Solved XP Antivirus 2012 malware and Google Redirect

[Halfday24]

Hello:
I am running Windows XP Pro sp3.
I have acquired some malware that I would appreciate your assistance removing from my computer. I ran the Malwarebytes, Gmer, and DDS apps and will include the logs below. However, I believe the Malwarebytes log does not show the fake alert. The first time I ran it, I was able to remove it, however, it's back and now I am not able to run Malwarebytes.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8351

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/11/2011 1:41:03 PM
mbam-log-2011-12-11 (13-41-03).txt

Scan type: Quick scan
Objects scanned: 208925
Time elapsed: 9 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-11 14:28:14
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160318AS rev.HP34
Running: se77ficd.exe; Driver: C:\DOCUME~1\Lorrie\LOCALS~1\Temp\kfddyfog.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9EAA4C0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9EAA4D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9EAA500]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9EAA556]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9EAA4AC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9EAA484]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9EAA498]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9EAA4EA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9EAA52C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9EAA516]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9EAA580]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9EAA56C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9EAA540]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/26/2009 7:19:30 PM
System Uptime: 12/11/2011 1:21:42 PM (0 hours ago)

Motherboard: PEGATRON CORPORATION | | 2A73h
Processor: Intel Pentium III Xeon processor | CPU 1 | 2933/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 133 GiB total, 109.951 GiB free.
D: is FIXED (NTFS) - 16 GiB total, 10.692 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP605: 9/13/2011 3:00:16 AM - Software Distribution Service 3.0
RP606: 9/14/2011 3:00:17 AM - Software Distribution Service 3.0
RP607: 9/15/2011 3:49:22 AM - System Checkpoint
RP608: 9/16/2011 3:00:17 AM - Software Distribution Service 3.0
RP609: 9/17/2011 4:00:07 AM - System Checkpoint
RP610: 9/18/2011 3:00:14 AM - Software Distribution Service 3.0
RP611: 9/19/2011 3:00:14 AM - Software Distribution Service 3.0
RP612: 9/20/2011 3:00:14 AM - Software Distribution Service 3.0
RP613: 9/21/2011 3:00:14 AM - Software Distribution Service 3.0
RP614: 9/22/2011 3:00:14 AM - Software Distribution Service 3.0
RP615: 9/23/2011 3:00:14 AM - Software Distribution Service 3.0
RP616: 9/23/2011 1:46:39 PM - Software Distribution Service 3.0
RP617: 9/25/2011 11:32:01 PM - System Checkpoint
RP618: 9/26/2011 3:00:14 AM - Software Distribution Service 3.0
RP619: 9/27/2011 3:00:14 AM - Software Distribution Service 3.0
RP620: 9/28/2011 3:00:15 AM - Software Distribution Service 3.0
RP621: 9/29/2011 3:00:15 AM - Software Distribution Service 3.0
RP622: 9/30/2011 3:00:14 AM - Software Distribution Service 3.0
RP623: 10/1/2011 3:00:14 AM - Software Distribution Service 3.0
RP624: 10/2/2011 3:00:14 AM - Software Distribution Service 3.0
RP625: 10/3/2011 3:00:14 AM - Software Distribution Service 3.0
RP626: 10/4/2011 3:00:14 AM - Software Distribution Service 3.0
RP627: 10/5/2011 3:00:14 AM - Software Distribution Service 3.0
RP628: 10/6/2011 3:00:14 AM - Software Distribution Service 3.0
RP629: 10/7/2011 3:00:14 AM - Software Distribution Service 3.0
RP630: 10/8/2011 3:00:14 AM - Software Distribution Service 3.0
RP631: 10/9/2011 3:00:14 AM - Software Distribution Service 3.0
RP632: 10/10/2011 3:00:14 AM - Software Distribution Service 3.0
RP633: 10/11/2011 3:00:14 AM - Software Distribution Service 3.0
RP634: 10/12/2011 3:00:14 AM - Software Distribution Service 3.0
RP635: 10/13/2011 3:47:52 AM - System Checkpoint
RP636: 10/13/2011 3:03:29 PM - Software Distribution Service 3.0
RP637: 10/14/2011 3:17:22 PM - System Checkpoint
RP638: 10/15/2011 3:51:10 PM - System Checkpoint
RP639: 10/16/2011 3:00:14 AM - Software Distribution Service 3.0
RP640: 10/17/2011 3:00:14 AM - Software Distribution Service 3.0
RP641: 10/18/2011 3:00:14 AM - Software Distribution Service 3.0
RP642: 10/19/2011 3:00:14 AM - Software Distribution Service 3.0
RP643: 10/20/2011 3:00:14 AM - Software Distribution Service 3.0
RP644: 10/21/2011 3:00:14 AM - Software Distribution Service 3.0
RP645: 10/22/2011 3:00:14 AM - Software Distribution Service 3.0
RP646: 10/23/2011 3:00:14 AM - Software Distribution Service 3.0
RP647: 10/24/2011 3:00:14 AM - Software Distribution Service 3.0
RP648: 10/25/2011 3:00:14 AM - Software Distribution Service 3.0
RP649: 10/26/2011 3:00:15 AM - Software Distribution Service 3.0
RP650: 10/27/2011 3:00:14 AM - Software Distribution Service 3.0
RP651: 10/28/2011 3:00:14 AM - Software Distribution Service 3.0
RP652: 10/29/2011 3:00:14 AM - Software Distribution Service 3.0
RP653: 10/30/2011 3:00:14 AM - Software Distribution Service 3.0
RP654: 10/31/2011 3:00:14 AM - Software Distribution Service 3.0
RP655: 11/1/2011 3:00:15 AM - Software Distribution Service 3.0
RP656: 11/2/2011 3:00:14 AM - Software Distribution Service 3.0
RP657: 11/3/2011 3:00:14 AM - Software Distribution Service 3.0
RP658: 11/4/2011 3:00:14 AM - Software Distribution Service 3.0
RP659: 11/5/2011 3:00:14 AM - Software Distribution Service 3.0
RP660: 11/6/2011 2:00:14 AM - Software Distribution Service 3.0
RP661: 11/6/2011 3:00:14 AM - Software Distribution Service 3.0
RP662: 11/7/2011 3:00:14 AM - Software Distribution Service 3.0
RP663: 11/8/2011 3:00:18 AM - Software Distribution Service 3.0
RP664: 11/9/2011 3:00:14 AM - Software Distribution Service 3.0
RP665: 11/10/2011 3:31:09 AM - System Checkpoint
RP666: 11/11/2011 3:00:13 AM - Software Distribution Service 3.0
RP667: 11/12/2011 3:00:17 AM - Software Distribution Service 3.0
RP668: 11/13/2011 3:00:15 AM - Software Distribution Service 3.0
RP669: 11/14/2011 3:00:14 AM - Software Distribution Service 3.0
RP670: 11/15/2011 3:00:14 AM - Software Distribution Service 3.0
RP671: 11/16/2011 3:00:14 AM - Software Distribution Service 3.0
RP672: 11/17/2011 3:00:13 AM - Software Distribution Service 3.0
RP673: 11/18/2011 3:00:14 AM - Software Distribution Service 3.0
RP674: 11/19/2011 3:00:14 AM - Software Distribution Service 3.0
RP675: 11/20/2011 3:00:14 AM - Software Distribution Service 3.0
RP676: 11/21/2011 3:00:13 AM - Software Distribution Service 3.0
RP677: 11/22/2011 3:00:13 AM - Software Distribution Service 3.0
RP678: 11/23/2011 3:00:14 AM - Software Distribution Service 3.0
RP679: 11/24/2011 3:00:14 AM - Software Distribution Service 3.0
RP680: 11/25/2011 3:00:15 AM - Software Distribution Service 3.0
RP681: 11/26/2011 3:00:14 AM - Software Distribution Service 3.0
RP682: 11/27/2011 3:00:14 AM - Software Distribution Service 3.0
RP683: 11/28/2011 3:00:14 AM - Software Distribution Service 3.0
RP684: 11/29/2011 3:00:14 AM - Software Distribution Service 3.0
RP685: 11/30/2011 3:00:15 AM - Software Distribution Service 3.0
RP686: 12/1/2011 3:00:14 AM - Software Distribution Service 3.0
RP687: 12/2/2011 3:00:16 AM - Software Distribution Service 3.0
RP688: 12/3/2011 3:00:15 AM - Software Distribution Service 3.0
RP689: 12/4/2011 3:00:14 AM - Software Distribution Service 3.0
RP690: 12/5/2011 3:00:14 AM - Software Distribution Service 3.0
RP691: 12/6/2011 3:22:42 AM - System Checkpoint
RP692: 12/7/2011 3:00:15 AM - Software Distribution Service 3.0
RP693: 12/8/2011 3:00:14 AM - Software Distribution Service 3.0
RP694: 12/9/2011 3:00:15 AM - Software Distribution Service 3.0
RP695: 12/10/2011 3:00:15 AM - Software Distribution Service 3.0
RP696: 12/10/2011 8:43:44 PM - Restore Operation
RP697: 12/10/2011 8:47:29 PM - Software Distribution Service 3.0
RP698: 12/11/2011 3:00:23 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1)
Apple Application Support
Apple Software Update
Google Chrome
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952117-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958756)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Backup and Recovery Manager
HP Help and Support
Intel(R) Graphics Media Accelerator Driver
InterVideo WinDVD 8
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) 6 Update 7
Lexmark 2600 Series
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee AntiVirus Plus
McAfee Virtual Technician
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
PDF Complete Special Edition
QuickTime
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Spelling Dictionaries Support For Adobe Reader 9
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Presentation Foundation
Winmail Opener 1.4
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

