Solved System Error lsass.exe Endpoint is invalid

[Resolved] System Error lsass.exe Endpoint is invalid

I have a Compaq Armada M700. I get the error message in the title when I turn the computer on following the Windows Logo. If click OK and it restarts. I installed my old HD, keyboard, battery, etc into a new M700 shell. The first time I started it up, that's the message I got. There were no problems before I changed it out. I can't go anywhere on it, other than SAFE MODE. I'm on my other computer right now. I'd appreciate any help from a patient person, as I am a beginner with this.

I did run the McAfee Avert Stinger program that looks for the sasser worm, nothing found.

Used my disk repair Windows, no change. Not sure it got to 100% on the repair.

Went to Support Microsoft to the ERRORS and followed the directions to add System Pages entry, no change.

Any help would be greatly appreciated! Thanks, Nana

 

I hope this is what is needed. I'm not up on all this so please bare with me. The instructions were hard for me until someone told me to copy things to a flash drive and use my other computer to post them. Thanks!

DDS (Ver_09-03-16.01) - NTFSx86 MINIMAL
Run by admin at 21:38:32.67 on Sat 04/04/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.63.10 [GMT -6:00]

AV: Authentium Antivirus *On-access scanning enabled* (Outdated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
FW: Authentium Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
G:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://dial.sbc.yahoo.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
BHO: {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LxrAutorun] c:\documents and settings\admin\local settings\application data\lexar media\LxrAutorun.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [AOL Fast Start] "c:\program files\america online 9.0\AOL.EXE" -b
mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe "
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_11\bin\jusched.exe "
mRun: [HostManager] c:\program files\common files\aol\1197059193\ee\AOLSoftware.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\exif launcher\QuickDCF.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\802.11 wireless lan\802.11g wireless cardbus & pci adapter hw.51 v1.00\WlanCU.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm678YYUS
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15-3.cab
DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - hxxp://www.xdrive.com/downloads/std_install/setup.exe
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187813765290
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187813597408
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
Notify: NavLogon - c:\windows\system32\NavLogon.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\rafqfq70.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/
FF - plugin: c:\program files\google\google updater\2.4.1399.3742\npCIDetect13.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 GRFILTER;CS NDIS Driver;c:\windows\system32\drivers\GRFilter.sys [2005-7-11 15548]
S1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-8-26 334984]
S1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-8-26 53896]
S2 GRTdiMon;GR TDI Mon;c:\windows\system32\drivers\GRTdiMon.sys [2005-7-11 20480]
S2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2007-10-7 72672]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\drivers\adsfilter.sys --> c:\windows\system32\drivers\ADSFilter.sys [?]
S3 Maestro;ESS Maestro2E Audio Driver (WDM);c:\windows\system32\drivers\maestro.sys [2002-2-7 162880]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090123.003\naveng.sys [2009-1-23 89104]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090123.003\navex15.sys [2009-1-23 876112]

=============== Created Last 30 ================

2009-03-28 23:00 14 a------- c:\windows\ASSE.dat
2009-03-28 22:59 <DIR> --d----- c:\program files\AdWare SpyWare SE
2009-03-27 15:26 <DIR> --d----- c:\program files\FunWebProducts
2009-03-27 15:26 <DIR> --d----- c:\program files\MyWebSearch
2009-03-27 15:26 <DIR> --d----- c:\program files\AOL Deskbar
2009-03-27 15:26 <DIR> --d----- c:\program files\America Online 9.0
2009-03-27 15:26 <DIR> --d----- c:\program files\AOL Toolbar
2009-03-27 15:25 <DIR> --d----- c:\program files\Lexmark 510 Series
2009-03-27 15:25 <DIR> --d----- c:\program files\common files\aolshare
2009-03-27 15:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ZoomBrowser
2009-03-27 15:23 <DIR> --d----- c:\program files\common files\Kodak
2009-03-07 13:55 <DIR> --d----- c:\program files\Mozilla Firefox(2)

==================== Find3M ====================

2004-10-01 16:00 40,960 a------- c:\program files\Uninstall_CDS.exe
2004-03-12 16:41 1,247 a----r-- c:\program files\1313F7CEFA40277849DD4A77004BE900
2004-03-12 16:41 2,990 a----r-- c:\program files\1F610C23CF3560C43AB3F0B7F19AE662
2004-03-12 16:41 2,843 a----r-- c:\program files\A7B23C02F1C7FFE988BE88822656342B
2004-03-12 16:41 2,671 a----r-- c:\program files\859F009A602138AC88BE88822656342B
2004-03-12 16:41 2,236 a----r-- c:\program files\8B36BBFDE14CD59BFF26C64D82A3994D
2004-03-12 16:41 1,698 a----r-- c:\program files\4990DA9C118BDB1BFF26C64D82A3994D
2004-03-12 16:41 1,657 a----r-- c:\program files\262D89DEADB8DEB8FF26C64D82A3994D
2004-03-12 16:41 1,594 a----r-- c:\program files\7E825E85EB27E4DD257ED8D4E24700E5
2004-03-12 16:41 1,471 a----r-- c:\program files\15027479508C9F0888BE88822656342B
2004-03-12 16:41 953 a----r-- c:\program files\5A683CF2483D9F2AFF26C64D82A3994D
2004-03-12 16:41 1,580 a----r-- c:\program files\312664C7F6492024
2008-09-15 19:09 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091520080916\index.dat

