WiredWX Hobby Weather ToolsLog in

 


Red X (cross) icon by C: drive

2 posters

descriptionSolvedRed X (cross) icon by C: drive

more_horiz
I've tried to search the forum for this issue but couldn't find anything. I am working on a computer whose onboard LAN port is not working (not found in Device Manager) I have put in a PCI Network Card. That was recognized and is working. The machine does not seem to be running as fast as I think it should be, although it isn't bad. It is using XP SP3 with WebRoot AntiVirus with SpySweeper.
When working on this I noticed a red X icon in front of the C: drive when I explore or use My Computer. In searching the web I found mention of this being a result of the Vundo virus.
I installed, updated and ran Malwarebytes and CCleaner. I did a full scan (just to be sure) and nothing was found. I cleaned what was found by CCleaner.
I ran HiJack This and the report follows.
I have 2 questions--1. Could anything listed be responsible for the onboard LAN port not working? 2. Is there still some sort of virus/malware that is still on the machine that is not picked up by the updated WebRoot and MBAM that would be causing the Red X? If not, how can I get rid of that red X?

Thanks for the help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:39:57 AM, on 11/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://frontier.my.yahoo.com/?_bc=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ShopAtHomeIEHelper - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O3 - Toolbar: ShopAtHome Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] "SOUNDMAN.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Live OneCare Health Monitor (OcHealthMon) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe (file missing)
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 6824 bytes

descriptionSolvedRe: Red X (cross) icon by C: drive

more_horiz
Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionSolvedOTL.txt file

more_horiz
OTL logfile created on: 11/11/2010 6:33:57 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.00 Mb Total Physical Memory | 181.00 Mb Available Physical Memory | 47.00% Memory free
916.00 Mb Paging File | 579.00 Mb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.39 Gb Total Space | 72.46 Gb Free Space | 81.98% Space Free | Partition Type: NTFS
Drive D: | 4.76 Gb Total Space | 2.71 Gb Free Space | 56.97% Space Free | Partition Type: FAT32

Computer Name: PAULASUBEN | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/11 18:33:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
PRC - [2010/05/17 14:15:36 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2009/11/06 14:20:10 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/11/06 11:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/11/06 11:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/08 16:52:06 | 000,074,672 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
PRC - [2007/02/08 16:51:54 | 000,058,288 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\LXCZbmon.exe
PRC - [2007/02/08 16:50:33 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxczcoms.exe
PRC - [2007/01/06 14:22:36 | 000,050,792 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1131383480\EE\aolsoftware.exe
PRC - [2005/11/07 11:00:18 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2005/09/26 17:07:00 | 000,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005/06/06 22:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2004/10/15 14:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 14:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe


========== Modules (SafeList) ==========

MOD - [2010/11/11 18:33:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2005/09/18 10:32:00 | 001,466,368 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2005/09/18 10:32:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe -- (OcHealthMon)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/05/17 14:15:36 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/11/06 11:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2007/02/08 16:50:33 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxczcoms.exe -- (lxcz_device)
SRV - [2005/11/07 11:00:18 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2004/10/15 14:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\rt2870.sys -- (rt2870)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\BW2NDIS5.sys -- (BW2NDIS5)
DRV - [2009/11/06 11:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 11:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 11:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2006/11/20 07:44:36 | 000,056,728 | ---- | M] (Aluria Software, a division of EarthLink, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADSFilter.sys -- (ADSFilter) ADSFilter - (EarthLink Filter Driver)
DRV - [2005/11/07 11:11:57 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/09/26 17:07:00 | 003,644,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/09/18 10:32:00 | 003,493,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/08/12 14:31:12 | 000,098,432 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/07/29 19:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 19:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/11/15 19:41:54 | 000,036,804 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/06/17 16:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 16:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 16:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 14:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/29 14:24:42 | 000,033,280 | ---- | M] (DAVICOM Semiconductor, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DM9PCI5.SYS -- (DM9102)
DRV - [2002/05/03 12:56:24 | 000,024,528 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sqcaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [2001/08/17 22:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 22:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 22:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 22:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 22:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 21:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 21:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 21:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 21:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 21:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 21:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 21:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 21:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 21:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 21:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 14:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
DRV - [2001/08/17 12:12:20 | 000,020,573 | ---- | M] (The Linksts Group ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LNE100.SYS -- (pnicII)
DRV - [2001/08/17 12:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://frontier.my.yahoo.com/?_bc=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 4E FE 67 25 1D CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/08 13:21:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/10 08:43:16 | 000,000,000 | ---D | M]

