBOPK)
    DRV - [2011/10/15 13:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\windows\system32\drivers\cfwids.sys -- (cfwids)
    DRV - [2009/06/11 17:34:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2008/04/13 19:04:34 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wVchNTxx.sys -- (iAimFP4)
    DRV - [2008/04/13 19:04:32 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wSiINTxx.sys -- (iAimFP3)
    DRV - [2008/04/13 19:04:30 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wATV04nt.sys -- (iAimTV3)
    DRV - [2008/04/13 19:04:30 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wATV01nt.sys -- (iAimTV0)
    DRV - [2008/04/13 19:04:30 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wATV10nt.sys -- (iAimTV5)
    DRV - [2008/04/13 19:04:30 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
    DRV - [2008/04/13 19:04:30 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wATV06nt.sys -- (iAimTV6)
    DRV - [2008/04/13 19:04:30 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wATV02NT.sys -- (iAimTV1)
    DRV - [2008/04/13 19:04:28 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\i81xnt5.sys -- (i81x)
    DRV - [2008/04/13 19:04:28 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wADV01nt.sys -- (iAimFP0)
    DRV - [2008/04/13 19:04:28 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wADV02NT.sys -- (iAimFP1)
    DRV - [2008/04/13 19:04:28 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wADV09NT.sys -- (iAimFP7)
    DRV - [2008/04/13 19:04:28 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wADV07nt.sys -- (iAimFP5)
    DRV - [2008/04/13 19:04:28 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wADV05NT.sys -- (iAimFP2)
    DRV - [2008/04/13 19:04:28 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wADV08NT.sys -- (iAimFP6)
    DRV - [2008/01/04 00:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\windows\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2007/11/06 19:23:56 | 004,622,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\windows\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2007/04/17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\windows\system32\drivers\regi.sys -- (regi)
    DRV - [2007/01/24 12:28:00 | 000,080,128 | ---- | M] (OEM) [Kernel | System | Running] -- C:\windows\system32\drivers\oxpar.sys -- (oxpar)
    DRV - [2007/01/24 12:28:00 | 000,070,784 | ---- | M] (OEM) [Kernel | On_Demand | Running] -- C:\windows\system32\drivers\oxser.sys -- (oxser)
    DRV - [2007/01/24 12:28:00 | 000,021,888 | ---- | M] (OEM) [Kernel | On_Demand | Running] -- C:\windows\system32\drivers\oxmf.sys -- (oxmf)
    DRV - [2007/01/24 12:28:00 | 000,005,888 | ---- | M] (OEM) [Kernel | On_Demand | Running] -- C:\windows\system32\drivers\oxmfuf.sys -- (Oxmfuf)
    DRV - [2002/04/04 08:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
    DRV - [2001/08/17 12:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\ADM8511.SYS -- (ADM8511)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

    IE - HKU\S-1-5-21-765832434-3566525949-56134348-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.aol.com/
    IE - HKU\S-1-5-21-765832434-3566525949-56134348-1009\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKU\S-1-5-21-765832434-3566525949-56134348-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "https://my.screenname.aol.com/"

    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/10 16:11:51 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011/12/12 17:44:16 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6173\FF\