============= FINISH: 21:40:23.78 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/6/2007 6:52:23 AM
System Uptime: 4/3/2009 10:10:13 PM (23 hours ago)

Motherboard: Compaq | | 0538
Processor: Intel Pentium III processor | J1 | 597/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 28 GiB total, 16.043 GiB free.
G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP493: 1/15/2009 3:00:38 AM - Software Distribution Service 3.0
RP494: 1/16/2009 3:00:57 AM - Software Distribution Service 3.0
RP495: 1/17/2009 3:00:58 AM - Software Distribution Service 3.0
RP496: 1/18/2009 3:00:54 AM - Software Distribution Service 3.0
RP497: 1/19/2009 3:00:53 AM - Software Distribution Service 3.0
RP498: 1/20/2009 3:00:55 AM - Software Distribution Service 3.0
RP499: 1/21/2009 3:00:56 AM - Software Distribution Service 3.0
RP500: 1/22/2009 3:00:51 AM - Software Distribution Service 3.0
RP501: 1/23/2009 3:00:51 AM - Software Distribution Service 3.0
RP502: 1/24/2009 3:00:59 AM - Software Distribution Service 3.0
RP503: 1/25/2009 3:00:49 AM - Software Distribution Service 3.0
RP504: 1/25/2009 3:20:05 PM - Software Distribution Service 3.0
RP505: 1/26/2009 3:01:09 AM - Software Distribution Service 3.0
RP506: 1/26/2009 3:26:14 PM - Software Distribution Service 3.0
RP507: 1/27/2009 3:00:46 AM - Software Distribution Service 3.0
RP508: 1/28/2009 3:00:42 AM - Software Distribution Service 3.0
RP509: 1/29/2009 3:00:44 AM - Software Distribution Service 3.0
RP510: 1/30/2009 3:00:44 AM - Software Distribution Service 3.0
RP511: 1/31/2009 3:00:51 AM - Software Distribution Service 3.0
RP512: 2/2/2009 3:00:45 AM - Software Distribution Service 3.0
RP513: 2/3/2009 3:00:47 AM - Software Distribution Service 3.0
RP514: 2/4/2009 3:00:47 AM - Software Distribution Service 3.0
RP515: 2/5/2009 4:38:05 AM - System Checkpoint
RP516: 2/6/2009 3:00:48 AM - Software Distribution Service 3.0
RP517: 2/7/2009 3:00:49 AM - Software Distribution Service 3.0
RP518: 2/8/2009 3:00:53 AM - Software Distribution Service 3.0
RP519: 2/9/2009 3:00:55 AM - Software Distribution Service 3.0
RP520: 2/10/2009 3:00:43 AM - Software Distribution Service 3.0
RP521: 2/11/2009 3:00:52 AM - Software Distribution Service 3.0
RP522: 2/12/2009 3:00:45 AM - Software Distribution Service 3.0
RP523: 2/13/2009 6:43:20 AM - System Checkpoint
RP524: 2/13/2009 4:45:07 PM - Configured IEEE 802.11g Wireless Cardbus/PCI Adapter
RP525: 2/13/2009 4:47:29 PM - Configured IEEE 802.11g Wireless Cardbus/PCI Adapter
RP526: 2/13/2009 5:53:16 PM - Configured IEEE 802.11g Wireless Cardbus/PCI Adapter
RP527: 2/15/2009 3:00:52 AM - Software Distribution Service 3.0
RP528: 2/16/2009 3:00:51 AM - Software Distribution Service 3.0
RP529: 2/17/2009 3:00:40 AM - Software Distribution Service 3.0
RP530: 2/18/2009 3:00:40 AM - Software Distribution Service 3.0
RP531: 2/19/2009 3:00:43 AM - Software Distribution Service 3.0
RP532: 2/19/2009 3:53:15 PM - Restore Operation
RP533: 2/19/2009 5:49:18 PM - Restore Operation
RP534: 2/20/2009 8:50:24 PM - Software Distribution Service 3.0
RP535: 3/7/2009 1:54:30 PM - Restore Operation
RP536: 3/27/2009 3:15:40 PM - Restore Operation