12/7/2011 7:29:28 PM, error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/7/2011 7:29:28 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/7/2011 7:29:28 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/7/2011 7:29:28 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/7/2011 7:29:28 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/11/2011 2:06:40 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
12/11/2011 12:21:27 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
12/10/2011 8:50:34 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 4 (KB2463332).
12/10/2011 11:42:51 PM, error: Service Control Manager [7024] - The SQL Server (MSSMLBIZ) service terminated with service-specific error 3417 (0xD59).
12/10/2011 11:42:51 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService service to connect.
12/10/2011 11:42:51 PM, error: Service Control Manager [7000] - The lxdnCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/10/2011 11:42:18 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

==== End Of File ===========================


DDS (Ver_10-12-12.02) - NTFSx86
Run by Lorrie at 13:26:29.71 on Sun 12/11/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1315 [GMT -6:00]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\lxdncoms.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Lexmark 2600 Series\ezprint.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Lorrie\Desktop\Malware downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://mail.aol.com/
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //eml:c:\documents and settings\lorrie\local settings\temporary internet files\content.ie5\noyjvooy\A_small_request_by_Friday[1].eml
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111109160617.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\lorrie\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 2600 series\ezprint.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-12-22 464176]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-12-22 89792]
R1 oxpar;%OXPAR.SVCDESC%;c:\windows\system32\drivers\oxpar.sys [2007-1-24 80128]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-2-3 94880]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-12-22 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-12-22 214904]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-12-22 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-12-22 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-12-22 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-12-22 150856]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2009-10-7 635416]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-12-22 57600]
R3 MfeAVFK;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-12-22 180816]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-12-22 338176]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-12-22 83856]
R3 oxmf;OXPCI Bus enumerator;c:\windows\system32\drivers\oxmf.sys [2007-1-24 21888]
R3 Oxmfuf;Filter driver for OX16PCI95x ports;c:\windows\system32\drivers\oxmfuf.sys [2007-1-24 5888]
R3 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\oxser.sys [2007-1-24 70784]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2008-2-27 98984]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2009-10-26 20160]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MfeBOPK;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-12-22 59456]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-12-22 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-12-22 87656]