[2010/11/10 08:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/11/10 08:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q3ve6zj8.default\extensions
[2010/11/10 08:44:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q3ve6zj8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/10 08:38:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/05/17 17:05:19 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: bnsf.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Filter\text/html {07851C6A-1C43-41d9-8319-BC89154A8C00} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\awtro.dll) - C:\WINDOWS\System32\awtro.dll File not found
O30 - LSA: Authentication Packages - (ws.common-controls_6595b64144ccf1df) - File not found
O30 - LSA: Security Packages - (indows.common-controls_6595b641) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 12:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O33 - MountPoints2\{457a41d1-ac98-11de-8122-0040caaf485f}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{bd5d32d1-5c90-11d9-926d-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{bd5d32d1-5c90-11d9-926d-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d03084d1-6658-11d9-8f0e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{d03084d1-6658-11d9-8f0e-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/11 01:28:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/11/10 22:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2010/11/10 22:13:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/10 22:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/10 22:05:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/10 08:42:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2010/11/09 13:28:09 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\drivers\ADM8511.SYS
[2010/11/09 13:28:09 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2010/11/09 09:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2010/11/09 00:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/08 23:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/11/08 23:25:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/08 23:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/08 23:25:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/08 23:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/08 23:04:51 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/11/08 23:04:24 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/11/08 23:02:48 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/11/08 21:47:26 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\drivers\LNE100.SYS
[2010/11/08 21:47:26 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2010/11/08 20:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\DAVICOM
[2010/11/08 16:27:41 | 000,033,280 | ---- | C] (DAVICOM Semiconductor, Inc. ) -- C:\WINDOWS\System32\drivers\DM9PCI5.SYS
[2010/11/08 16:27:41 | 000,033,280 | ---- | C] (DAVICOM Semiconductor, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2010/11/08 15:05:36 | 000,000,000 | ---D | C] -- C:\Downloads
[2007/06/17 13:56:10 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczinpa.dll
[2007/06/17 13:56:10 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXCZhcp.dll
[2007/06/17 13:56:09 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczusb1.dll
[2007/06/17 13:56:09 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcziesc.dll
[2007/06/17 13:56:08 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczserv.dll
[2007/06/17 13:56:08 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczprox.dll
[2007/06/17 13:56:07 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczpmui.dll
[2007/06/17 13:56:07 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczlmpm.dll
[2007/06/17 13:56:07 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczpplc.dll
[2007/06/17 13:56:05 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczhbn3.dll
[2007/06/17 13:56:02 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcomc.dll
[2007/06/17 13:56:02 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcomm.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/11 18:25:31 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/11/11 18:25:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/11/11 18:25:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/11/11 18:25:10 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/11 18:24:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/11 18:24:13 | 401,068,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/11 10:36:50 | 001,720,025 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\wlogs_101111-000891_11-11-2010-10.32AM.zip
[2010/11/11 10:36:49 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\PUTTY.RND
[2010/11/11 09:45:45 | 000,001,692 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_LBA3BB4F3FF8D4918B44E246F3845E385.job
[2010/11/11 09:14:55 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/11/11 09:14:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/11/11 01:44:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/11/11 01:44:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/11/11 01:08:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/11/11 01:08:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/11/11 00:37:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/11/11 00:37:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/11/10 22:00:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Scan (FullScan).job
[2010/11/10 10:07:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/11/10 10:07:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/11/10 08:42:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily).job
[2010/11/09 16:41:36 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/11/09 16:41:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/11/09 13:09:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/11/09 13:09:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/11/09 12:41:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/11/09 12:41:17 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/11/09 09:02:50 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/09 08:50:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/11/09 08:50:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/11/09 08:19:09 | 000,476,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/09 01:10:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/11/09 01:10:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/11/09 01:07:51 | 000,344,930 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20101109_010733.reg