    [2011/02/28 21:52:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lorrie\Application Data\Mozilla\Firefox\Profiles\i6dq6qdt.default\extensions
    [2011/02/28 21:52:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Lorrie\Application Data\Mozilla\Firefox\Profiles\i6dq6qdt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\DANISH@DICTIONARIES.ADDONS.MOZILLA.ORG
    File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\DE-DE-COMB@DICTIONARIES.ADDONS.MOZILLA.ORG
    File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\EN-AU@DICTIONARIES.ADDONS.MOZILLA.ORG
    File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\ES-AR@DICTIONARIES.ADDONS.MOZILLA.ORG
    File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\ES-ES@DICTIONARIES.ADDONS.MOZILLA.ORG
    File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\FI@DICTIONARIES.ADDONS.MOZILLA.ORG
    File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\FR@DICTIONARIES.ADDONS.MOZILLA.ORG
    File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\FR-FR@DICTIONARIES.ADDONS.MOZILLA.ORG
    File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\IT-IT@DICTIONARIES.ADDONS.MOZILLA.ORG
    File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-DA@FIREFOX.MOZILLA.ORG
    File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-DE@FIREFOX.MOZILLA.ORG
    File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-EN-GB@FIREFOX.MOZILLA.ORG
    File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-ES-AR@FIREFOX.MOZILLA.ORG
    File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-ES-ES@FIREFOX.MOZILLA.ORG
    File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-FI@FIREFOX.MOZILLA.ORG
    File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-FR@FIREFOX.MOZILLA.ORG
    File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-HU@FIREFOX.MOZILLA.ORG
    File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-IT@FIREFOX.MOZILLA.ORG
    File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-JA@FIREFOX.MOZILLA.ORG
    File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-KO@FIREFOX.MOZILLA.ORG
    File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-NL@FIREFOX.MOZILLA.ORG
    File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-PL@FIREFOX.MOZILLA.ORG
    File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-PT-PT@FIREFOX.MOZILLA.ORG
    File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-RU@FIREFOX.MOZILLA.ORG
    File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\NL-NL@DICTIONARIES.ADDONS.MOZILLA.ORG
    File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\PL@DICTIONARIES.ADDONS.MOZILLA.ORG
    File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\PT-PT@DICTIONARIES.ADDONS.MOZILLA.ORG
    File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\RU@DICTIONARIES.ADDONS.MOZILLA.ORG
    File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\SL@DICTIONARIES.ADDONS.MOZILLA.ORG

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\gcswf32.dll
    CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\pdf.dll
    CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\gears.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.131.2_0\McChPlg.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Entanglement = C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
    CHR - Extension: SiteAdvisor = C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\
    CHR - Extension: Poppit = C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

    O1 HOSTS File: ([2011/12/12 07:58:19 | 000,000,027 | ---- | M]) - C:\windows\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111109160617.dll (McAfee, Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.)
    O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
    O4 - HKLM..\Run: [Recguard] C:\windows\SMINST\Recguard.exe ()
    O4 - HKLM..\Run: [Reminder] C:\windows\CREATOR\Remind_XP.exe ()
    O4 - HKLM..\Run: [Scheduler] C:\windows\SMINST\Scheduler.exe ()
    O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-765832434-3566525949-56134348-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-765832434-3566525949-56134348-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-765832434-3566525949-56134348-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-765832434-3566525949-56134348-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{796C7FDE-68DC-4BE8-A52E-A4488C5916E8}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\windows\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Lorrie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lorrie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\windows\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\windows\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/12 17:48:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lorrie\Desktop\OTL.exe
    [2011/12/12 17:43:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
    [2011/12/12 08:00:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/12/12 07:23:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/12/12 07:23:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/12/12 07:23:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/12/12 07:23:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/12/12 07:23:09 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/12/12 07:23:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lorrie\My Documents\My Videos
    [2011/12/12 07:23:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lorrie\Start Menu\Programs\Administrative Tools
    [2011/12/12 07:03:48 | 004,336,613 | R--- | C] (Swearware) -- C:\Documents and Settings\Lorrie\Desktop\ComboFix.exe
    [2011/12/11 23:27:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lorrie\Desktop\bootkit_remover
    [2011/12/11 22:51:59 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Lorrie\Desktop\aswMBR.exe
    [2011/12/11 13:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lorrie\Desktop\Malware downloads
    [2011/12/11 01:04:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2011/12/11 00:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lorrie\Desktop\New Folder
    [2011/12/11 00:53:24 | 013,474,504 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Lorrie\Desktop\SUPERAntiSpyware.exe
    [2011/12/11 00:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hitman Pro 3.5
    [2011/12/11 00:20:57 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
    [2011/12/11 00:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2011/12/11 00:19:06 | 006,480,192 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Lorrie\Desktop\HitmanPro35.exe
    [2011/12/10 22:12:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2011/12/10 21:46:49 | 000,000,000 | ---D | C] -- C:\LORRIE TEMP BAD
    [2011/12/10 20:18:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2011/12/10 20:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2011/11/30 22:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lorrie\My Documents\My Digital Editions
    [2011/11/30 22:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
    [2009/10/26 21:48:59 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDNhcp.dll
    [2008/02/27 17:07:28 | 000,320,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnih.exe
    [2008/02/27 17:07:26 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncoms.exe
    [2008/02/27 17:07:23 | 000,365,224 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncfg.exe
    [2007/11/28 17:19:08 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnpmui.dll
    [2007/11/28 17:16:04 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnserv.dll
    [2007/11/28 17:13:37 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnlmpm.dll
    [2007/11/28 17:13:30 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdniesc.dll
    [2007/11/28 17:13:22 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomm.dll
    [2007/11/28 17:12:26 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnhbn3.dll
    [2007/11/28 17:12:07 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnusb1.dll
    [2007/11/28 17:11:47 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomc.dll
    [2007/11/28 17:10:51 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnprox.dll
    [2007/11/28 17:09:17 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdninpa.dll
     