=============== Created Last 30 ================

2011-12-11 07:04:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-12-11 06:20:58 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-12-11 06:20:57 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-12-11 06:19:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2011-12-11 03:46:49 -------- d-----w- C:\LORRIE TEMP BAD
2011-12-11 02:44:35 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-12-11 02:44:35 -------- d-----w- c:\windows\system32\wbem\Repository

==================== Find3M ====================

2011-10-18 20:32:30 150856 ----a-w- c:\windows\system32\mfevtps.exe
2011-10-13 01:32:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

============= FINISH: 13:27:04.12 ===============

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==========================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Halfday24]

Hello. I downloaded aswMBR, and when I click on it to run, I get an "Open With" window. When I right click on the icon, on the properties tab, at the bottom there is a security notation that says, "This file cam from another computer and might be blocked to help protect this computer." There is a button to unblock. Should I do that? If not, how do I get the app to run?

 

[Broni]

There is a button to unblock. Should I do that?

Yes.

 

[Halfday24]

I clicked on the unblock button, and applied it. The app still will not run. Double click results in the "Open With" window opening.

 

[Broni]

Run this instead....

Download Bootkit Remover to your Desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[Halfday24]

I downloaded it, and when I click on it to run, it too opens up the "Open With" window. It appears that something is blocking my ability to run an exe file.

 

[Broni]

Download and run exeHelper.

• Please download exeHelper from Raktor to your desktop.
• Double-click on exeHelper.com to run the fix.
• A black window should pop up, press any key to close once the fix is completed.
• A log file named log.txt will be created in the directory where you ran exeHelper.com
• Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

 

[Halfday24]

When I try to download the exeHelper, My McAfee Site Adivsor warns that it may be dangerous. However, I continued anyhow. It downloads 99% and then gives a message that says "Error copying file or Folder. Cannot copy exeHelper[1]: Access is denied. Make sure the disk is not full or write-protected and that the fiel is not currently in use."

 

[Broni]

Disable McAfee antivirus and download again.

 

[Halfday24]

I have a McAfee message indicating a risky connection blocked. It's blocking a ping command.
I now get a message that says McAfee has blocked the exehelper file because it contains a Trojan.

 

[Broni]

Read my previous reply.
McAfee is stupidly oversensitive.

 

[Halfday24]

exeHelper by Raktor
Build 20100414
Run at 23:50:01 on 12/11/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

 

[Halfday24]

What do you want me to try to run first?

 

[Broni]

Try aswMBR again.
If that doesn't work then go for Bootkit Remover.
Then Combofix.

 

[Halfday24]

I'm running aswMBR now. How long will that run for? It's been going for about 30 minutes already. And it seems to be stalled on Scanning: C:\Doucments and Settings\All users\Application data\Adobe\ARM\Reader_... I can't read the rest of the line. If the screen saver kicks in, will that kill the application? Every once in awhile I get a single "donk". The hard drive is clicking away. McAfee is activated. Does that need to be disabled while this runs? I have several lines highlighted in red.

 

[Halfday24]

My computer appears to be hung up now. The mouse isn't responding to movement.

 

[Halfday24]

I had to restart the computer. I turned off the screen saver, and let it run. Here is the log:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-12 01:28:13
-----------------------------
01:28:13.562 OS Version: Windows 5.1.2600 Service Pack 3
01:28:13.562 Number of processors: 2 586 0x170A
01:28:13.562 ComputerName: PH10-22-2009 UserName: Lorrie
01:28:16.000 Initialize success
01:28:23.515 AVAST engine defs: 11121102
01:28:57.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
01:28:57.390 Disk 0 Vendor: ST3160318AS HP34 Size: 152627MB BusType: 3
01:28:59.406 Disk 0 MBR read successfully
01:28:59.406 Disk 0 MBR scan
01:28:59.453 Disk 0 unknown MBR code
01:28:59.453 Disk 0 scanning sectors +312576000
01:28:59.515 Disk 0 scanning C:\WINDOWS\system32\drivers
01:29:09.687 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Alureon-AOT [Rtk]
01:29:14.484 Service scanning
01:29:15.562 Modules scanning
01:29:18.828 Module: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys **SUSPICIOUS**
01:29:20.296 Disk 0 trace - called modules:
01:29:20.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x88ce5f10]<<
01:29:20.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89dc7ab8]
01:29:20.312 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x89406030]
01:29:20.312 \Driver\00000449[0x88d6c270] -> IRP_MJ_CREATE -> 0x88ce5f10
01:29:20.734 AVAST engine scan C:\WINDOWS
01:29:35.062 AVAST engine scan C:\WINDOWS\system32
01:32:34.546 AVAST engine scan C:\WINDOWS\system32\drivers
01:32:42.218 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Alureon-AOT [Rtk]
01:32:48.562 AVAST engine scan C:\Documents and Settings\Lorrie
01:39:09.375 AVAST engine scan C:\Documents and Settings\All Users
02:42:29.859 Scan finished successfully
06:59:05.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Lorrie\Desktop\MBR.dat"
06:59:05.937 The log file has been saved successfully to "C:\Documents and Settings\Lorrie\Desktop\aswMBR.txt"

 

[Halfday24]