[2010/11/09 00:48:48 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/08 23:25:50 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/08 21:44:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/11/08 21:44:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/11/08 16:17:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/11/08 16:17:30 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/11/08 16:05:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/11/08 16:05:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/11/08 15:38:17 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/11/08 15:38:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/11/08 15:33:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/11/08 15:33:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/11/08 15:24:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/11/08 15:24:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/11/08 15:22:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/11/08 15:22:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/11/08 13:21:13 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/11/08 08:07:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/11/08 08:07:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/11/08 08:03:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/11/08 08:03:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/11 10:36:49 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\PUTTY.RND
[2010/11/11 10:35:57 | 001,720,025 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\wlogs_101111-000891_11-11-2010-10.32AM.zip
[2010/11/09 09:02:50 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/09 01:07:42 | 000,344,930 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20101109_010733.reg
[2010/11/09 00:48:48 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/08 23:25:50 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/08 14:57:25 | 401,068,032 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/08 13:21:13 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/21 16:00:28 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\FASTWiz.html
[2010/06/21 14:23:33 | 000,107,963 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\FASTWiz.log
[2009/11/06 11:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2007/06/17 14:03:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2007/06/17 14:03:03 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2007/06/17 13:58:37 | 000,000,475 | ---- | C] () -- C:\WINDOWS\Lexstat.ini
[2007/06/17 13:57:57 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.dll
[2007/06/17 13:57:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2007/06/17 13:57:03 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv7.dll
[2007/06/17 13:57:03 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv6.dll
[2007/06/17 13:57:03 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv5.dll
[2007/06/17 13:57:03 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv4.dll
[2007/06/17 13:57:03 | 000,039,899 | ---- | C] () -- C:\WINDOWS\System32\rtsicis.ini
[2007/06/17 13:56:10 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCZinst.dll
[2007/06/17 13:56:09 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\lxczutil.dll
[2007/01/06 15:47:47 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2007/01/05 16:58:57 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/10/04 06:07:24 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/13 19:07:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/08/16 18:21:46 | 000,000,549 | ---- | C] () -- C:\WINDOWS\DVDFabGold.INI
[2006/08/08 17:52:54 | 000,006,492 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2006/07/22 11:57:06 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/07/01 16:14:36 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/05/06 18:24:06 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/05/03 16:54:40 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/04/15 05:58:07 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/25 16:39:53 | 000,003,932 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\LMLayout.dat
[2006/03/11 10:38:33 | 000,000,069 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/03/04 10:35:16 | 000,000,031 | ---- | C] () -- C:\WINDOWS\album.ini
[2006/02/17 20:19:07 | 000,001,053 | ---- | C] () -- C:\WINDOWS\photoprn.ini
[2006/02/17 20:18:10 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2006/02/11 19:59:24 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\LMCPaper.dat
[2006/02/11 18:54:20 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2006/02/11 18:54:20 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2006/02/11 18:53:56 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2006/02/11 18:53:41 | 000,000,386 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/02/11 18:11:38 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/02/11 17:55:05 | 000,003,932 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\LMLayout.dat
[2006/02/11 12:08:02 | 000,000,019 | ---- | C] () -- C:\WINDOWS\vaLangChoice.ini
[2006/02/11 12:07:26 | 000,000,150 | ---- | C] () -- C:\WINDOWS\System32\LM_SUPPORT.INI
[2005/11/07 11:40:23 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/11/07 11:40:22 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/11/07 11:40:22 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/11/07 11:40:20 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/11/07 11:40:20 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/11/07 11:40:20 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/11/07 11:40:17 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/11/07 11:09:15 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/11/07 11:09:10 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/11/07 11:06:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/27 04:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 10:12:43 | 000,001,420 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 10:12:43 | 000,000,485 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 10:12:30 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/26 10:12:30 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/26 10:12:30 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/26 10:12:30 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/26 10:12:30 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/26 04:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/09/17 09:12:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\TX32.DLL
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/17 15:46:30 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2002/03/13 14:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[1997/09/12 15:41:00 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Eztw32.dll