  24. Halfday24

    Halfday24 TS Rookie Topic Starter Posts: 51

    - OTL.txt continued -


    ========== Files - Modified Within 30 Days ==========

    [2011/12/12 17:48:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lorrie\Desktop\OTL.exe
    [2011/12/12 17:43:51 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
    [2011/12/12 17:40:58 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/12/12 17:40:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/12/12 07:58:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/12/12 07:34:03 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-765832434-3566525949-56134348-1009UA.job
    [2011/12/12 07:04:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/12/12 07:03:54 | 004,336,613 | R--- | M] (Swearware) -- C:\Documents and Settings\Lorrie\Desktop\ComboFix.exe
    [2011/12/12 06:59:05 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Lorrie\Desktop\MBR.dat
    [2011/12/11 23:26:12 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\Lorrie\Desktop\bootkit_remover.zip
    [2011/12/11 22:52:02 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Lorrie\Desktop\aswMBR.exe
    [2011/12/11 22:34:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-765832434-3566525949-56134348-1009Core.job
    [2011/12/11 21:02:44 | 000,013,332 | -HS- | M] () -- C:\Documents and Settings\Lorrie\Local Settings\Application Data\51q1x325g7yxn5t42h4wy
    [2011/12/11 21:02:44 | 000,013,332 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\51q1x325g7yxn5t42h4wy
    [2011/12/11 01:56:04 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2011/12/11 00:53:37 | 013,474,504 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Lorrie\Desktop\SUPERAntiSpyware.exe
    [2011/12/11 00:47:48 | 000,010,850 | ---- | M] () -- C:\Documents and Settings\Lorrie\My Documents\Hitman log.xml
    [2011/12/11 00:20:58 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
    [2011/12/11 00:19:06 | 006,480,192 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Lorrie\Desktop\HitmanPro35.exe
    [2011/12/10 22:25:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/12/10 20:42:53 | 000,012,816 | -HS- | M] () -- C:\Documents and Settings\Lorrie\Local Settings\Application Data\5q77xb5p14p437
    [2011/12/10 20:42:53 | 000,012,816 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\5q77xb5p14p437
    [2011/12/07 20:23:42 | 000,001,728 | -H-- | M] () -- C:\Documents and Settings\Lorrie\My Documents\Default.rdp
    [2011/11/30 22:45:39 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Digital Editions.lnk
    [2011/11/25 09:43:52 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Lorrie\Desktop\Google Chrome.lnk
    [2011/11/25 09:43:52 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Lorrie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