Results of aswMBR:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-12 01:28:13
-----------------------------
01:28:13.562 OS Version: Windows 5.1.2600 Service Pack 3
01:28:13.562 Number of processors: 2 586 0x170A
01:28:13.562 ComputerName: PH10-22-2009 UserName: Lorrie
01:28:16.000 Initialize success
01:28:23.515 AVAST engine defs: 11121102
01:28:57.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
01:28:57.390 Disk 0 Vendor: ST3160318AS HP34 Size: 152627MB BusType: 3
01:28:59.406 Disk 0 MBR read successfully
01:28:59.406 Disk 0 MBR scan
01:28:59.453 Disk 0 unknown MBR code
01:28:59.453 Disk 0 scanning sectors +312576000
01:28:59.515 Disk 0 scanning C:\WINDOWS\system32\drivers
01:29:09.687 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Alureon-AOT [Rtk]
01:29:14.484 Service scanning
01:29:15.562 Modules scanning
01:29:18.828 Module: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys **SUSPICIOUS**
01:29:20.296 Disk 0 trace - called modules:
01:29:20.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x88ce5f10]<<
01:29:20.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89dc7ab8]
01:29:20.312 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x89406030]
01:29:20.312 \Driver\00000449[0x88d6c270] -> IRP_MJ_CREATE -> 0x88ce5f10
01:29:20.734 AVAST engine scan C:\WINDOWS
01:29:35.062 AVAST engine scan C:\WINDOWS\system32
01:32:34.546 AVAST engine scan C:\WINDOWS\system32\drivers
01:32:42.218 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Alureon-AOT [Rtk]
01:32:48.562 AVAST engine scan C:\Documents and Settings\Lorrie
01:39:09.375 AVAST engine scan C:\Documents and Settings\All Users
02:42:29.859 Scan finished successfully
06:59:05.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Lorrie\Desktop\MBR.dat"
06:59:05.937 The log file has been saved successfully to "C:\Documents and Settings\Lorrie\Desktop\aswMBR.txt"


Results of ComboFix:
ComboFix 11-12-12.01 - Lorrie 12/12/2011 7:34.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1647 [GMT -6:00]
Running from: c:\documents and settings\Lorrie\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB35734$
c:\windows\$NtUninstallKB35734$\1455434601
c:\windows\$NtUninstallKB35734$\3580255984\@
c:\windows\$NtUninstallKB35734$\3580255984\bckfg.tmp
c:\windows\$NtUninstallKB35734$\3580255984\cfg.ini
c:\windows\$NtUninstallKB35734$\3580255984\Desktop.ini
c:\windows\$NtUninstallKB35734$\3580255984\keywords
c:\windows\$NtUninstallKB35734$\3580255984\kwrd.dll
c:\windows\$NtUninstallKB35734$\3580255984\L\ktrspibc
c:\windows\$NtUninstallKB35734$\3580255984\lsflt7.ver
c:\windows\$NtUninstallKB35734$\3580255984\U\00000001.@
c:\windows\$NtUninstallKB35734$\3580255984\U\00000002.@
c:\windows\$NtUninstallKB35734$\3580255984\U\00000004.@
c:\windows\$NtUninstallKB35734$\3580255984\U\80000000.@
c:\windows\$NtUninstallKB35734$\3580255984\U\80000004.@
c:\windows\$NtUninstallKB35734$\3580255984\U\80000032.@
.
Infected copy of c:\windows\system32\drivers\mrxsmb.sys was found and disinfected
Restored copy from - The cat found it
.
((((((((((((((((((((((((( Files Created from 2011-11-12 to 2011-12-12 )))))))))))))))))))))))))))))))
.
.
2011-12-12 13:48 . 2011-12-12 13:48 118784 ----a-w- c:\windows\system32\chg.exe
2011-12-12 13:26 . 2011-07-15 13:29 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-11 07:04 . 2011-12-11 07:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-12-11 06:20 . 2011-12-11 07:56 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-12-11 06:20 . 2011-12-11 06:20 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-12-11 06:19 . 2011-12-11 07:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-12-11 03:46 . 2011-12-11 06:38 -------- d-----w- C:\LORRIE TEMP BAD
2011-12-11 03:27 . 2011-12-11 03:27 -------- d-----w- c:\documents and settings\Master
2011-12-11 02:44 . 2011-12-11 02:44 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-11 02:18 . 2011-12-11 02:18 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-18 20:32 . 2010-12-22 11:52 150856 ----a-w- c:\windows\system32\mfevtps.exe
2011-10-15 19:16 . 2010-12-22 11:52 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 19:16 . 2010-12-22 11:52 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-10-15 19:16 . 2010-12-22 11:52 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-15 19:16 . 2010-12-22 11:52 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-10-15 19:16 . 2010-12-22 11:52 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 19:16 . 2010-12-22 11:52 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 19:16 . 2010-12-22 11:52 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-15 19:16 . 2010-12-22 11:52 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 19:16 . 2010-12-22 11:52 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 19:16 . 2010-12-22 11:52 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-10-13 01:32 . 2011-07-08 00:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2008-04-14 09:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2008-04-14 09:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2008-04-14 09:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2008-04-14 09:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-26 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-26 137752]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-21 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]
"EzPrint"="c:\program files\Lexmark 2600 Series\ezprint.exe" [2008-03-27 107176]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1318552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\windows\\system32\\lxdncoms.exe"=
"c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
"c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [12/22/2010 5:52 AM 89792]
R1 oxpar;%OXPAR.SVCDESC%;c:\windows\system32\drivers\oxpar.sys [1/24/2007 12:28 PM 80128]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2/3/2010 9:58 PM 94880]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/22/2010 5:51 AM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [12/22/2010 5:51 AM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [12/22/2010 5:52 AM 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [12/22/2010 5:52 AM 150856]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [10/7/2009 8:40 PM 635416]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 9:09 PM 11032]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 5:31 AM 92008]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [12/22/2010 5:52 AM 57600]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [12/22/2010 5:52 AM 338176]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/22/2010 5:52 AM 83856]
R3 oxmf;OXPCI Bus enumerator;c:\windows\system32\drivers\oxmf.sys [1/24/2007 12:28 PM 21888]
R3 Oxmfuf;Filter driver for OX16PCI95x ports;c:\windows\system32\drivers\oxmfuf.sys [1/24/2007 12:28 PM 5888]
R3 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\oxser.sys [1/24/2007 12:28 PM 70784]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2/27/2008 5:07 PM 98984]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [10/26/2009 9:43 PM 20160]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/22/2010 5:52 AM 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [12/22/2010 5:52 AM 87656]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-765832434-3566525949-56134348-1009Core.job
- c:\documents and settings\Lorrie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-22 21:27]
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-765832434-3566525949-56134348-1009UA.job
- c:\documents and settings\Lorrie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-22 21:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.aol.com/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //eml:c:\documents and settings\Lorrie\Local Settings\Temporary Internet Files\Content.IE5\NOYJVOOY\A_small_request_by_Friday[1].eml
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-12 07:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3080)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\lxdncoms.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2011-12-12 08:00:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-12 14:00
.
Pre-Run: 117,031,534,592 bytes free
Post-Run: 118,651,691,008 bytes free
.
- - End Of File - - A2D138A51A88D6C6CD3FB785E048A2FC