========== Files - Unicode (All) ==========
[2010/11/10 21:13:06 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\s?stem) -- C:\Documents and Settings\Owner\My Documents\sуstem
[2007/12/11 19:32:40 | 000,000,000 | ---D | M](C:\Program Files\?ecurity) -- C:\Program Files\ѕecurity
[2007/12/11 19:32:40 | 000,000,000 | ---D | M](C:\Program Files\?ecurity) -- C:\Program Files\ѕecurity
[2007/12/09 06:00:49 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\s?stem) -- C:\Documents and Settings\Owner\My Documents\sуstem
(C:\Program Files\?ecurity) -- C:\Program Files\ѕecurity

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe:SummaryInformation

< End of report >

descriptionSolvedExtras. txt file

more_horiz
OTL Extras logfile created on: 11/11/2010 6:33:57 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.00 Mb Total Physical Memory | 181.00 Mb Available Physical Memory | 47.00% Memory free
916.00 Mb Paging File | 579.00 Mb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.39 Gb Total Space | 72.46 Gb Free Space | 81.98% Space Free | Partition Type: NTFS
Drive D: | 4.76 Gb Total Space | 2.71 Gb Free Space | 56.97% Space Free | Partition Type: FAT32

Computer Name: PAULASUBEN | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"8097:TCP" = 8097:TCP:*:Disabled:EarthLink UHP Modem Support

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Disabled:AOL -- (America Online Inc.)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\1131383480\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1131383480\EE\AOLServiceHost.exe:*:Disabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Disabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Disabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Disabled:AOLTsMon -- (America Online, Inc)
"C:\WINDOWS\system32\lxczcoms.exe" = C:\WINDOWS\system32\lxczcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Disabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Disabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Disabled:IncrediMail -- File not found
"C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5MHTHXHX\incredimail_install[1].exe" = C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5MHTHXHX\incredimail_install[1].exe:*:Disabled:IncrediMail Installer -- File not found
"C:\WINDOWS\system32\osxjiiup.exe" = C:\WINDOWS\system32\osxjMAIL\BIN\IMAPP.EXE -- File not found
"C:\WINDOWS\system32\pjthfkdf.exe" = C:\WINDOWS\system32\pjthmail\bin\imapp.exe -- File not found
"E:\Release\Frontier.exe" = E:\Release\Frontier.exe:*:Enabled:Frontier Gateway Installation Wizard -- File not found
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07B1BDFB-2596-426B-89E9-E82BF8D3BBED}" = EarthLink Common Authentication
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Webroot AntiVirus with Spy Sweeper
"{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC
"{24F009D2-7A41-4534-BA08-160E1E7E0DDB}" = msxml4SP2
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{53661815-565E-4553-9D1A-D0666336B1C9}" = ArcSoft Software Suite
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{7A724058-2D43-11D6-AD5B-00105AE20051}" = ViewAhead Photo Center
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{920BECA3-0C85-4E56-AA3C-4367859F3FBF}" = Protection Control Center
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5B68275-CC72-4F25-95C3-EDF2F4A49BB4}" = Perfect Scrapbook Maker
"{D9E09B07-6C95-11D5-AEBB-00606E910201}" = DM9XInst
"{F033B55E-54FA-46AD-8B7E-3EF65A6E9D7A}" = Hallmark Card Studio 2005
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"225af9a1-b556-11d5-94aa-0010b5426419" = MyDSC_CIF
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DVDFab Platinum_is1" = DVDFab Platinum 2.62
"Eyles_Comprehensive_Review" = Eyles 15e
"Hallmark Card Studio" = Hallmark Card Studio
"HijackThis" = HijackThis 1.99.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{24F009D2-7A41-4534-BA08-160E1E7E0DDB}" = msxml4SP2
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"Lexmark 1200 Series" = Lexmark 1200 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NCLEX Questions" = NCLEX Questions
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"SelectRebatesUninstall" = ShopAtHome SelectRebates
"Simplified Family Legal Forms Kit" = Simplified Family Legal Forms Kit
"The Print Shop 6.0" = The Print Shop®
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9863F141-7A33-4c9a-A5F2-96996461B216}" = KODAK EASYSHARE Gallery Easy Upload, v2.1
"{DAF8B012-D559-4B8D-95C0-D98E1172E5C3}" = My Wal-Mart Digital Photo Center
"GoToMeeting" = GoToMeeting 2.0.0.127
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/11/2010 2:47:22 AM | Computer Name = PAULASUBEN | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 11/11/2010 3:14:49 AM | Computer Name = PAULASUBEN | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 11/11/2010 3:14:53 AM | Computer Name = PAULASUBEN | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 11/11/2010 10:59:49 AM | Computer Name = PAULASUBEN | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 11/11/2010 10:59:53 AM | Computer Name = PAULASUBEN | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 11/11/2010 11:16:21 AM | Computer Name = PAULASUBEN | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 11/11/2010 11:16:26 AM | Computer Name = PAULASUBEN | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 11/11/2010 8:27:59 PM | Computer Name = PAULASUBEN | Source = nview_info | ID = 11141121
Description =