    ========== Files Created - No Company Name ==========

    [2011/12/12 07:23:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/12/12 07:23:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/12/12 07:23:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/12/12 07:23:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/12/12 07:23:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/12/12 06:59:05 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Lorrie\Desktop\MBR.dat
    [2011/12/11 23:26:11 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\Lorrie\Desktop\bootkit_remover.zip
    [2011/12/11 19:35:42 | 000,013,332 | -HS- | C] () -- C:\Documents and Settings\Lorrie\Local Settings\Application Data\51q1x325g7yxn5t42h4wy
    [2011/12/11 19:35:42 | 000,013,332 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\51q1x325g7yxn5t42h4wy
    [2011/12/11 00:47:48 | 000,010,850 | ---- | C] () -- C:\Documents and Settings\Lorrie\My Documents\Hitman log.xml
    [2011/12/11 00:20:58 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2011/12/11 00:20:58 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
    [2011/12/10 20:20:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/12/10 20:07:54 | 000,012,816 | -HS- | C] () -- C:\Documents and Settings\Lorrie\Local Settings\Application Data\5q77xb5p14p437
    [2011/12/10 20:07:54 | 000,012,816 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5q77xb5p14p437
    [2011/11/30 22:45:39 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Digital Editions.lnk
    [2011/11/30 22:45:39 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Digital Editions.lnk
    [2011/04/24 00:00:02 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Lorrie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/02/28 21:33:28 | 000,000,731 | ---- | C] () -- C:\WINDOWS\System32\McOEMAppRules.dat
    [2010/06/08 20:26:50 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
    [2009/10/26 21:49:03 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdnrwrd.ini
    [2009/10/26 21:48:59 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDNinst.dll
    [2009/10/26 21:47:25 | 000,348,160 | R--- | C] () -- C:\WINDOWS\System32\lxdncoin.dll
    [2009/10/07 20:50:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2009/10/07 20:31:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2009/10/07 20:13:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
    [2009/04/06 09:00:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2009/04/06 08:51:50 | 000,492,132 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2009/04/06 08:51:50 | 000,090,696 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2009/04/06 08:48:38 | 000,274,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2009/04/06 08:40:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2009/04/06 08:35:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2008/04/14 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2008/04/14 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2008/04/14 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2008/04/14 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2008/04/14 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2008/04/14 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2008/04/14 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2008/04/14 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2008/02/07 14:13:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdngrd.dll
    [2007/11/28 11:51:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdnvs.dll
    [2007/11/20 18:02:39 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdndrs.dll
    [2007/11/20 17:44:48 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdncaps.dll
    [2007/10/02 16:51:09 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdncnv4.dll
    [2002/05/28 10:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2002/05/28 10:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2002/05/08 12:12:22 | 000,000,790 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

    ========== LOP Check ==========

    [2010/04/07 14:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/02/28 06:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Foxit Software
    [2010/06/08 20:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
    [2009/10/07 20:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
    [2010/03/29 12:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TomTom
    [2011/12/11 01:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2011/12/08 00:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDFC
    [2010/03/29 12:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
    [2009/10/07 20:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    [2009/10/07 20:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
    [2011/02/28 20:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lorrie\Application Data\Foxit Software
    [2009/10/07 20:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lorrie\Application Data\SampleView
    [2009/10/07 20:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\SampleView

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/03/23 08:23:20 | 000,051,465 | ---- | M] () -- C:\AR00007168ARR001.J01
    [2009/10/26 18:19:02 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/12/10 22:25:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/12/12 08:00:54 | 000,012,214 | ---- | M] () -- C:\ComboFix.txt
    [2011/02/27 20:52:23 | 000,020,734 | ---- | M] () -- C:\JavaRa.log
    [2010/03/25 11:59:18 | 000,030,720 | ---- | M] () -- C:\Mary Zylka Resume.doc
    [2008/04/14 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/04/14 03:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/12/12 17:40:03 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/04/06 08:40:04 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2008/02/27 05:05:40 | 000,115,200 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdndrpp.dll
    [2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >
    [2007/02/12 15:58:11 | 000,473,403 | ---- | M] () -- C:\WINDOWS\HP2_1024x768.jpg
    [2008/03/25 17:38:54 | 000,152,632 | ---- | M] () -- C:\WINDOWS\HP3_1024x768.jpg

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2009/04/06 01:24:55 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2009/04/06 01:24:55 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2009/04/06 01:24:55 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2009/04/06 08:41:31 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >
    [2009/10/07 20:40:05 | 000,000,152 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\BCM_DropUserDatabases.txt

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/02/28 20:38:50 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Lorrie\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2009/04/06 08:50:34 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Lorrie\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/12/11 22:52:02 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Lorrie\Desktop\aswMBR.exe
    [2011/12/12 07:03:54 | 004,336,613 | R--- | M] (Swearware) -- C:\Documents and Settings\Lorrie\Desktop\ComboFix.exe
    [2011/12/11 00:19:06 | 006,480,192 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Lorrie\Desktop\HitmanPro35.exe
    [2011/12/12 17:48:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lorrie\Desktop\OTL.exe
    [2011/12/11 00:53:37 | 013,474,504 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Lorrie\Desktop\SUPERAntiSpyware.exe
    [2011/02/26 19:38:21 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lorrie\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/02/28 20:38:50 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Lorrie\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/12/10 21:27:33 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\FastPics.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/11/06 07:15:41 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Lorrie\Cookies\desktop.ini
    [2011/12/12 17:48:32 | 000,196,608 | -HS- | M] () -- C:\Documents and Settings\Lorrie\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2008/04/14 03:00:00 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 03:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2007/04/03 03:37:24 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2007/04/03 03:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 08:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/14 03:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 09:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/03 03:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/03 03:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/03 03:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2007/04/03 03:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2007/04/03 03:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    < End of report >
     