 

[Broni]

Looks good

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Halfday24]

I'm glad to hear it's looking better. I don't have access to the computer right now, but will be able to run the OTL app in about 5 hours. I will post the logs for you to review when I finish.

 

[Broni]

No problem

 

[Halfday24]

OTL logfile created on: 12/12/2011 5:51:02 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Lorrie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.40% Memory free
3.84 Gb Paging File | 3.36 Gb Available in Paging File | 87.54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 133.04 Gb Total Space | 110.52 Gb Free Space | 83.08% Space Free | Partition Type: NTFS
Drive D: | 16.00 Gb Total Space | 10.69 Gb Free Space | 66.82% Space Free | Partition Type: NTFS

Computer Name: PH10-22-2009 | User Name: Lorrie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/12 17:48:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lorrie\Desktop\OTL.exe
PRC - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\windows\system32\mfevtps.exe
PRC - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/09/16 17:38:10 | 001,318,552 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/11/13 05:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/06/18 10:29:12 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\windows\explorer.exe
PRC - [2008/03/27 09:13:23 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2600 Series\ezprint.exe
PRC - [2008/03/27 09:13:18 | 000,660,136 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
PRC - [2008/02/27 17:07:26 | 000,594,600 | ---- | M] ( ) -- C:\windows\system32\lxdncoms.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/07/10 11:53:08 | 000,872,448 | ---- | M] () -- C:\windows\SMINST\Scheduler.exe


========== Modules (No Company Name) ==========

MOD - [2008/03/27 09:13:18 | 000,660,136 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
MOD - [2008/03/14 23:34:14 | 000,782,336 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdndrs.dll
MOD - [2008/03/14 23:33:42 | 000,380,928 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdnscw.dll
MOD - [2008/02/27 05:05:40 | 000,115,200 | ---- | M] () -- C:\windows\system32\spool\prtprocs\w32x86\lxdndrpp.dll
MOD - [2007/11/20 18:02:39 | 000,782,336 | ---- | M] () -- C:\windows\system32\lxdndrs.dll
MOD - [2007/11/20 17:44:48 | 000,081,920 | ---- | M] () -- C:\windows\system32\lxdncaps.dll
MOD - [2007/11/20 17:44:48 | 000,081,920 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdncaps.dll
MOD - [2007/10/12 20:24:46 | 000,364,544 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\iptk.dll
MOD - [2007/10/02 16:51:09 | 000,069,632 | ---- | M] () -- C:\windows\system32\lxdncnv4.dll
MOD - [2007/10/02 16:51:09 | 000,069,632 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdncnv4.dll
MOD - [2007/05/29 09:39:08 | 000,589,824 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdndatr.dll
MOD - [2006/07/10 11:53:08 | 000,872,448 | ---- | M] () -- C:\windows\SMINST\Scheduler.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\windows\system32\mfevtps.exe -- (mfevtp)
SRV - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/06/23 14:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/11/13 05:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/06/18 10:29:12 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008/02/27 17:07:26 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdncoms.exe -- (lxdn_device)
SRV - [2008/02/27 17:07:14 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/10/15 13:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/10/15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\windows\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/10/15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\windows\system32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2011/10/15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\windows\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/10/15 13:16:16 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\windows\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/10/15 13:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\windows\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/10/15 13:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\windows\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/10/15 13:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/10/15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\windows\system32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2011/10/15 13:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\windows\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2009/06/11 17:34:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 19:04:34 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2008/04/13 19:04:32 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2008/04/13 19:04:30 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2008/04/13 19:04:30 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2008/04/13 19:04:30 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2008/04/13 19:04:30 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2008/04/13 19:04:30 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2008/04/13 19:04:30 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2008/04/13 19:04:28 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2008/04/13 19:04:28 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2008/04/13 19:04:28 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2008/04/13 19:04:28 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2008/04/13 19:04:28 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2008/04/13 19:04:28 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2008/04/13 19:04:28 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2008/01/04 00:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\windows\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/11/06 19:23:56 | 004,622,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\windows\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\windows\system32\drivers\regi.sys -- (regi)
DRV - [2007/01/24 12:28:00 | 000,080,128 | ---- | M] (OEM) [Kernel | System | Running] -- C:\windows\system32\drivers\oxpar.sys -- (oxpar)
DRV - [2007/01/24 12:28:00 | 000,070,784 | ---- | M] (OEM) [Kernel | On_Demand | Running] -- C:\windows\system32\drivers\oxser.sys -- (oxser)
DRV - [2007/01/24 12:28:00 | 000,021,888 | ---- | M] (OEM) [Kernel | On_Demand | Running] -- C:\windows\system32\drivers\oxmf.sys -- (oxmf)
DRV - [2007/01/24 12:28:00 | 000,005,888 | ---- | M] (OEM) [Kernel | On_Demand | Running] -- C:\windows\system32\drivers\oxmfuf.sys -- (Oxmfuf)
DRV - [2002/04/04 08:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2001/08/17 12:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\ADM8511.SYS -- (ADM8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-21-765832434-3566525949-56134348-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.aol.com/
IE - HKU\S-1-5-21-765832434-3566525949-56134348-1009\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-765832434-3566525949-56134348-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://my.screenname.aol.com/"

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/10 16:11:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011/12/12 17:44:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6173\FF\

[2011/02/28 21:52:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lorrie\Application Data\Mozilla\Firefox\Profiles\i6dq6qdt.default\extensions
[2011/02/28 21:52:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Lorrie\Application Data\Mozilla\Firefox\Profiles\i6dq6qdt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\DANISH@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\DE-DE-COMB@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\EN-AU@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\ES-AR@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\ES-ES@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\FI@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\FR@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\FR-FR@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\IT-IT@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-DA@FIREFOX.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-DE@FIREFOX.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-EN-GB@FIREFOX.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-ES-AR@FIREFOX.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-ES-ES@FIREFOX.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-FI@FIREFOX.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-FR@FIREFOX.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-HU@FIREFOX.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-IT@FIREFOX.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-JA@FIREFOX.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-KO@FIREFOX.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-NL@FIREFOX.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-PL@FIREFOX.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-PT-PT@FIREFOX.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-RU@FIREFOX.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\NL-NL@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\PL@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\PT-PT@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\RU@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\SL@DICTIONARIES.ADDONS.MOZILLA.ORG

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\gears.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.131.2_0\McChPlg.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: SiteAdvisor = C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\
CHR - Extension: Poppit = C:\Documents and Settings\Lorrie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/12/12 07:58:19 | 000,000,027 | ---- | M]) - C:\windows\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111109160617.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Recguard] C:\windows\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\windows\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\windows\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-765832434-3566525949-56134348-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-765832434-3566525949-56134348-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-765832434-3566525949-56134348-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-765832434-3566525949-56134348-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{796C7FDE-68DC-4BE8-A52E-A4488C5916E8}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\windows\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Lorrie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lorrie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\windows\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\windows\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/12 17:48:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lorrie\Desktop\OTL.exe
[2011/12/12 17:43:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/12/12 08:00:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/12/12 07:23:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/12 07:23:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/12 07:23:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/12 07:23:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/12 07:23:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/12 07:23:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lorrie\My Documents\My Videos
[2011/12/12 07:23:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lorrie\Start Menu\Programs\Administrative Tools
[2011/12/12 07:03:48 | 004,336,613 | R--- | C] (Swearware) -- C:\Documents and Settings\Lorrie\Desktop\ComboFix.exe
[2011/12/11 23:27:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lorrie\Desktop\bootkit_remover
[2011/12/11 22:51:59 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Lorrie\Desktop\aswMBR.exe
[2011/12/11 13:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lorrie\Desktop\Malware downloads
[2011/12/11 01:04:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/12/11 00:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lorrie\Desktop\New Folder
[2011/12/11 00:53:24 | 013,474,504 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Lorrie\Desktop\SUPERAntiSpyware.exe
[2011/12/11 00:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hitman Pro 3.5
[2011/12/11 00:20:57 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/12/11 00:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/12/11 00:19:06 | 006,480,192 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Lorrie\Desktop\HitmanPro35.exe
[2011/12/10 22:12:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/10 21:46:49 | 000,000,000 | ---D | C] -- C:\LORRIE TEMP BAD
[2011/12/10 20:18:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/10 20:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/11/30 22:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lorrie\My Documents\My Digital Editions
[2011/11/30 22:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
[2009/10/26 21:48:59 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDNhcp.dll
[2008/02/27 17:07:28 | 000,320,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnih.exe
[2008/02/27 17:07:26 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncoms.exe
[2008/02/27 17:07:23 | 000,365,224 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncfg.exe
[2007/11/28 17:19:08 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnpmui.dll
[2007/11/28 17:16:04 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnserv.dll
[2007/11/28 17:13:37 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnlmpm.dll
[2007/11/28 17:13:30 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdniesc.dll
[2007/11/28 17:13:22 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomm.dll
[2007/11/28 17:12:26 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnhbn3.dll
[2007/11/28 17:12:07 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnusb1.dll
[2007/11/28 17:11:47 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomc.dll
[2007/11/28 17:10:51 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnprox.dll
[2007/11/28 17:09:17 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdninpa.dll

 

[Halfday24]