==== Installed Programs ======================

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
AdWare SpyWare SE
Aluria Firewall
AOL Deskbar
AOL Toolbar
AOL Uninstaller
AOL You've Got Pictures Screensaver
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon Digital Camera USB WIA Driver
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCScore
DP Editor Ver.1.0
DVD Solution
e-Watch Camera Viewer
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Exif Launcher Ver.1.0
Exif Viewer Ver.1.1
fflink
Google Updater
Hijackthis 1.99.1
Hotfix for Windows XP (KB952287)
HP Product Detection
IEEE 802.11g Wireless Cardbus/PCI Adapter
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 11
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Lexmark 510 Series
LightScribe 1.4.31.1
LiveUpdate 2.6 (Symantec Corporation)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access 2003 Runtime
Microsoft Office Professional Edition 2003
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multimedia Launcher
My Web Search (Popular Screensavers)
netbrdg
OfotoXMI
PeoplePC Common Authentication
PictureItPostage Designer 1.50
PowerDVD
Pure Networks Port Magic
QuickTime
RealPlayer Basic
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
SFR
SHASTA
skin0001
SKINXSDK
staticcr
Symantec AntiVirus
tooltips
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Viewpoint Media Player
VPRINTOL
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows XP Service Pack 3
WIRELESS
Yahoo! Toolbar

==== End Of File ===========================

Thanks, Nana

 

Hi Nana, sorry for the delay.

The tools I ask you to use will need to be transferred over by Flash/USB drive the same way you used DDS.

Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.


**
Download SDFix or from Here and save it to your Desktop

Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following
:

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows
  icon appears, start tapping the F8 key; for some computers it is the F5 key.
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load
  your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the
  forum).
• Finally paste the contents of the SDFix Report.txt back on the forum with a new HijackThis log

Please download ATF Cleaner by Atribune From Here and save it to your Desktop.
Follow the instructions for the browser you use.
Read the instructions about the cookies. Delete what you do not need.

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache
The rest are optional - if you want to remove the lot, check "Select All ".
Finally click Empty Selected. When you get the "Done Cleaning " message, click OK.
If you use the Firefox or Opera browsers, you can use this program
as a quick way to tidy those up as well.
When you have finished, click on the Exit button in the Main menu.
========================



NEXT**
Please download Malwarebytes' Anti-Malware to your desktop

Additional Link

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* You can also access the log by doing the following:

o Click on the Malwarebytes' Anti-Malware icon to launch the program.
o Click on the Logs tab.
o Click on the log at the bottom of those listed to highlight it.
o Click Open.

Tutorial if needed
http://thespykiller.co.uk/index.php/topic,5946.0.html

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



In your next reply post:
SDFix report.txt
Malwarebytes' Anti-Malware log
New HJT log


You may need several replies to post the requested logs, otherwise they might get cut off.

 

Juliet,

Thanks for the help, no problem with any delay!! Following are the logs you asked for:

SDFix: Version 1.240
Run by admin on Wed 04/08/2009 at 09:52 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 10:23:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\\WINDOWS\\system32\\LEXPPS.EXE "= "C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE "
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL "
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL "
"D:\\AOLSETUP.EXE "= "D:\\AOLSETUP.EXE:*:Enabled:AOL "
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader "
"C:\\Program Files\\America Online 9.0\\waol.exe "= "C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL "
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe "= "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon "
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe "= "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed "
"C:\\Program Files\\Common Files\\AOL\\1197059193\\EE\\AOLServiceHost.exe "= "C:\\Program Files\\Common Files\\AOL\\1197059193\\EE\\AOLServiceHost.exe:*:Enabled:AOL "
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe "= "C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL "
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe "= "C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL "
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe "= "C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL "
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe "= "C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL "
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe "= "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare "
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe "= "C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

Remaining Files :



Files with Hidden Attributes :

Fri 7 Dec 2007 7,606 A..H. --- "C:\TEMP\t4.bak "
Fri 7 Dec 2007 2,387 A..H. --- "C:\TEMP\t4.bak1 "
Fri 7 Dec 2007 10,192 A..H. --- "C:\TEMP\t4.bak2 "
Fri 19 Nov 2004 54,872 A..H. --- "C:\Program Files\America Online 9.0\AOLphx.exe "
Fri 19 Nov 2004 31,832 A..H. --- "C:\Program Files\America Online 9.0\rbm.exe "
Fri 19 Nov 2004 54,872 A..H. --- "C:\System Volume Information\_restore{FA35731E-C864-40F5-AC10-50FE0327CB48}\RP536\A0053923.exe "
Fri 19 Nov 2004 31,832 A..H. --- "C:\System Volume Information\_restore{FA35731E-C864-40F5-AC10-50FE0327CB48}\RP536\A0053992.exe "
Thu 22 Feb 2007 362,264 ...H. --- "C:\Documents and Settings\Admin_2.S-F9F90D40424B4\Local Settings\Temp\AutoDetect.exe "

Finished!