Error - 11/11/2010 8:29:06 PM | Computer Name = PAULASUBEN | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 11/11/2010 8:29:11 PM | Computer Name = PAULASUBEN | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

[ System Events ]
Error - 11/9/2010 6:40:58 PM | Computer Name = PAULASUBEN | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 11/10/2010 10:36:36 AM | Computer Name = PAULASUBEN | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 11/10/2010 7:27:32 PM | Computer Name = PAULASUBEN | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 11/10/2010 9:07:33 PM | Computer Name = PAULASUBEN | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 11/10/2010 9:12:44 PM | Computer Name = PAULASUBEN | Source = System Error | ID = 1003
Description = Error code 00000077, parameter1 c000000e, parameter2 c000000e, parameter3
00000000, parameter4 00778000.

Error - 11/11/2010 2:43:32 AM | Computer Name = PAULASUBEN | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 11/11/2010 3:10:34 AM | Computer Name = PAULASUBEN | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 11/11/2010 10:55:23 AM | Computer Name = PAULASUBEN | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.254.5 for the Network Card with network
address 0080AD071F06 has been denied by the DHCP server 192.168.254.254 (The DHCP
Server sent a DHCPNACK message).

Error - 11/11/2010 10:55:44 AM | Computer Name = PAULASUBEN | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 11/11/2010 8:24:51 PM | Computer Name = PAULASUBEN | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2


< End of report >

descriptionSolvedRe: Red X (cross) icon by C: drive

more_horiz
Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
    O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\awtro.dll) - C:\WINDOWS\System32\awtro.dll File not found
    O30 - LSA: Authentication Packages - (ws.common-controls_6595b64144ccf1df) - File not found
    O30 - LSA: Security Packages - (indows.common-controls_6595b641) - File not found

    :files
    C:\sqmdata**.sqm
    C:\sqmnoopt**.sqm

    :commands
    [purity]
    [emptytemp]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