  25. Halfday24

    Halfday24 TS Rookie Topic Starter Posts: 51

    OTL Extras logfile created on: 12/12/2011 5:51:02 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Lorrie\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.40% Memory free
    3.84 Gb Paging File | 3.36 Gb Available in Paging File | 87.54% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 133.04 Gb Total Space | 110.52 Gb Free Space | 83.08% Space Free | Partition Type: NTFS
    Drive D: | 16.00 Gb Total Space | 10.69 Gb Free Space | 66.82% Space Free | Partition Type: NTFS

    Computer Name: PH10-22-2009 | User Name: Lorrie | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
    "C:\windows\system32\lxdncoms.exe" = C:\windows\system32\lxdncoms.exe:*:Enabled:2600 Series Server -- ( )
    "C:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe" = C:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe:*:Enabled:printer Status Window Interface -- ()
    "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe" = C:\Program Files\Lexmark 2600 Series\lxdnmon.exe:*:Enabled:printer Device Monitor -- ()
    "C:\windows\system32\spool\drivers\w32x86\3\lxdnjswx.exe" = C:\windows\system32\spool\drivers\w32x86\3\lxdnjswx.exe:*:Enabled:Job Status Window Interface -- ()
    "C:\windows\system32\spool\drivers\w32x86\3\lxdntime.exe" = C:\windows\system32\spool\drivers\w32x86\3\lxdntime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
    "C:\Program Files\Lexmark 2600 Series\lxdnlscn.exe" = C:\Program Files\Lexmark 2600 Series\lxdnlscn.exe:*:Enabled: -- ()
    "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
    "{4571CC76-42C4-7D67-E024-0AEB166E1C6F}" = Acrobat.com
    "{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
    "{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
    "{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
    "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Digital Editions" = Adobe Digital Editions
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HitmanPro35" = Hitman Pro 3.5
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
    "Lexmark 2600 Series" = Lexmark 2600 Series
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "MSC" = McAfee AntiVirus Plus
    "PDF Complete" = PDF Complete Special Edition
    "SMALLBUSINESSR" = Microsoft Office Small Business 2007
    "TomTom HOME" = TomTom HOME 2.7.3.1894
    "Winmail Opener" = Winmail Opener 1.4
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-765832434-3566525949-56134348-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/12/2011 7:40:33 PM | Computer Name = PH10-22-2009 | Source = MSSQL$MSSMLBIZ | ID = 17049
    Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
    Server\MSSQL.1\MSSQL\LOG\ERRORLOG.5' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.6'
    due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
    preventing SQL Server from reading the files. As a result, errorlog entries may
    be lost and it may not be possible to view some SQL Server errorlogs. Make sure
    no other processes have locked the file with write-only access."

    Error - 12/12/2011 7:40:33 PM | Computer Name = PH10-22-2009 | Source = MSSQL$MSSMLBIZ | ID = 17049
    Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
    Server\MSSQL.1\MSSQL\LOG\ERRORLOG.4' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.5'
    due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
    preventing SQL Server from reading the files. As a result, errorlog entries may
    be lost and it may not be possible to view some SQL Server errorlogs. Make sure
    no other processes have locked the file with write-only access."

    Error - 12/12/2011 7:40:33 PM | Computer Name = PH10-22-2009 | Source = MSSQL$MSSMLBIZ | ID = 17049
    Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
    Server\MSSQL.1\MSSQL\LOG\ERRORLOG.3' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.4'
    due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
    preventing SQL Server from reading the files. As a result, errorlog entries may
    be lost and it may not be possible to view some SQL Server errorlogs. Make sure
    no other processes have locked the file with write-only access."

    Error - 12/12/2011 7:40:33 PM | Computer Name = PH10-22-2009 | Source = MSSQL$MSSMLBIZ | ID = 17049
    Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
    Server\MSSQL.1\MSSQL\LOG\ERRORLOG.2' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.3'
    due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
    preventing SQL Server from reading the files. As a result, errorlog entries may
    be lost and it may not be possible to view some SQL Server errorlogs. Make sure
    no other processes have locked the file with write-only access."