- OTL.txt continued -


========== Files - Modified Within 30 Days ==========

[2011/12/12 17:48:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lorrie\Desktop\OTL.exe
[2011/12/12 17:43:51 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/12/12 17:40:58 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/12 17:40:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/12 07:58:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/12 07:34:03 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-765832434-3566525949-56134348-1009UA.job
[2011/12/12 07:04:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/12 07:03:54 | 004,336,613 | R--- | M] (Swearware) -- C:\Documents and Settings\Lorrie\Desktop\ComboFix.exe
[2011/12/12 06:59:05 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Lorrie\Desktop\MBR.dat
[2011/12/11 23:26:12 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\Lorrie\Desktop\bootkit_remover.zip
[2011/12/11 22:52:02 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Lorrie\Desktop\aswMBR.exe
[2011/12/11 22:34:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-765832434-3566525949-56134348-1009Core.job
[2011/12/11 21:02:44 | 000,013,332 | -HS- | M] () -- C:\Documents and Settings\Lorrie\Local Settings\Application Data\51q1x325g7yxn5t42h4wy
[2011/12/11 21:02:44 | 000,013,332 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\51q1x325g7yxn5t42h4wy
[2011/12/11 01:56:04 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/12/11 00:53:37 | 013,474,504 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Lorrie\Desktop\SUPERAntiSpyware.exe
[2011/12/11 00:47:48 | 000,010,850 | ---- | M] () -- C:\Documents and Settings\Lorrie\My Documents\Hitman log.xml
[2011/12/11 00:20:58 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/12/11 00:19:06 | 006,480,192 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Lorrie\Desktop\HitmanPro35.exe
[2011/12/10 22:25:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/10 20:42:53 | 000,012,816 | -HS- | M] () -- C:\Documents and Settings\Lorrie\Local Settings\Application Data\5q77xb5p14p437
[2011/12/10 20:42:53 | 000,012,816 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\5q77xb5p14p437
[2011/12/07 20:23:42 | 000,001,728 | -H-- | M] () -- C:\Documents and Settings\Lorrie\My Documents\Default.rdp
[2011/11/30 22:45:39 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Digital Editions.lnk
[2011/11/25 09:43:52 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Lorrie\Desktop\Google Chrome.lnk
[2011/11/25 09:43:52 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Lorrie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2011/12/12 07:23:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/12 07:23:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/12 07:23:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/12 07:23:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/12 07:23:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/12 06:59:05 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Lorrie\Desktop\MBR.dat
[2011/12/11 23:26:11 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\Lorrie\Desktop\bootkit_remover.zip
[2011/12/11 19:35:42 | 000,013,332 | -HS- | C] () -- C:\Documents and Settings\Lorrie\Local Settings\Application Data\51q1x325g7yxn5t42h4wy
[2011/12/11 19:35:42 | 000,013,332 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\51q1x325g7yxn5t42h4wy
[2011/12/11 00:47:48 | 000,010,850 | ---- | C] () -- C:\Documents and Settings\Lorrie\My Documents\Hitman log.xml
[2011/12/11 00:20:58 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/12/11 00:20:58 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/12/10 20:20:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/10 20:07:54 | 000,012,816 | -HS- | C] () -- C:\Documents and Settings\Lorrie\Local Settings\Application Data\5q77xb5p14p437
[2011/12/10 20:07:54 | 000,012,816 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5q77xb5p14p437
[2011/11/30 22:45:39 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Digital Editions.lnk
[2011/11/30 22:45:39 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Digital Editions.lnk
[2011/04/24 00:00:02 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Lorrie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/28 21:33:28 | 000,000,731 | ---- | C] () -- C:\WINDOWS\System32\McOEMAppRules.dat
[2010/06/08 20:26:50 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/10/26 21:49:03 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdnrwrd.ini
[2009/10/26 21:48:59 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDNinst.dll
[2009/10/26 21:47:25 | 000,348,160 | R--- | C] () -- C:\WINDOWS\System32\lxdncoin.dll
[2009/10/07 20:50:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/10/07 20:31:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/10/07 20:13:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
[2009/04/06 09:00:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/06 08:51:50 | 000,492,132 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/06 08:51:50 | 000,090,696 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/06 08:48:38 | 000,274,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/06 08:40:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/06 08:35:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/14 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/02/07 14:13:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdngrd.dll
[2007/11/28 11:51:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdnvs.dll
[2007/11/20 18:02:39 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdndrs.dll
[2007/11/20 17:44:48 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdncaps.dll
[2007/10/02 16:51:09 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdncnv4.dll
[2002/05/28 10:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 10:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/05/08 12:12:22 | 000,000,790 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

========== LOP Check ==========

[2010/04/07 14:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/02/28 06:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Foxit Software
[2010/06/08 20:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2009/10/07 20:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2010/03/29 12:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TomTom
[2011/12/11 01:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/12/08 00:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDFC
[2010/03/29 12:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/10/07 20:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2009/10/07 20:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2011/02/28 20:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lorrie\Application Data\Foxit Software
[2009/10/07 20:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lorrie\Application Data\SampleView
[2009/10/07 20:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\SampleView

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/03/23 08:23:20 | 000,051,465 | ---- | M] () -- C:\AR00007168ARR001.J01
[2009/10/26 18:19:02 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/12/10 22:25:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/12/12 08:00:54 | 000,012,214 | ---- | M] () -- C:\ComboFix.txt
[2011/02/27 20:52:23 | 000,020,734 | ---- | M] () -- C:\JavaRa.log
[2010/03/25 11:59:18 | 000,030,720 | ---- | M] () -- C:\Mary Zylka Resume.doc
[2008/04/14 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 03:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/12/12 17:40:03 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/04/06 08:40:04 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/02/27 05:05:40 | 000,115,200 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdndrpp.dll
[2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >
[2007/02/12 15:58:11 | 000,473,403 | ---- | M] () -- C:\WINDOWS\HP2_1024x768.jpg
[2008/03/25 17:38:54 | 000,152,632 | ---- | M] () -- C:\WINDOWS\HP3_1024x768.jpg

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/04/06 01:24:55 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/04/06 01:24:55 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/04/06 01:24:55 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/04/06 08:41:31 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2009/10/07 20:40:05 | 000,000,152 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\BCM_DropUserDatabases.txt

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/02/28 20:38:50 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Lorrie\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/04/06 08:50:34 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Lorrie\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/12/11 22:52:02 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Lorrie\Desktop\aswMBR.exe
[2011/12/12 07:03:54 | 004,336,613 | R--- | M] (Swearware) -- C:\Documents and Settings\Lorrie\Desktop\ComboFix.exe
[2011/12/11 00:19:06 | 006,480,192 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Lorrie\Desktop\HitmanPro35.exe
[2011/12/12 17:48:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lorrie\Desktop\OTL.exe
[2011/12/11 00:53:37 | 013,474,504 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Lorrie\Desktop\SUPERAntiSpyware.exe
[2011/02/26 19:38:21 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lorrie\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/02/28 20:38:50 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Lorrie\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/12/10 21:27:33 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\FastPics.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/11/06 07:15:41 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Lorrie\Cookies\desktop.ini
[2011/12/12 17:48:32 | 000,196,608 | -HS- | M] () -- C:\Documents and Settings\Lorrie\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/14 03:00:00 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 03:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2007/04/03 03:37:24 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2007/04/03 03:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 08:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/14 03:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 09:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/03 03:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/03 03:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/03 03:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007/04/03 03:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/03 03:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

< End of report >

 