 

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

4/8/2009 11:15:44 AM
mbam-log-2009-04-08 (11-15-43).txt

Scan type: Quick Scan
Objects scanned: 87795
Time elapsed: 8 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 20
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 14
Files Infected: 194

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mywebsearch bar uninstall (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\admin\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\11-08-2007-18-51-13 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Registry Backups (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Registry Backups (Rogue.ErrorKiller) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Uninstall Fun Web Products.dll (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\DataBase.ref (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Log\log_2007_08_31_08_42_08.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Log\log_2007_08_31_08_42_23.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Log\log_2007_10_06_16_40_11.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\11-08-2007-18-51-13\10000.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\11-08-2007-18-51-13\10000.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\11-08-2007-18-51-13\10001.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\11-08-2007-18-51-13\10001.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\11-08-2007-18-51-13\10002.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\11-08-2007-18-51-13\10002.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\11-08-2007-18-51-13\10003.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\11-08-2007-18-51-13\10003.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10000.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10000.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10001.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10001.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10002.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10002.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10003.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10003.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10004.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10004.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10005.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10005.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10006.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10006.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10007.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10007.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10008.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10008.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10009.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10009.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10010.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10010.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10011.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10011.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10012.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10012.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10013.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10013.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10014.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10014.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10015.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10015.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10016.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10016.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10017.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10017.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10018.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10018.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10019.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10019.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10020.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10020.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10021.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10021.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10022.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10022.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10023.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10023.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10024.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Quarantine\28-08-2007-16-56-16\10024.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Settings\CustomScan.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Settings\IgnoreList.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Settings\ScanInfo.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Settings\SelectedFolders.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\AdwareAlert\Settings\Settings.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\AdwareAlert.exe (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Errors.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Results.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Log\2007 Aug 23 - 07_02_48 AM_514.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Log\2007 Aug 23 - 07_02_50 AM_827.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Log\2007 Aug 27 - 05_24_55 PM_681.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Log\2007 Aug 27 - 05_25_03 PM_252.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Log\2007 Aug 27 - 07_19_25 PM_844.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Log\2007 Aug 27 - 07_19_39 PM_734.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Log\2007 Aug 27 - 09_44_24 PM_752.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Log\2007 Aug 27 - 09_44_35 PM_728.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Log\2007 Aug 28 - 04_55_44 PM_960.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Log\2007 Aug 28 - 04_56_00 PM_413.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Log\2007 Aug 29 - 06_59_01 PM_611.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Log\2007 Aug 29 - 06_59_04 PM_395.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Log\2007 Aug 30 - 04_28_18 PM_159.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Log\2007 Aug 30 - 04_28_28 PM_514.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Log\2007 Aug 31 - 03_11_03 PM_922.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Log\2007 Aug 31 - 03_11_11 PM_523.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Log\2007 Aug 31 - 08_42_31 AM_610.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Log\2007 Aug 31 - 08_42_54 AM_653.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Log\2007 Sep 01 - 08_13_24 PM_742.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Log\2007 Sep 01 - 08_13_31 PM_482.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Log\2007 Sep 01 - 11_31_49 AM_174.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Log\2007 Sep 01 - 11_31_56 AM_715.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Log\log_2007_05_24_20_02_40.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Log\log_2007_05_25_07_57_44.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Log\log_2007_05_25_08_15_41.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Log\log_2007_05_25_08_15_47.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Log\log_2007_05_26_16_52_31.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Registry Backups\2007-05-24_20-09-44.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Registry Backups\2007-05-25_08-06-42.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Registry Backups\2007-05-26_06-37-11.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Registry Backups\2007-08-23_07-06-17.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Registry Backups\2007-08-23_08-23-05.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Registry Backups\2007-08-27_17-41-26.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Registry Backups\2007-08-27_21-48-02.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Registry Backups\2007-08-27_21-48-53.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\RegistrySmart\Registry Backups\2007-08-29_19-01-08.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Errors.stg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Results.stg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Aug 03 - 03_30_01 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Aug 04 - 03_30_01 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Aug 09 - 05_50_57 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Aug 09 - 12_19_45 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Aug 10 - 06_44_07 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Aug 10 - 07_18_07 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Aug 10 - 07_18_09 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Aug 11 - 06_50_46 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Aug 12 - 03_30_00 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Aug 13 - 03_47_42 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Aug 14 - 01_42_49 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Aug 14 - 02_38_28 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Aug 14 - 08_12_58 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Aug 15 - 08_43_53 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Aug 16 - 07_45_29 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Aug 17 - 06_53_33 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Aug 22 - 05_01_03 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Aug 22 - 05_11_12 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Aug 22 - 06_43_52 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Aug 22 - 08_27_40 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Aug 22 - 09_22_13 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Aug 27 - 05_24_33 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Aug 27 - 07_19_08 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Aug 27 - 09_44_15 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Aug 28 - 04_55_20 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Aug 29 - 07_35_26 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Aug 29 - 07_35_30 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Aug 30 - 04_28_06 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Aug 31 - 08_42_10 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jul 01 - 03_30_03 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jul 02 - 07_40_35 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jul 03 - 03_30_00 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jul 04 - 03_30_01 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jul 11 - 07_25_04 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jul 15 - 07_30_24 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jul 16 - 03_30_01 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jul 18 - 03_30_01 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jul 22 - 03_30_00 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jul 24 - 07_03_11 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jul 25 - 03_30_00 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jul 29 - 02_44_00 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jul 29 - 02_46_03 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jul 30 - 02_04_37 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jul 30 - 03_30_00 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jul 30 - 12_54_39 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jun 10 - 08_36_49 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jun 11 - 03_30_02 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jun 11 - 08_33_04 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jun 12 - 01_23_14 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jun 12 - 03_30_00 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jun 13 - 08_51_55 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jun 14 - 03_30_01 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jun 14 - 09_29_26 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jun 14 - 09_56_47 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jun 15 - 03_25_55 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jun 15 - 03_30_02 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jun 16 - 05_54_28 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jun 16 - 06_48_56 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jun 17 - 03_30_00 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jun 20 - 05_02_45 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jun 21 - 03_30_01 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jun 23 - 06_39_42 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jun 24 - 03_30_01 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jun 28 - 05_49_20 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jun 29 - 03_30_03 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 Jun 30 - 03_30_03 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 May 26 - 05_40_56 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Log\2007 May 26 - 05_40_58 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Registry Backups\2007-05-26_17-56-44.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Registry Backups\2007-05-26_18-11-45.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Registry Backups\2007-05-26_18-12-11.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Registry Backups\2007-06-12_06-14-31.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Registry Backups\2007-06-17_05-52-01.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Registry Backups\2007-06-17_05-52-27.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Registry Backups\2007-06-26_04-53-57.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Registry Backups\2007-07-04_21-50-19.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Registry Backups\2007-07-19_06-14-06.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Registry Backups\2007-07-25_18-00-38.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Registry Backups\2007-08-04_05-06-24.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Registry Backups\2007-08-12_07-45-38.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Registry Backups\2007-08-29_19-44-19.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Registry Backups\2007-08-29_19-44-53.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Registry Backups\2007-08-29_19-45-13.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Registry Backups\2007-08-29_19-47-09.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Application Data\ErrorKiller\Registry Backups\2007-08-29_19-47-22.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.

 

Logfile of HijackThis v1.99.1
Scan saved at 11:21:27 AM, on 4/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dial.sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe "
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1197059193\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LxrAutorun] C:\Documents and Settings\admin\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.xdrive.com/downloads/std_install/setup.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1187813765290
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1187813597408
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

 

Juliet,
I sent the SDFix, malwarebyte, and new HJT logs! Took me awhile, but task complete!!

Thanks,
Nana

 

Welcome back

Symantec/Norton antivirus and AVG8 antivirus are both on the computer?
If it is this is a bad idea. It will hender fixes we try to make or with tools we need to use.

Please make a decision which to keep and which to uninstall.


Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.




Next**
Check for these below items in your add/remove programs list via the control panel.
Uninstall/delete the ones you find.

ErrorKiller
AdwareAlert
RegistrySmart
Adssite Advanced Toolbar
Adssite Browser Optimizer
Adssite Games Collection
Internet Speed Monitor



NEXT**
Please download OTMoveIt3 by OldTimer and save it to your desktop

• Double-click OTMoveIt3.exe to run it.
• Copy the lines in the codebox below. ( Make sure you include rocesses )

Code:

:Processes
explorer.exe
:Files
C:\TEMP\t4.bak
C:\TEMP\t4.bak1
C:\TEMP\t4.bak2
:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]

• Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

• - Close ALL open windows (especially Internet Explorer!)-
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.




NEXT**
Please download DDS and save it to your desktop.

• Disable any script blocking protection
• Double click dds.scr to run the tool.
• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop.

Please include the contents of both logs in your next reply. The scan will instruct you to post the attach log as an attachment.
No need for that though ..... just post it as you would any other log.



In your next reply post:
OTMoveIt log
DDS.txt


You may need several replies to post the requested logs, otherwise they might get cut off.



How's the computer?

 

Juliet,

Sorry for my delay. I saved OTMoveIt3 and the Processes to my flash drive. When I tried to complete the task on the Compaq, I couldn't get a program to read the Processes. I tried MS Office,Notepad, Wordpad, and Adobe Reader with no luck. I deleted it and saved it again and now it shows up on the flash drive as a document with the adobe reader logo on it. I'll keep working, so please be patient with me!! Thanks, Nana

 

Try to get OTMoveit on the machine

Then you'll probably have to manually type in what I had laid out for it to do and delete.
Becareful to do it exactly as in my previous reply.

 

Juliet,
Just wanted to post this log before I go on. Are all the errors expected, and can I go on? Sorry for not knowing!

Error: Unable to interpret <: Processes> in the current context!
Error: Unable to interpret <explorer.exe> in the current context!
Error: Unable to interpret <: Files> in the current context!
Error: Unable to interpret <C: \ TEMP\ t4.bak> in the current context!
Error: Unable to interpret <C: \ TEMP\ t4.bak1> in the current context!
Error: Unable to interpret <C: \TEMP\ t4.bak2> in the current context!
Error: Unable to interpret <: Commands> in the current context!
Error: Unable to interpret <[ Purity ]> in the current context!
Error: Unable to interpret <[ Start Explorer ]> in the current context!
Error: Unable to interpret <[ Reboot ]> in the current context!

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04082009_175044

 

It means it was typed in wrong.


When you open the OTMoveIt window
right click in the Paste List of Files/Folders to Move

type this in exactly including all : in front of words and brackets [ ] where you see them inclosing words.

rocesses
explorer.exe
:Files
C:\TEMP\t4.bak
C:\TEMP\t4.bak1
C:\TEMP\t4.bak2
:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]

Close ALL open windows (especially Internet Explorer!)-

• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Hope this is better??

Error: Unable to interpret <: Processes> in the current context!
Error: Unable to interpret <explorer.exe> in the current context!
Error: Unable to interpret <: Files> in the current context!
Error: Unable to interpret <C:\TEMP\t4.bak> in the current context!
Error: Unable to interpret <C:\TEMP\t4.bak1> in the current context!
Error: Unable to interpret <C:\TEMP\t4.bak2> in the current context!
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04082009_180724

Files moved on Reboot...

 

DDS (Ver_09-03-16.01) - NTFSx86 NETWORK
Run by admin at 18:23:41.10 on Wed 04/08/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.63.9 [GMT -6:00]

AV: Authentium Antivirus *On-access scanning enabled* (Outdated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
FW: Authentium Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://dial.sbc.yahoo.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
BHO: {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LxrAutorun] c:\documents and settings\admin\local settings\application data\lexar media\LxrAutorun.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [AOL Fast Start] "c:\program files\america online 9.0\AOL.EXE" -b
mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe "
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_11\bin\jusched.exe "
mRun: [HostManager] c:\program files\common files\aol\1197059193\ee\AOLSoftware.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\exif launcher\QuickDCF.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\802.11 wireless lan\802.11g wireless cardbus & pci adapter hw.51 v1.00\WlanCU.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - hxxp://www.xdrive.com/downloads/std_install/setup.exe
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187813765290
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187813597408
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
Notify: NavLogon - c:\windows\system32\NavLogon.dll

============= SERVICES / DRIVERS ===============

R0 GRFILTER;CS NDIS Driver;c:\windows\system32\drivers\GRFilter.sys [2005-7-11 15548]
S1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-8-26 334984]
S1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-8-26 53896]
S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-10-4 185968]
S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-10-4 177776]
S2 GRTdiMon;GR TDI Mon;c:\windows\system32\drivers\GRTdiMon.sys [2005-7-11 20480]
S2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2007-10-7 72672]
S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-11-15 1756912]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\drivers\adsfilter.sys --> c:\windows\system32\drivers\ADSFilter.sys [?]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-10-4 83568]
S3 Maestro;ESS Maestro2E Audio Driver (WDM);c:\windows\system32\drivers\maestro.sys [2002-2-7 162880]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090123.003\naveng.sys [2009-1-23 89104]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090123.003\navex15.sys [2009-1-23 876112]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-11-15 169200]

=============== Created Last 30 ================

2009-04-08 17:36 <DIR> --d----- C:\_OTMoveIt
2009-04-08 10:54 <DIR> --d----- c:\docume~1\admin\applic~1\Malwarebytes
2009-04-08 10:53 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-08 10:53 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-08 10:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-08 10:53 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-08 09:50 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-04-08 09:47 <DIR> --d----- c:\windows\ERUNT
2009-04-08 09:23 <DIR> --d----- C:\SDFix
2009-03-28 23:00 14 a------- c:\windows\ASSE.dat
2009-03-28 22:59 <DIR> --d----- c:\program files\AdWare SpyWare SE
2009-03-27 15:26 <DIR> --d----- c:\program files\AOL Deskbar
2009-03-27 15:26 <DIR> --d----- c:\program files\America Online 9.0
2009-03-27 15:26 <DIR> --d----- c:\program files\AOL Toolbar
2009-03-27 15:25 <DIR> --d----- c:\program files\Lexmark 510 Series
2009-03-27 15:25 <DIR> --d----- c:\program files\common files\aolshare
2009-03-27 15:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ZoomBrowser
2009-03-27 15:23 <DIR> --d----- c:\program files\common files\Kodak