descriptionSolvedfix log

more_horiz
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\awtro.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:ws.common-controls_6595b64144ccf1df deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:indows.common-controls_6595b641 deleted successfully.
========== FILES ==========
C:\sqmdata00.sqm moved successfully.
C:\sqmdata01.sqm moved successfully.
C:\sqmdata02.sqm moved successfully.
C:\sqmdata03.sqm moved successfully.
C:\sqmdata04.sqm moved successfully.
C:\sqmdata05.sqm moved successfully.
C:\sqmdata06.sqm moved successfully.
C:\sqmdata07.sqm moved successfully.
C:\sqmdata08.sqm moved successfully.
C:\sqmdata09.sqm moved successfully.
C:\sqmdata10.sqm moved successfully.
C:\sqmdata11.sqm moved successfully.
C:\sqmdata12.sqm moved successfully.
C:\sqmdata13.sqm moved successfully.
C:\sqmdata14.sqm moved successfully.
C:\sqmdata15.sqm moved successfully.
C:\sqmdata16.sqm moved successfully.
C:\sqmdata17.sqm moved successfully.
C:\sqmdata18.sqm moved successfully.
C:\sqmdata19.sqm moved successfully.
C:\sqmnoopt00.sqm moved successfully.
C:\sqmnoopt01.sqm moved successfully.
C:\sqmnoopt02.sqm moved successfully.
C:\sqmnoopt03.sqm moved successfully.
C:\sqmnoopt04.sqm moved successfully.
C:\sqmnoopt05.sqm moved successfully.
C:\sqmnoopt06.sqm moved successfully.
C:\sqmnoopt07.sqm moved successfully.
C:\sqmnoopt08.sqm moved successfully.
C:\sqmnoopt09.sqm moved successfully.
C:\sqmnoopt10.sqm moved successfully.
C:\sqmnoopt11.sqm moved successfully.
C:\sqmnoopt12.sqm moved successfully.
C:\sqmnoopt13.sqm moved successfully.
C:\sqmnoopt14.sqm moved successfully.
C:\sqmnoopt15.sqm moved successfully.
C:\sqmnoopt16.sqm moved successfully.
C:\sqmnoopt17.sqm moved successfully.
C:\sqmnoopt18.sqm moved successfully.
C:\sqmnoopt19.sqm moved successfully.
========== COMMANDS ==========
C:\Program Files\ѕecurity folder moved successfully.
C:\Documents and Settings\Owner\My Documents\sуstem folder moved successfully.

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 50619071 bytes
->Temporary Internet Files folder emptied: 458679 bytes
->FireFox cache emptied: 3383710 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 599336 bytes
->Flash cache emptied: 300 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: Owner
->Temp folder emptied: 45253577 bytes
->Temporary Internet Files folder emptied: 27986062 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 23726951 bytes
->Flash cache emptied: 6181 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 4900 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 475 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 36476474 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 137112 bytes
RecycleBin emptied: 1607846 bytes

Total Files Cleaned = 182.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11112010_193606

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF85AF.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF85BF.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF863B.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF864E.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF8742.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF8752.tmp not found!
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6U2QJ32T\red-x-cross-icon-by-c-drive-t24700[3].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\3R25A6A3\2115340[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

descriptionSolvedRe: Red X (cross) icon by C: drive

more_horiz
Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

descriptionSolvedMBAM log

more_horiz
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5104

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/12/2010 8:20:15 PM
mbam-log-2010-11-12 (20-20-15).txt

Scan type: Quick scan
Objects scanned: 153952
Time elapsed: 9 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionSolvedRe: Red X (cross) icon by C: drive

more_horiz
Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    Red X (cross) icon by C: drive CF_download_FF

    Red X (cross) icon by C: drive CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    Red X (cross) icon by C: drive Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    Red X (cross) icon by C: drive Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionSolvedcombo-fix txt