    Error - 12/12/2011 7:40:34 PM | Computer Name = PH10-22-2009 | Source = MSSQL$MSSMLBIZ | ID = 17049
    Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
    Server\MSSQL.1\MSSQL\LOG\ERRORLOG.1' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.2'
    due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
    preventing SQL Server from reading the files. As a result, errorlog entries may
    be lost and it may not be possible to view some SQL Server errorlogs. Make sure
    no other processes have locked the file with write-only access."

    Error - 12/12/2011 7:40:34 PM | Computer Name = PH10-22-2009 | Source = MSSQL$MSSMLBIZ | ID = 17049
    Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
    Server\MSSQL.1\MSSQL\LOG\ERRORLOG' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.1'
    due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
    preventing SQL Server from reading the files. As a result, errorlog entries may
    be lost and it may not be possible to view some SQL Server errorlogs. Make sure
    no other processes have locked the file with write-only access."

    Error - 12/12/2011 7:40:50 PM | Computer Name = PH10-22-2009 | Source = MSSQL$MSSMLBIZ | ID = 17207
    Description = FCB::Open: Operating system error 5(Access is denied.) occurred while
    creating or opening file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf'.
    Diagnose and correct the operating system error, and retry the operation.

    Error - 12/12/2011 7:40:50 PM | Computer Name = PH10-22-2009 | Source = MSSQL$MSSMLBIZ | ID = 17204
    Description = FCB::Open failed: Could not open file c:\Program Files\Microsoft SQL
    Server\MSSQL.1\MSSQL\DATA\master.mdf for file number 1. OS error: 5(Access is
    denied.).

    Error - 12/12/2011 7:40:50 PM | Computer Name = PH10-22-2009 | Source = MSSQL$MSSMLBIZ | ID = 17207
    Description = FCB::Open: Operating system error 5(Access is denied.) occurred while
    creating or opening file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf'.
    Diagnose and correct the operating system error, and retry the operation.

    Error - 12/12/2011 7:40:50 PM | Computer Name = PH10-22-2009 | Source = MSSQL$MSSMLBIZ | ID = 17204
    Description = FCB::Open failed: Could not open file c:\Program Files\Microsoft SQL
    Server\MSSQL.1\MSSQL\DATA\mastlog.ldf for file number 2. OS error: 5(Access is
    denied.).

    [ OSession Events ]
    Error - 3/31/2010 4:15:41 AM | Computer Name = PH10-22-2009 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 18100
    seconds with 240 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 12/12/2011 9:33:01 AM | Computer Name = PH10-22-2009 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService
    service to connect.

    Error - 12/12/2011 9:33:01 AM | Computer Name = PH10-22-2009 | Source = Service Control Manager | ID = 7000
    Description = The lxdnCATSCustConnectService service failed to start due to the
    following error: %%1053

    Error - 12/12/2011 9:33:01 AM | Computer Name = PH10-22-2009 | Source = Service Control Manager | ID = 7024
    Description = The SQL Server (MSSMLBIZ) service terminated with service-specific
    error 3417 (0xD59).

    Error - 12/12/2011 9:38:16 AM | Computer Name = PH10-22-2009 | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x800706ba: Microsoft SQL Server 2005 Express Edition Service Pack 4
    (KB2463332).

    Error - 12/12/2011 9:48:59 AM | Computer Name = PH10-22-2009 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService
    service to connect.

    Error - 12/12/2011 9:48:59 AM | Computer Name = PH10-22-2009 | Source = Service Control Manager | ID = 7000
    Description = The lxdnCATSCustConnectService service failed to start due to the
    following error: %%1053

    Error - 12/12/2011 9:48:59 AM | Computer Name = PH10-22-2009 | Source = Service Control Manager | ID = 7024
    Description = The SQL Server (MSSMLBIZ) service terminated with service-specific
    error 3417 (0xD59).

    Error - 12/12/2011 7:40:55 PM | Computer Name = PH10-22-2009 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService
    service to connect.

    Error - 12/12/2011 7:40:55 PM | Computer Name = PH10-22-2009 | Source = Service Control Manager | ID = 7000
    Description = The lxdnCATSCustConnectService service failed to start due to the
    following error: %%1053

    Error - 12/12/2011 7:40:55 PM | Computer Name = PH10-22-2009 | Source = Service Control Manager | ID = 7024
    Description = The SQL Server (MSSMLBIZ) service terminated with service-specific
    error 3417 (0xD59).


    < End of report >
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...