==================== Find3M ====================

2004-10-01 16:00 40,960 a------- c:\program files\Uninstall_CDS.exe
2004-03-12 16:41 1,247 a----r-- c:\program files\1313F7CEFA40277849DD4A77004BE900
2004-03-12 16:41 2,990 a----r-- c:\program files\1F610C23CF3560C43AB3F0B7F19AE662
2004-03-12 16:41 2,843 a----r-- c:\program files\A7B23C02F1C7FFE988BE88822656342B
2004-03-12 16:41 2,671 a----r-- c:\program files\859F009A602138AC88BE88822656342B
2004-03-12 16:41 2,236 a----r-- c:\program files\8B36BBFDE14CD59BFF26C64D82A3994D
2004-03-12 16:41 1,698 a----r-- c:\program files\4990DA9C118BDB1BFF26C64D82A3994D
2004-03-12 16:41 1,657 a----r-- c:\program files\262D89DEADB8DEB8FF26C64D82A3994D
2004-03-12 16:41 1,594 a----r-- c:\program files\7E825E85EB27E4DD257ED8D4E24700E5
2004-03-12 16:41 1,471 a----r-- c:\program files\15027479508C9F0888BE88822656342B
2004-03-12 16:41 953 a----r-- c:\program files\5A683CF2483D9F2AFF26C64D82A3994D
2004-03-12 16:41 1,580 a----r-- c:\program files\312664C7F6492024
2008-09-15 19:09 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091520080916\index.dat

============= FINISH: 18:25:04.74 ===============

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/6/2007 6:52:23 AM
System Uptime: 4/8/2009 6:11:47 PM (0 hours ago)

Motherboard: Compaq | | 0538
Processor: Intel Pentium III processor | J1 | 597/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 28 GiB total, 16.227 GiB free.
G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP493: 1/15/2009 3:00:38 AM - Software Distribution Service 3.0
RP494: 1/16/2009 3:00:57 AM - Software Distribution Service 3.0
RP495: 1/17/2009 3:00:58 AM - Software Distribution Service 3.0
RP496: 1/18/2009 3:00:54 AM - Software Distribution Service 3.0
RP497: 1/19/2009 3:00:53 AM - Software Distribution Service 3.0
RP498: 1/20/2009 3:00:55 AM - Software Distribution Service 3.0
RP499: 1/21/2009 3:00:56 AM - Software Distribution Service 3.0
RP500: 1/22/2009 3:00:51 AM - Software Distribution Service 3.0
RP501: 1/23/2009 3:00:51 AM - Software Distribution Service 3.0
RP502: 1/24/2009 3:00:59 AM - Software Distribution Service 3.0
RP503: 1/25/2009 3:00:49 AM - Software Distribution Service 3.0
RP504: 1/25/2009 3:20:05 PM - Software Distribution Service 3.0
RP505: 1/26/2009 3:01:09 AM - Software Distribution Service 3.0
RP506: 1/26/2009 3:26:14 PM - Software Distribution Service 3.0
RP507: 1/27/2009 3:00:46 AM - Software Distribution Service 3.0
RP508: 1/28/2009 3:00:42 AM - Software Distribution Service 3.0
RP509: 1/29/2009 3:00:44 AM - Software Distribution Service 3.0
RP510: 1/30/2009 3:00:44 AM - Software Distribution Service 3.0
RP511: 1/31/2009 3:00:51 AM - Software Distribution Service 3.0
RP512: 2/2/2009 3:00:45 AM - Software Distribution Service 3.0
RP513: 2/3/2009 3:00:47 AM - Software Distribution Service 3.0
RP514: 2/4/2009 3:00:47 AM - Software Distribution Service 3.0
RP515: 2/5/2009 4:38:05 AM - System Checkpoint
RP516: 2/6/2009 3:00:48 AM - Software Distribution Service 3.0
RP517: 2/7/2009 3:00:49 AM - Software Distribution Service 3.0
RP518: 2/8/2009 3:00:53 AM - Software Distribution Service 3.0
RP519: 2/9/2009 3:00:55 AM - Software Distribution Service 3.0
RP520: 2/10/2009 3:00:43 AM - Software Distribution Service 3.0
RP521: 2/11/2009 3:00:52 AM - Software Distribution Service 3.0
RP522: 2/12/2009 3:00:45 AM - Software Distribution Service 3.0
RP523: 2/13/2009 6:43:20 AM - System Checkpoint
RP524: 2/13/2009 4:45:07 PM - Configured IEEE 802.11g Wireless Cardbus/PCI Adapter
RP525: 2/13/2009 4:47:29 PM - Configured IEEE 802.11g Wireless Cardbus/PCI Adapter
RP526: 2/13/2009 5:53:16 PM - Configured IEEE 802.11g Wireless Cardbus/PCI Adapter
RP527: 2/15/2009 3:00:52 AM - Software Distribution Service 3.0
RP528: 2/16/2009 3:00:51 AM - Software Distribution Service 3.0
RP529: 2/17/2009 3:00:40 AM - Software Distribution Service 3.0
RP530: 2/18/2009 3:00:40 AM - Software Distribution Service 3.0
RP531: 2/19/2009 3:00:43 AM - Software Distribution Service 3.0
RP532: 2/19/2009 3:53:15 PM - Restore Operation
RP533: 2/19/2009 5:49:18 PM - Restore Operation
RP534: 2/20/2009 8:50:24 PM - Software Distribution Service 3.0
RP535: 3/7/2009 1:54:30 PM - Restore Operation
RP536: 3/27/2009 3:15:40 PM - Restore Operation

==== Installed Programs ======================

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
AdWare SpyWare SE
Aluria Firewall
AOL Deskbar
AOL Toolbar
AOL Uninstaller
AOL You've Got Pictures Screensaver
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon Digital Camera USB WIA Driver
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCScore
DP Editor Ver.1.0
DVD Solution
e-Watch Camera Viewer
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Exif Launcher Ver.1.0
Exif Viewer Ver.1.1
fflink
Google Updater
HijackThis 1.99.1
Hotfix for Windows XP (KB952287)
HP Product Detection
IEEE 802.11g Wireless Cardbus/PCI Adapter
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 11
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Lexmark 510 Series
LightScribe 1.4.31.1
LiveUpdate 2.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access 2003 Runtime
Microsoft Office Professional Edition 2003
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multimedia Launcher
netbrdg
OfotoXMI
PeoplePC Common Authentication
PowerDVD
Pure Networks Port Magic
QuickTime
RealPlayer Basic
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
SFR
SHASTA
skin0001
SKINXSDK
staticcr
Symantec AntiVirus
tooltips
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Viewpoint Media Player
VPRINTOL
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows XP Service Pack 3
WIRELESS

==== Event Viewer Messages From Past Week ========

4/2/2009 9:46:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/1/2009 8:29:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eeCtrl Fips IPSec MRxSmb NetBIOS NetBT P3 RasAcd Rdbss SAVRT SAVRTPEL SYMTDI Tcpip
4/1/2009 8:29:20 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/1/2009 8:29:20 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/1/2009 8:29:20 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/1/2009 8:29:20 PM, error: Service Control Manager [7005] - The LoadUserProfile call failed with the following error: The configuration registry database is corrupt.
4/1/2009 8:28:19 PM, error: ACPI [4] - AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
4/1/2009 8:28:19 PM, error: ACPI [5] - AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
4/3/2009 10:18:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/3/2009 10:27:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
4/6/2009 6:41:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
4/6/2009 7:12:26 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 eeCtrl Fips P3 SAVRT SAVRTPEL SYMTDI
4/8/2009 11:19:10 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
4/8/2009 1:27:14 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips P3 SAVRT SAVRTPEL SYMTDI
4/8/2009 1:54:48 PM, error: E100B [4] - Adapter Intel(R) PRO/100+ MiniPCI: Adapter Link Down

==== End Of File ===========================

I appreciate your patience, Juliet! Thanks

 

Let's see if we can get ComboFix on the computer now.

Again, if you may need to transfer over via Flash/USB drive.

Download Combofix from any of the links below.
Save it to your desktop.

Link 1
Link 2
Link 3


--------------------------------------------------------------------
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

(Click on this link to see a list of programs that should be disabled.)
http://www.bleepingcomputer.com/forums/topic114351.html


Double click on Combo-Fix.exe & follow the prompts.

Please allow ComboFix to install, if needed, Windows Recovery Console. It is a simple procedure that will only take a few moments of your time.

No Validation is Required.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.



** Please Note:
At times ComboFix may appear to stall, please be patient.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Please only run the tool once, ty.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

You may need several replies to post the requested logs, otherwise they might get cut off.

 

Ran OTMove It again, attached is the log:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\TEMP\ t4.bak not found.
File/Folder C:\TEMP\ t4.bak1 not found.
File/Folder C:\TEMP\ t4.bak2 not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04082009_184845

This log looked to me like it accomplished its goal??
Sorry, the computer still boots to the lsass error message.

 

Yes, OTMoveIt carried out as instructed.

Let's see if we can get ComboFix on the computer now.

Again, if you may need to transfer over via Flash/USB drive.

Download Combofix from any of the links below.
Save it to your desktop.

Link 1
Link 2
Link 3


--------------------------------------------------------------------
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

(Click on this link to see a list of programs that should be disabled.)
http://www.bleepingcomputer.com/forums/topic114351.html


Double click on Combo-Fix.exe & follow the prompts.

Please allow ComboFix to install, if needed, Windows Recovery Console. It is a simple procedure that will only take a few moments of your time.

No Validation is Required.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.



** Please Note:
At times ComboFix may appear to stall, please be patient.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Please only run the tool once, ty.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

You may need several replies to post the requested logs, otherwise they might get cut off.

 

Juliet,
I have Combofix installed. I get a message that real time scanners Authentium and Symantec are active. You stated that I could disable them on the tray. I can't see the tray icons in safe mode. Can you tell me how else to access them and shut them down? Thanks for all your effort to help, it's greatly appreciated! Nana