more_horiz
ComboFix 10-11-12.06 - Owner 11/13/2010 22:58:57.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.157 [GMT -6:00]
Running from: c:\downloads\Combo-Fix.exe
AV: Webroot AntiVirus with Spy Sweeper *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Uninstall
c:\program files\RcvSystem
c:\program files\SelectRebates
c:\program files\SelectRebates\FFToolbar\chrome.manifest
c:\program files\SelectRebates\FFToolbar\chrome\sahtoolbar.jar
c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
c:\program files\SelectRebates\FFToolbar\install.rdf
c:\program files\SelectRebates\SahImages\SAHS_popuplogo2.gif
c:\program files\SelectRebates\SelectAlerts.dat
c:\program files\SelectRebates\SelectRebates.ini
c:\program files\SelectRebates\SelectRebatesA.dat
c:\program files\SelectRebates\SelectRebatesApi.exe
c:\program files\SelectRebates\SelectRebatesB.dat
c:\program files\SelectRebates\SelectRebatesBT.dat
c:\program files\SelectRebates\SelectRebatesDownload.exe
c:\program files\SelectRebates\SelectRebatesH.dat
c:\program files\SelectRebates\SelectRebatesUninstall.exe
c:\program files\SelectRebates\Toolbar\AddtoList.bmp
c:\program files\SelectRebates\Toolbar\basis.xml
c:\program files\SelectRebates\Toolbar\Basis.xml.dym
c:\program files\SelectRebates\Toolbar\Blank.bmp
c:\program files\SelectRebates\Toolbar\CashBack.bmp
c:\program files\SelectRebates\Toolbar\Coupons.bmp
c:\program files\SelectRebates\Toolbar\GroceryCoupon.bmp
c:\program files\SelectRebates\Toolbar\i_magnifying.bmp
c:\program files\SelectRebates\Toolbar\icons.bmp
c:\program files\SelectRebates\Toolbar\ImageCache\alert-red.bmp
c:\program files\SelectRebates\Toolbar\logo.bmp
c:\program files\SelectRebates\Toolbar\logo_24.bmp
c:\program files\SelectRebates\Toolbar\logo_HotSpots.bmp
c:\program files\SelectRebates\Toolbar\ReviewSite.bmp
c:\program files\SelectRebates\Toolbar\RightControls.dym
c:\program files\SelectRebates\Toolbar\Scissors.bmp
c:\program files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\ndisapi.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOMAINSERVICE
-------\Legacy_NDISRD
-------\Service_NDISRD
-------\Service_usnjsvc


((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
.

2010-11-12 01:46 . 2010-11-14 04:07 4900 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-11-12 01:36 . 2010-11-12 01:36 -------- d-----w- C:\_OTL
2010-11-11 04:24 . 2010-11-11 04:24 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG10
2010-11-11 04:13 . 2010-11-11 04:13 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-11-11 04:08 . 2010-11-11 07:00 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-11-11 04:05 . 2010-11-11 04:07 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-11-09 19:28 . 2001-08-17 18:11 20160 -c--a-w- c:\windows\system32\dllcache\adm8511.sys
2010-11-09 19:28 . 2001-08-17 18:11 20160 ----a-w- c:\windows\system32\drivers\ADM8511.SYS
2010-11-09 15:08 . 2010-11-09 15:11 -------- d-----w- c:\program files\NirSoft
2010-11-09 06:48 . 2010-11-09 06:48 -------- d-----w- c:\program files\CCleaner
2010-11-09 05:26 . 2010-11-09 05:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-11-09 05:25 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-09 05:25 . 2010-11-09 05:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-09 05:25 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-09 05:24 . 2010-11-09 05:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-09 05:04 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-11-09 05:04 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-11-09 05:02 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-09 03:47 . 2001-08-17 18:12 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2010-11-09 03:47 . 2001-08-17 18:12 20573 ----a-w- c:\windows\system32\drivers\LNE100.SYS
2010-11-09 02:08 . 2010-11-09 02:08 -------- d-----w- c:\program files\DAVICOM
2010-11-08 22:27 . 2002-10-29 20:24 33280 -c--a-w- c:\windows\system32\dllcache\dm9pci5.sys
2010-11-08 22:27 . 2002-10-29 20:24 33280 ----a-w- c:\windows\system32\drivers\DM9PCI5.SYS
2010-11-08 21:05 . 2010-11-14 04:12 -------- d-----w- C:\Downloads
2010-11-08 19:11 . 2010-11-08 19:13 -------- d-----w- c:\documents and settings\Administrator
2010-11-08 14:04 . 2010-11-08 14:04 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 18:23 . 2004-08-26 16:11 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-26 16:11 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-26 16:11 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-26 16:11 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-26 16:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-26 16:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-26 16:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-26 16:11 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-26 16:12 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-26 16:12 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-26 16:12 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-26 16:12 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-06-18 15:37 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-26 16:11 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-26 16:12 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-26 16:12 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-11-06 20:14 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"nwiz"="nwiz.exe" [2005-09-18 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"HostManager"="c:\program files\Common Files\AOL\1131383480\ee\AOLSoftware.exe" [2007-01-06 50792]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-11-07 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2005-11-7 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\1131383480\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:*:Disabled:EarthLink UHP Modem Support