[Halfday24]

OTL Extras logfile created on: 12/12/2011 5:51:02 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Lorrie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.40% Memory free
3.84 Gb Paging File | 3.36 Gb Available in Paging File | 87.54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 133.04 Gb Total Space | 110.52 Gb Free Space | 83.08% Space Free | Partition Type: NTFS
Drive D: | 16.00 Gb Total Space | 10.69 Gb Free Space | 66.82% Space Free | Partition Type: NTFS

Computer Name: PH10-22-2009 | User Name: Lorrie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"C:\windows\system32\lxdncoms.exe" = C:\windows\system32\lxdncoms.exe:*:Enabled:2600 Series Server -- ( )
"C:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe" = C:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe:*:Enabledrinter Status Window Interface -- ()
"C:\Program Files\Lexmark 2600 Series\lxdnmon.exe" = C:\Program Files\Lexmark 2600 Series\lxdnmon.exe:*:Enabledrinter Device Monitor -- ()
"C:\windows\system32\spool\drivers\w32x86\3\lxdnjswx.exe" = C:\windows\system32\spool\drivers\w32x86\3\lxdnjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\windows\system32\spool\drivers\w32x86\3\lxdntime.exe" = C:\windows\system32\spool\drivers\w32x86\3\lxdntime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\Program Files\Lexmark 2600 Series\lxdnlscn.exe" = C:\Program Files\Lexmark 2600 Series\lxdnlscn.exe:*:Enabled: -- ()
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{4571CC76-42C4-7D67-E024-0AEB166E1C6F}" = Acrobat.com
"{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Digital Editions" = Adobe Digital Editions
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HitmanPro35" = Hitman Pro 3.5
"ie8" = Windows Internet Explorer 8
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"Lexmark 2600 Series" = Lexmark 2600 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSC" = McAfee AntiVirus Plus
"PDF Complete" = PDF Complete Special Edition
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Winmail Opener" = Winmail Opener 1.4
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-765832434-3566525949-56134348-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/12/2011 7:40:33 PM | Computer Name = PH10-22-2009 | Source = MSSQL$MSSMLBIZ | ID = 17049
Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG.5' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.6'
due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 12/12/2011 7:40:33 PM | Computer Name = PH10-22-2009 | Source = MSSQL$MSSMLBIZ | ID = 17049
Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG.4' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.5'
due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 12/12/2011 7:40:33 PM | Computer Name = PH10-22-2009 | Source = MSSQL$MSSMLBIZ | ID = 17049
Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG.3' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.4'
due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 12/12/2011 7:40:33 PM | Computer Name = PH10-22-2009 | Source = MSSQL$MSSMLBIZ | ID = 17049
Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG.2' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.3'
due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 12/12/2011 7:40:34 PM | Computer Name = PH10-22-2009 | Source = MSSQL$MSSMLBIZ | ID = 17049
Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG.1' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.2'
due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 12/12/2011 7:40:34 PM | Computer Name = PH10-22-2009 | Source = MSSQL$MSSMLBIZ | ID = 17049
Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.1'
due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 12/12/2011 7:40:50 PM | Computer Name = PH10-22-2009 | Source = MSSQL$MSSMLBIZ | ID = 17207
Description = FCB::Open: Operating system error 5(Access is denied.) occurred while
creating or opening file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 12/12/2011 7:40:50 PM | Computer Name = PH10-22-2009 | Source = MSSQL$MSSMLBIZ | ID = 17204
Description = FCB::Open failed: Could not open file c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\DATA\master.mdf for file number 1. OS error: 5(Access is
denied.).

Error - 12/12/2011 7:40:50 PM | Computer Name = PH10-22-2009 | Source = MSSQL$MSSMLBIZ | ID = 17207
Description = FCB::Open: Operating system error 5(Access is denied.) occurred while
creating or opening file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 12/12/2011 7:40:50 PM | Computer Name = PH10-22-2009 | Source = MSSQL$MSSMLBIZ | ID = 17204
Description = FCB::Open failed: Could not open file c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\DATA\mastlog.ldf for file number 2. OS error: 5(Access is
denied.).

[ OSession Events ]
Error - 3/31/2010 4:15:41 AM | Computer Name = PH10-22-2009 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 18100
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/12/2011 9:33:01 AM | Computer Name = PH10-22-2009 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService
service to connect.

Error - 12/12/2011 9:33:01 AM | Computer Name = PH10-22-2009 | Source = Service Control Manager | ID = 7000
Description = The lxdnCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 12/12/2011 9:33:01 AM | Computer Name = PH10-22-2009 | Source = Service Control Manager | ID = 7024
Description = The SQL Server (MSSMLBIZ) service terminated with service-specific
error 3417 (0xD59).

Error - 12/12/2011 9:38:16 AM | Computer Name = PH10-22-2009 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Microsoft SQL Server 2005 Express Edition Service Pack 4
(KB2463332).

Error - 12/12/2011 9:48:59 AM | Computer Name = PH10-22-2009 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService
service to connect.

Error - 12/12/2011 9:48:59 AM | Computer Name = PH10-22-2009 | Source = Service Control Manager | ID = 7000
Description = The lxdnCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 12/12/2011 9:48:59 AM | Computer Name = PH10-22-2009 | Source = Service Control Manager | ID = 7024
Description = The SQL Server (MSSMLBIZ) service terminated with service-specific
error 3417 (0xD59).

Error - 12/12/2011 7:40:55 PM | Computer Name = PH10-22-2009 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService
service to connect.

Error - 12/12/2011 7:40:55 PM | Computer Name = PH10-22-2009 | Source = Service Control Manager | ID = 7000
Description = The lxdnCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 12/12/2011 7:40:55 PM | Computer Name = PH10-22-2009 | Source = Service Control Manager | ID = 7024
Description = The SQL Server (MSSMLBIZ) service terminated with service-specific
error 3417 (0xD59).


< End of report >