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 11:00 AM 29808]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [5/17/2010 2:16 PM 1201640]
S2 OcHealthMon;Windows Live OneCare Health Monitor;"c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe" --> c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [?]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [11/9/2010 1:28 PM 20160]
S3 ADSFilter;ADSFilter - (EarthLink Filter Driver);c:\windows\system32\drivers\ADSFilter.sys [11/20/2006 7:44 AM 56728]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/8/2010 11:25 PM 38224]
S3 pnicII;Linksys Fast Ethernet PCI Card;c:\windows\system32\drivers\LNE100.SYS [11/8/2010 9:47 PM 20573]
.
Contents of the 'Scheduled Tasks' folder

2010-11-11 c:\windows\Tasks\wrSpySweeper_LBA3BB4F3FF8D4918B44E246F3845E385.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-05-17 20:20]

2010-11-11 c:\windows\Tasks\wrSpySweeper_LBA3BB4F3FF8D4918B44E246F3845E385.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-05-17 20:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://frontier.my.yahoo.com/?_bc=1
Trusted Zone: bnsf.com\www
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\q3ve6zj8.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-AOL Fast Start - c:\program files\America Online 9.0\AOL.EXE
SafeBoot-OneCareMP
AddRemove-{D9E09B07-6C95-11D5-AEBB-00606E910201} - c:\program files\DAVICOM\DM9XInst\uninst2k.exe {D9E09B07-6C95-11D5-AEBB-00606E910201} PCI\ WinXP



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-13 23:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-351953409-1454491506-409785693-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1840)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\windows\system32\lxczcoms.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Lexmark 1200 Series\lxczbmon.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2010-11-13 23:16:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-14 05:16

Pre-Run: 77,799,362,560 bytes free
Post-Run: 77,697,187,840 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - F899A156DC9959856644557EBDF7873D

descriptionSolvedWindows OneCare

more_horiz
Combo-Fix finds that Windows Live OneCare is running on this machine. It does not show up in Programs and in doing a search for it, I have tried deleting those instances of it. I also downloaded and ran the removal tool from MS. When I ran Combo-Fix a second time it still shows that OneCare is still active.
I'm not sure if this has affected the results of the Combo-Fix log. Is there another way to get rid of this program?
Thanks

descriptionSolvedRe: Red X (cross) icon by C: drive

more_horiz
Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

descriptionSolvedESET log

more_horiz
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=ab6e282c4dc28f458c6c6c8ffe25b39d
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-11-15 04:10:42
# local_time=2010-11-14 10:10:42 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=72000
# found=8
# cleaned=8
# scan_time=3920
C:\AOL Instant Messenger\AIM.exe Win32/Adware.WBug.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\CompuWorld\SmitfraudFix.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\CompuWorld\adware\PROCESS.EXE Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\CompuWorld\SmitfraudFix\Process.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\CompuWorld\SmitfraudFix\restart.exe Win32/Shutdown.NAA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\setup.exe probably a variant of Win32/Agent.JHVCYJA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\AOL\Installers\ASP 2.0\setup.exe probably a variant of Win32/Agent.JHVCYJA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\MSN Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

descriptionSolvedRe: Red X (cross) icon by C: drive

more_horiz
Hello.
How is the machine running now?

descriptionSolvedRe: Red X (cross) icon by C: drive

more_horiz
Hi,
It seems to be running a bit better. I'm planning on increasing the memory so that will probably help with the speed.
The red X (cross) is still the icon in front of the C: drive. Apparently the removal of the various malware/trojans has not caused it to change back to the usual hard drive icon. Would the Windows OneCare still be on the machine and causing this to happen?
Is there anything else I could/should be doing to make sure the machine is clean?

Thanks for all the help so far.

descriptionSolvedRe: Red X (cross) icon by C: drive

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum