Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vista security 2012 virus


  • This topic is locked This topic is locked

#1
remember_jordana

remember_jordana

    Member

  • Member
  • PipPip
  • 61 posts
The Vista home Security 2012 came up on our PC today. Saying the PC was infected by Trojan-BNK.win32.keylogger.gen

The pop-up will not allow any access to the internet without downloading the popup. I am unable to download anything from geekstogo or any other site because of this. I am using our other PC to access the internet for help.

I have tried downloading OTL and Malawarebytes from the clean PC, however, it will not allow me to put it on a cd or pindrive, so that I can move it to the infected PC.

Please help.

Edited by remember_jordana, 19 June 2011 - 10:28 AM.

  • 0

Advertisements


#2
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Are you able to access in the internet on the infected pc?

You can't transfer files on a USB ?
  • 0

#3
remember_jordana

remember_jordana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
I cannot access the internet at all. Internet starts to open the typed in site address (like yahoo.com or geekstogo.com) and automatically redirects to the download for the trojan.

I have tried to download both malwarebytes and OTL to a USB (with my clean PC), both tell me "Cannot be saved to this location".
  • 0

#4
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

have you tried downloading them to your pc first maybe to the desktop then attempt to transfer them to the USB, do not chose the save location while downloading the USB stick.
  • 0

#5
remember_jordana

remember_jordana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
I have downloaded malwarebytes then cut and pasted to USB. Infected PC would not accept file so I changed the name of the .exe to a random name. Infected PC accepted then. Running a Malwarebytes scan now.
  • 0

#6
remember_jordana

remember_jordana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
First, I tried Malwarebytes. It did not find or remove the trojan/virus.

Second, the trojan/virus blocked the extra.txt file (a popup actually came up saying so), so it never showed up with the OTL.txt

I followed these directions for the OTL program:
•Underneath Output at the top change it to Minimal Output.
•Under the Standard Registry box change it to All.
•Check the boxes beside LOP Check and Purity Check.
•Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
◦Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.


Here is the OTL.txt file:

OTL logfile created on: 6/19/2011 5:25:54 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Jennifer\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 67.14% Memory free
5.96 Gb Paging File | 5.15 Gb Available in Paging File | 86.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.09 Gb Total Space | 123.17 Gb Free Space | 42.75% Space Free | Partition Type: NTFS
Drive I: | 963.70 Mb Total Space | 955.59 Mb Free Space | 99.16% Space Free | Partition Type: FAT

Computer Name: JENNIFER-PC | User Name: Jennifer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jennifer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Jennifer\AppData\Local\ari.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()
PRC - C:\Windows\System32\atwtusb.exe ()
PRC - C:\Windows\System32\WTMKM.exe ()
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Lexmark 1200 Series\LXCZbmon.exe (Lexmark International, Inc.)
PRC - C:\Windows\System32\lxczcoms.exe ( )
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Windows\System32\lxcrcoms.exe ( )
PRC - C:\Program Files\Lexmark 2400 Series\lxcrmon.exe ()
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Jennifer\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (ETService) -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()
SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WTService) -- C:\Windows\System32\atwtusb.exe ()
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (accoca) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
SRV - (lxcz_device) -- C:\Windows\System32\lxczcoms.exe ( )
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (lxcr_device) -- C:\Windows\System32\lxcrcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (WUSB54GSCv2.NTx86) -- C:\Windows\System32\drivers\WUSB54GSCV2_X86.sys ()
DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (Alpham1) -- C:\Windows\System32\drivers\Alpham1.sys (Ideazon Corporation)
DRV - (Alpham2) -- C:\Windows\System32\drivers\Alpham2.sys (Ideazon Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...109&m=et1161-07
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...109&m=et1161-07
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKLM\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/20 03:03:22 | 000,000,000 | ---D | M]

[2009/02/23 18:20:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Extensions
[2009/02/23 18:20:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Extensions\[email protected]
[2010/06/08 20:52:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\extensions
[2010/06/08 20:52:07 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010/09/22 03:26:30 | 000,002,040 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchstonicus.xml

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110619164219.dll (McAfee, Inc.)
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [lxcrmon.exe] C:\Program Files\Lexmark 2400 Series\lxcrmon.exe ()
O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MacrokeyManager] C:\Windows\System32\WTMKM.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [3869027225] C:\Users\Jennifer\AppData\Local\ari.exe (Microsoft Corporation)
O4 - HKCU..\Run: [asp70vdviss.exe] File not found
O4 - HKCU..\Run: [ctfmon.exe] C:\Windows\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [jnqbrqnc] File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Ypegogibuxidetay] File not found
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: army.mil ([rw3] https in Trusted sites)
O15 - HKCU\..Trusted Domains: armyfrg.org ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: battle.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: blizzard.com ([us] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://kingsisle.hs...ameLauncher.CAB (Wizard101GameLauncher)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F94859F2-3810-48FA-8403-0E163FD67CAD} https://video.global...idplayer8.2.cab (canvidplayer8ctrl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O27 - HKLM IFEO\brastk.exe: Debugger - svchost.exe (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{10649fd9-71e0-11de-9044-002197aaeb29}\Shell - "" = AutoRun
O33 - MountPoints2\{10649fd9-71e0-11de-9044-002197aaeb29}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Users\Jennifer\AppData\Local\ari.exe" -a "%1" %* (Microsoft Corporation)
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Users\Jennifer\AppData\Local\ari.exe" -a "%1" %* (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/19 17:26:12 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\security
[2011/06/19 17:22:17 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2011/06/19 16:42:18 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2011/06/19 16:41:52 | 000,141,792 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2011/06/19 16:41:36 | 000,164,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2011/06/19 16:41:36 | 000,064,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2011/06/19 16:41:35 | 000,386,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2011/06/19 16:41:35 | 000,313,288 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2011/06/19 16:41:35 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2011/06/19 16:41:34 | 000,152,960 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2011/06/19 16:41:34 | 000,095,600 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2011/06/19 16:41:34 | 000,052,104 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2011/06/19 16:41:33 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2011/06/19 04:56:31 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Users\Jennifer\AppData\Local\ari.exe
[2011/06/18 01:30:35 | 000,465,920 | -H-- | C] (eSafe) -- C:\ProgramData\NrIAdsssyo.exe
[2011/06/17 12:46:58 | 000,000,000 | -H-D | C] -- C:\Windows\System32\Updates
[2011/06/17 12:43:03 | 000,000,000 | -H-D | C] -- C:\Windows\System32\Data
[2011/06/14 00:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/06/14 00:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/06/14 00:24:27 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Conduit
[2011/06/14 00:24:26 | 000,000,000 | ---D | C] -- C:\Program Files\PageRage
[2011/06/14 00:23:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Tarma Installer
[2011/06/14 00:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Runtime
[2011/05/29 23:14:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/29 22:59:18 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\New Folder (2)
[2011/03/01 19:01:41 | 000,413,696 | -H-- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
[2011/03/01 19:01:41 | 000,397,312 | -H-- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
[2011/03/01 19:01:41 | 000,323,584 | -H-- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll
[2011/03/01 19:01:40 | 001,224,704 | -H-- | C] ( ) -- C:\Windows\System32\lxczserv.dll
[2011/03/01 19:01:40 | 000,991,232 | -H-- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
[2011/03/01 19:01:40 | 000,696,320 | -H-- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
[2011/03/01 19:01:40 | 000,643,072 | -H-- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
[2011/03/01 19:01:40 | 000,585,728 | -H-- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
[2011/03/01 19:01:40 | 000,385,968 | -H-- | C] ( ) -- C:\Windows\System32\lxczih.exe
[2011/03/01 19:01:40 | 000,163,840 | -H-- | C] ( ) -- C:\Windows\System32\lxczprox.dll
[2011/03/01 19:01:40 | 000,094,208 | -H-- | C] ( ) -- C:\Windows\System32\lxczpplc.dll
[2011/03/01 19:01:39 | 000,684,032 | -H-- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
[2011/03/01 19:01:39 | 000,537,520 | -H-- | C] ( ) -- C:\Windows\System32\lxczcoms.exe
[2011/03/01 19:01:39 | 000,421,888 | -H-- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
[2011/03/01 19:01:39 | 000,381,872 | -H-- | C] ( ) -- C:\Windows\System32\lxczcfg.exe
[2009/04/27 22:15:57 | 001,224,704 | -H-- | C] ( ) -- C:\Windows\System32\lxcrserv.dll
[2009/04/27 22:15:57 | 000,991,232 | -H-- | C] ( ) -- C:\Windows\System32\lxcrusb1.dll
[2009/04/27 22:15:57 | 000,684,032 | -H-- | C] ( ) -- C:\Windows\System32\lxcrcomc.dll
[2009/04/27 22:15:57 | 000,643,072 | -H-- | C] ( ) -- C:\Windows\System32\lxcrpmui.dll
[2009/04/27 22:15:57 | 000,585,728 | -H-- | C] ( ) -- C:\Windows\System32\lxcrlmpm.dll
[2009/04/27 22:15:57 | 000,537,520 | -H-- | C] ( ) -- C:\Windows\System32\lxcrcoms.exe
[2009/04/27 22:15:57 | 000,421,888 | -H-- | C] ( ) -- C:\Windows\System32\lxcrcomm.dll
[2009/04/27 22:15:57 | 000,413,696 | -H-- | C] ( ) -- C:\Windows\System32\lxcrinpa.dll
[2009/04/27 22:15:57 | 000,397,312 | -H-- | C] ( ) -- C:\Windows\System32\lxcriesc.dll
[2009/04/27 22:15:57 | 000,385,968 | -H-- | C] ( ) -- C:\Windows\System32\lxcrih.exe
[2009/04/27 22:15:57 | 000,323,584 | -H-- | C] ( ) -- C:\Windows\System32\LXCRhcp.dll
[2009/04/27 22:15:57 | 000,163,840 | -H-- | C] ( ) -- C:\Windows\System32\lxcrprox.dll
[2009/04/27 22:15:57 | 000,094,208 | -H-- | C] ( ) -- C:\Windows\System32\lxcrpplc.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/19 17:25:10 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/19 17:25:10 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/19 17:24:00 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B1976C9C-5D04-4CBD-A895-6745F90D2F60}.job
[2011/06/19 17:20:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2011/06/19 17:11:45 | 000,015,782 | -HS- | M] () -- C:\ProgramData\h5j433t77k
[2011/06/19 17:11:41 | 000,015,782 | -HS- | M] () -- C:\Users\Jennifer\AppData\Local\h5j433t77k
[2011/06/19 17:10:09 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/19 17:06:05 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/19 17:06:05 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/19 17:05:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/19 17:05:54 | 3085,422,592 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/19 16:53:02 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/19 10:44:03 | 000,000,120 | ---- | M] () -- C:\Users\Jennifer\AppData\Local\Pkojiyasomiz.dat
[2011/06/19 10:44:03 | 000,000,000 | ---- | M] () -- C:\Users\Jennifer\AppData\Local\Emucalirikijiraz.bin
[2011/06/19 04:56:31 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\Users\Jennifer\AppData\Local\ari.exe
[2011/06/18 10:21:28 | 000,000,794 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/06/18 01:49:18 | 000,000,040 | -H-- | M] () -- C:\ProgramData\~49862524
[2011/06/18 01:48:57 | 000,410,624 | -H-- | M] () -- C:\ProgramData\49862524.exe
[2011/06/18 01:39:35 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/06/18 01:30:34 | 000,465,920 | -H-- | M] (eSafe) -- C:\ProgramData\NrIAdsssyo.exe
[2011/05/24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/19 05:06:41 | 000,015,782 | -HS- | C] () -- C:\Users\Jennifer\AppData\Local\h5j433t77k
[2011/06/19 05:06:41 | 000,015,782 | -HS- | C] () -- C:\ProgramData\h5j433t77k
[2011/06/18 01:49:17 | 000,000,040 | -H-- | C] () -- C:\ProgramData\~49862524
[2011/06/18 01:48:56 | 000,410,624 | -H-- | C] () -- C:\ProgramData\49862524.exe
[2011/03/30 19:31:25 | 000,000,120 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\Pkojiyasomiz.dat
[2011/03/30 19:31:25 | 000,000,000 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\Emucalirikijiraz.bin
[2011/03/01 19:05:05 | 000,000,311 | -H-- | C] () -- C:\Windows\Lexstat.ini
[2011/03/01 19:01:41 | 000,413,696 | -H-- | C] () -- C:\Windows\System32\lxczutil.dll
[2011/03/01 19:01:41 | 000,274,432 | -H-- | C] () -- C:\Windows\System32\LXCZinst.dll
[2010/11/23 11:55:02 | 000,000,552 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\d3d8caps.dat
[2010/02/18 13:32:01 | 000,238,072 | ---- | C] () -- C:\Windows\System32\drivers\WUSB54GSCV2_X86.sys
[2010/02/18 13:32:00 | 000,000,758 | -H-- | C] () -- C:\Windows\System32\WLAN.INI
[2010/01/04 00:51:54 | 000,230,752 | -H-- | C] () -- C:\Windows\patchw32.dll
[2010/01/04 00:51:53 | 000,118,176 | -H-- | C] () -- C:\Windows\patchw.dll
[2009/08/03 01:21:54 | 000,197,912 | -H-- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/07/17 19:44:43 | 000,007,063 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/07/06 22:17:05 | 000,000,114 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\wklnhst.dat
[2009/07/06 20:54:03 | 000,364,192 | -H-- | C] () -- C:\Windows\System32\atwtusb.exe
[2009/07/06 20:54:02 | 001,969,824 | -H-- | C] () -- C:\Windows\System32\WTMKM.exe
[2009/07/06 20:54:02 | 000,045,056 | -H-- | C] () -- C:\Windows\System32\InstallService.exe
[2009/07/06 20:54:01 | 000,180,224 | -H-- | C] () -- C:\Windows\System32\ATWTINK.DLL
[2009/07/06 20:54:01 | 000,102,048 | -H-- | C] () -- C:\Windows\RmTablet.exe
[2009/07/06 20:54:01 | 000,021,784 | -H-- | C] () -- C:\Windows\System32\Photoshop Elements.ini
[2009/07/06 20:54:01 | 000,014,446 | -H-- | C] () -- C:\Windows\System32\PhotoImpact XL SE.ini
[2009/07/06 20:54:01 | 000,011,125 | -H-- | C] () -- C:\Windows\System32\Vista.ini
[2009/07/06 20:54:01 | 000,010,438 | -H-- | C] () -- C:\Windows\System32\XP_2000.INI
[2009/07/06 20:54:01 | 000,000,619 | -H-- | C] () -- C:\Windows\System32\MKProfile.ini
[2009/07/06 20:54:00 | 000,006,874 | ---- | C] () -- C:\Windows\aiptbl.ini
[2009/04/27 22:15:57 | 000,274,432 | -H-- | C] () -- C:\Windows\System32\LXCRinst.dll
[2009/04/27 22:04:45 | 000,000,680 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\d3d9caps.dat
[2009/04/12 14:35:14 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2009/02/28 16:01:14 | 000,000,000 | -H-- | C] () -- C:\Windows\setup32.INI
[2009/02/23 23:33:48 | 000,000,209 | -H-- | C] () -- C:\Windows\ODBCINST.INI
[2009/02/23 23:24:51 | 000,000,000 | -H-- | C] () -- C:\Windows\popcinfo.dat
[2009/02/22 20:27:02 | 000,043,520 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/22 20:13:07 | 000,000,295 | -H-- | C] () -- C:\Windows\wininit.ini
[2009/01/14 13:40:17 | 000,487,424 | -H-- | C] () -- C:\Windows\System32\INT15.dll
[2008/10/29 21:15:35 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/10/29 21:01:46 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/10/29 21:01:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007/02/07 19:58:12 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007/01/22 10:49:34 | 000,344,064 | -H-- | C] () -- C:\Windows\System32\lxczcoin.dll
[2006/11/30 11:32:52 | 000,344,064 | -H-- | C] () -- C:\Windows\System32\lxcrcoin.dll
[2006/11/22 17:16:18 | 000,003,612 | -H-- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 13:50:06 | 000,000,037 | -H-- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,395,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,595,446 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,101,144 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:46:03 | 000,000,009 | -H-- | C] () -- C:\Windows\System32\comsats.sys
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/14 16:01:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcrcaps.dll
[2006/08/08 14:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxcrdrs.dll
[2006/06/07 15:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll
[2006/03/27 13:19:14 | 000,040,960 | -H-- | C] () -- C:\Windows\System32\lxczvs.dll
[2006/03/23 03:33:20 | 000,040,960 | -H-- | C] () -- C:\Windows\System32\lxcrvs.dll
[2006/03/07 13:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll
[2006/01/10 19:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
[2006/01/10 19:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll
[2005/12/20 11:54:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcrcnv4.dll
[1997/11/17 17:13:16 | 000,010,240 | -H-- | C] () -- C:\Windows\System32\vidx16.dll

========== LOP Check ==========

[2011/04/02 04:07:01 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\7BFC6CB9824A6E610F33ECA95451ED4F
[2009/11/20 18:34:29 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Acoustica
[2010/03/20 09:36:15 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\LimeWire
[2010/07/09 13:16:20 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\NeopleLauncherDFO
[2009/02/22 19:31:23 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\PlayFirst
[2010/02/27 16:02:17 | 000,000,000 | -HSD | M] -- C:\Users\Jennifer\AppData\Roaming\Security Antivirus
[2011/03/14 00:40:25 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\SPORE
[2010/11/23 12:30:11 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Template
[2009/02/22 19:30:41 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\WildTangent
[2011/06/19 17:04:51 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/19 17:24:00 | 000,000,442 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B1976C9C-5D04-4CBD-A895-6745F90D2F60}.job

========== Purity Check ==========



< End of report >

Edited by remember_jordana, 19 June 2011 - 04:34 PM.

  • 0

#7
remember_jordana

remember_jordana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
I was able to get this after some hunting:


OTL Extras logfile created on: 6/19/2011 5:25:54 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Jennifer\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 67.37% Memory free
5.96 Gb Paging File | 5.14 Gb Available in Paging File | 86.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.09 Gb Total Space | 123.17 Gb Free Space | 42.75% Space Free | Partition Type: NTFS
Drive I: | 963.70 Mb Total Space | 955.59 Mb Free Space | 99.16% Space Free | Partition Type: FAT

Computer Name: JENNIFER-PC | User Name: Jennifer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\Users\Jennifer\AppData\Local\ari.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1FFC30A5-82DA-45A6-8807-B748801F5FDC}" = rport=137 | protocol=17 | dir=out | app=system |
"{2029AB4A-974F-4FF0-9FD0-E633CF2AFF0B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{39ACB875-88AA-4019-8AD2-4D8DBFB0E354}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{3CEEEB08-84C8-47EB-A3BC-EC2C2C52B4E4}" = rport=138 | protocol=17 | dir=out | app=system |
"{5F21EF30-6ECD-4429-96A9-4BE3929A4C8F}" = lport=138 | protocol=17 | dir=in | app=system |
"{655105E8-832F-4790-8B03-30B162EBFEC7}" = rport=139 | protocol=6 | dir=out | app=system |
"{69862C35-8F28-4C4D-9420-CE9741508E8E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{6BEC7593-D9D1-4B66-A40A-BAF8F9CC1094}" = lport=139 | protocol=6 | dir=in | app=system |
"{76A0D16C-0716-4591-BB58-ECAD9999CC7C}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader |
"{82B0275C-612D-4788-8EC4-DDEF76D6E832}" = lport=137 | protocol=17 | dir=in | app=system |
"{87CDB451-62BB-482F-AA73-1E13FB9C4C53}" = lport=6112 | protocol=6 | dir=in | name=blizzard downloader |
"{9FF112EC-ED27-432A-9830-E41CD14B3AEE}" = lport=445 | protocol=6 | dir=in | app=system |
"{F06D25D3-F5CD-4E70-BF83-24A46554ACD8}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========
  • 0

#8
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKCU..\Run: [3869027225] C:\Users\Jennifer\AppData\Local\ari.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [asp70vdviss.exe] File not found
    O4 - HKCU..\Run: [jnqbrqnc] File not found
    O4 - HKCU..\Run: [Ypegogibuxidetay] File not found
    O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk = File not found
    O35 - HKCU\..exefile [open] -- "C:\Users\Jennifer\AppData\Local\ari.exe" -a "%1" %* (Microsoft Corporation)
    O37 - HKCU\...exe [@ = exefile] -- "C:\Users\Jennifer\AppData\Local\ari.exe" -a "%1" %* (Microsoft Corporation)
    [2011/06/19 04:56:31 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Users\Jennifer\AppData\Local\ari.exe
    [2011/06/18 01:30:35 | 000,465,920 | -H-- | C] (eSafe) -- C:\ProgramData\NrIAdsssyo.exe
    [2011/06/19 17:11:45 | 000,015,782 | -HS- | M] () -- C:\ProgramData\h5j433t77k
    [2011/06/19 17:11:41 | 000,015,782 | -HS- | M] () -- C:\Users\Jennifer\AppData\Local\h5j433t77k
    [2011/06/18 01:49:18 | 000,000,040 | -H-- | M] () -- C:\ProgramData\~49862524
    [2011/06/18 01:48:57 | 000,410,624 | -H-- | M] () -- C:\ProgramData\49862524.exe
    [2011/03/30 19:31:25 | 000,000,120 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\Pkojiyasomiz.dat
    [2011/03/30 19:31:25 | 000,000,000 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\Emucalirikijiraz.bin
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.


Things I would like to see in your reply:
  • OTL log
  • Combofix.txt

  • 0

#9
remember_jordana

remember_jordana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
OTL scan after "run fix"

OTL logfile created on: 6/19/2011 11:45:40 PM - Run 4
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Jennifer\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 67.10% Memory free
5.95 Gb Paging File | 5.09 Gb Available in Paging File | 85.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.09 Gb Total Space | 133.31 Gb Free Space | 46.27% Space Free | Partition Type: NTFS
Drive I: | 963.70 Mb Total Space | 951.45 Mb Free Space | 98.73% Space Free | Partition Type: FAT

Computer Name: JENNIFER-PC | User Name: Jennifer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jennifer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atwtusb.exe ()
PRC - C:\Windows\System32\WTMKM.exe ()
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Lexmark 1200 Series\LXCZbmon.exe (Lexmark International, Inc.)
PRC - C:\Windows\System32\lxczcoms.exe ( )
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Windows\System32\lxcrcoms.exe ( )
PRC - C:\Program Files\Lexmark 2400 Series\lxcrmon.exe ()
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Jennifer\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (McProxy) -- File not found
SRV - (McNASvc) -- File not found
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (ETService) -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()
SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WTService) -- C:\Windows\System32\atwtusb.exe ()
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (accoca) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
SRV - (lxcz_device) -- C:\Windows\System32\lxczcoms.exe ( )
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (lxcr_device) -- C:\Windows\System32\lxcrcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (WUSB54GSCv2.NTx86) -- C:\Windows\System32\drivers\WUSB54GSCV2_X86.sys ()
DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (Alpham1) -- C:\Windows\System32\drivers\Alpham1.sys (Ideazon Corporation)
DRV - (Alpham2) -- C:\Windows\System32\drivers\Alpham2.sys (Ideazon Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...109&m=et1161-07
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...109&m=et1161-07
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKLM\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/02/23 18:20:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Extensions
[2009/02/23 18:20:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Extensions\[email protected]
[2010/06/08 20:52:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\extensions
[2010/06/08 20:52:07 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010/09/22 03:26:30 | 000,002,040 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchstonicus.xml

O1 HOSTS File: ([2011/06/19 23:29:53 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110619164219.dll (McAfee, Inc.)
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [lxcrmon.exe] C:\Program Files\Lexmark 2400 Series\lxcrmon.exe ()
O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MacrokeyManager] C:\Windows\System32\WTMKM.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: army.mil ([rw3] https in Trusted sites)
O15 - HKCU\..Trusted Domains: armyfrg.org ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: battle.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: blizzard.com ([us] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://kingsisle.hs...ameLauncher.CAB (Wizard101GameLauncher)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F94859F2-3810-48FA-8403-0E163FD67CAD} https://video.global...idplayer8.2.cab (canvidplayer8ctrl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O27 - HKLM IFEO\brastk.exe: Debugger - svchost.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{10649fd9-71e0-11de-9044-002197aaeb29}\Shell - "" = AutoRun
O33 - MountPoints2\{10649fd9-71e0-11de-9044-002197aaeb29}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/19 23:29:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/19 23:29:22 | 004,130,419 | ---- | C] (Swearware) -- C:\Users\Jennifer\Desktop\ComboFix.exe
[2011/06/19 17:26:12 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\security
[2011/06/19 17:22:17 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2011/06/19 16:42:18 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2011/06/19 16:41:52 | 000,141,792 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2011/06/19 16:41:36 | 000,164,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2011/06/19 16:41:36 | 000,064,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2011/06/19 16:41:35 | 000,386,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2011/06/19 16:41:35 | 000,313,288 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2011/06/19 16:41:35 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2011/06/19 16:41:34 | 000,152,960 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2011/06/19 16:41:34 | 000,095,600 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2011/06/19 16:41:34 | 000,052,104 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2011/06/19 16:41:33 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2011/06/17 12:46:58 | 000,000,000 | -H-D | C] -- C:\Windows\System32\Updates
[2011/06/17 12:43:03 | 000,000,000 | -H-D | C] -- C:\Windows\System32\Data
[2011/06/14 00:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/06/14 00:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/06/14 00:24:27 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Conduit
[2011/06/14 00:24:26 | 000,000,000 | ---D | C] -- C:\Program Files\PageRage
[2011/06/14 00:23:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Tarma Installer
[2011/06/14 00:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Runtime
[2011/05/29 23:14:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/29 22:59:18 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\New Folder (2)
[2011/03/01 19:01:41 | 000,413,696 | -H-- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
[2011/03/01 19:01:41 | 000,397,312 | -H-- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
[2011/03/01 19:01:41 | 000,323,584 | -H-- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll
[2011/03/01 19:01:40 | 001,224,704 | -H-- | C] ( ) -- C:\Windows\System32\lxczserv.dll
[2011/03/01 19:01:40 | 000,991,232 | -H-- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
[2011/03/01 19:01:40 | 000,696,320 | -H-- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
[2011/03/01 19:01:40 | 000,643,072 | -H-- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
[2011/03/01 19:01:40 | 000,585,728 | -H-- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
[2011/03/01 19:01:40 | 000,385,968 | -H-- | C] ( ) -- C:\Windows\System32\lxczih.exe
[2011/03/01 19:01:40 | 000,163,840 | -H-- | C] ( ) -- C:\Windows\System32\lxczprox.dll
[2011/03/01 19:01:40 | 000,094,208 | -H-- | C] ( ) -- C:\Windows\System32\lxczpplc.dll
[2011/03/01 19:01:39 | 000,684,032 | -H-- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
[2011/03/01 19:01:39 | 000,537,520 | -H-- | C] ( ) -- C:\Windows\System32\lxczcoms.exe
[2011/03/01 19:01:39 | 000,421,888 | -H-- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
[2011/03/01 19:01:39 | 000,381,872 | -H-- | C] ( ) -- C:\Windows\System32\lxczcfg.exe
[2009/04/27 22:15:57 | 001,224,704 | -H-- | C] ( ) -- C:\Windows\System32\lxcrserv.dll
[2009/04/27 22:15:57 | 000,991,232 | -H-- | C] ( ) -- C:\Windows\System32\lxcrusb1.dll
[2009/04/27 22:15:57 | 000,684,032 | -H-- | C] ( ) -- C:\Windows\System32\lxcrcomc.dll
[2009/04/27 22:15:57 | 000,643,072 | -H-- | C] ( ) -- C:\Windows\System32\lxcrpmui.dll
[2009/04/27 22:15:57 | 000,585,728 | -H-- | C] ( ) -- C:\Windows\System32\lxcrlmpm.dll
[2009/04/27 22:15:57 | 000,537,520 | -H-- | C] ( ) -- C:\Windows\System32\lxcrcoms.exe
[2009/04/27 22:15:57 | 000,421,888 | -H-- | C] ( ) -- C:\Windows\System32\lxcrcomm.dll
[2009/04/27 22:15:57 | 000,413,696 | -H-- | C] ( ) -- C:\Windows\System32\lxcrinpa.dll
[2009/04/27 22:15:57 | 000,397,312 | -H-- | C] ( ) -- C:\Windows\System32\lxcriesc.dll
[2009/04/27 22:15:57 | 000,385,968 | -H-- | C] ( ) -- C:\Windows\System32\lxcrih.exe
[2009/04/27 22:15:57 | 000,323,584 | -H-- | C] ( ) -- C:\Windows\System32\LXCRhcp.dll
[2009/04/27 22:15:57 | 000,163,840 | -H-- | C] ( ) -- C:\Windows\System32\lxcrprox.dll
[2009/04/27 22:15:57 | 000,094,208 | -H-- | C] ( ) -- C:\Windows\System32\lxcrpplc.dll

========== Files - Modified Within 30 Days ==========

[2011/06/19 23:44:00 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B1976C9C-5D04-4CBD-A895-6745F90D2F60}.job
[2011/06/19 23:41:38 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/19 23:40:25 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/19 23:40:25 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/19 23:40:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/19 23:40:17 | 3085,381,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/19 23:29:53 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/06/19 23:27:38 | 004,130,419 | ---- | M] (Swearware) -- C:\Users\Jennifer\Desktop\ComboFix.exe
[2011/06/19 22:53:11 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/19 17:45:43 | 000,043,520 | ---- | M] () -- C:\Users\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/19 17:25:10 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/19 17:25:10 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/19 17:20:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2011/06/18 10:21:28 | 000,000,794 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/06/18 01:39:35 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\LogConfigTemp.xml

========== Files Created - No Company Name ==========

[2011/03/01 19:05:05 | 000,000,311 | -H-- | C] () -- C:\Windows\Lexstat.ini
[2011/03/01 19:01:41 | 000,413,696 | -H-- | C] () -- C:\Windows\System32\lxczutil.dll
[2011/03/01 19:01:41 | 000,274,432 | -H-- | C] () -- C:\Windows\System32\LXCZinst.dll
[2010/11/23 11:55:02 | 000,000,552 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\d3d8caps.dat
[2010/02/18 13:32:01 | 000,238,072 | ---- | C] () -- C:\Windows\System32\drivers\WUSB54GSCV2_X86.sys
[2010/02/18 13:32:00 | 000,000,758 | -H-- | C] () -- C:\Windows\System32\WLAN.INI
[2010/01/04 00:51:54 | 000,230,752 | -H-- | C] () -- C:\Windows\patchw32.dll
[2010/01/04 00:51:53 | 000,118,176 | -H-- | C] () -- C:\Windows\patchw.dll
[2009/08/03 01:21:54 | 000,197,912 | -H-- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/07/17 19:44:43 | 000,007,063 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/07/06 22:17:05 | 000,000,114 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\wklnhst.dat
[2009/07/06 20:54:03 | 000,364,192 | -H-- | C] () -- C:\Windows\System32\atwtusb.exe
[2009/07/06 20:54:02 | 001,969,824 | -H-- | C] () -- C:\Windows\System32\WTMKM.exe
[2009/07/06 20:54:02 | 000,045,056 | -H-- | C] () -- C:\Windows\System32\InstallService.exe
[2009/07/06 20:54:01 | 000,180,224 | -H-- | C] () -- C:\Windows\System32\ATWTINK.DLL
[2009/07/06 20:54:01 | 000,102,048 | -H-- | C] () -- C:\Windows\RmTablet.exe
[2009/07/06 20:54:01 | 000,021,784 | -H-- | C] () -- C:\Windows\System32\Photoshop Elements.ini
[2009/07/06 20:54:01 | 000,014,446 | -H-- | C] () -- C:\Windows\System32\PhotoImpact XL SE.ini
[2009/07/06 20:54:01 | 000,011,125 | -H-- | C] () -- C:\Windows\System32\Vista.ini
[2009/07/06 20:54:01 | 000,010,438 | -H-- | C] () -- C:\Windows\System32\XP_2000.INI
[2009/07/06 20:54:01 | 000,000,619 | -H-- | C] () -- C:\Windows\System32\MKProfile.ini
[2009/07/06 20:54:00 | 000,006,874 | ---- | C] () -- C:\Windows\aiptbl.ini
[2009/04/27 22:15:57 | 000,274,432 | -H-- | C] () -- C:\Windows\System32\LXCRinst.dll
[2009/04/27 22:04:45 | 000,000,680 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\d3d9caps.dat
[2009/04/12 14:35:14 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2009/02/28 16:01:14 | 000,000,000 | -H-- | C] () -- C:\Windows\setup32.INI
[2009/02/23 23:33:48 | 000,000,209 | -H-- | C] () -- C:\Windows\ODBCINST.INI
[2009/02/23 23:24:51 | 000,000,000 | -H-- | C] () -- C:\Windows\popcinfo.dat
[2009/02/22 20:27:02 | 000,043,520 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/22 20:13:07 | 000,000,295 | -H-- | C] () -- C:\Windows\wininit.ini
[2009/01/14 13:40:17 | 000,487,424 | -H-- | C] () -- C:\Windows\System32\INT15.dll
[2008/10/29 21:15:35 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/10/29 21:01:46 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/10/29 21:01:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007/02/07 19:58:12 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007/01/22 10:49:34 | 000,344,064 | -H-- | C] () -- C:\Windows\System32\lxczcoin.dll
[2006/11/30 11:32:52 | 000,344,064 | -H-- | C] () -- C:\Windows\System32\lxcrcoin.dll
[2006/11/22 17:16:18 | 000,003,612 | -H-- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 13:50:06 | 000,000,037 | -H-- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,395,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,595,446 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,101,144 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:46:03 | 000,000,009 | -H-- | C] () -- C:\Windows\System32\comsats.sys
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/14 16:01:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcrcaps.dll
[2006/08/08 14:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxcrdrs.dll
[2006/06/07 15:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll
[2006/03/27 13:19:14 | 000,040,960 | -H-- | C] () -- C:\Windows\System32\lxczvs.dll
[2006/03/23 03:33:20 | 000,040,960 | -H-- | C] () -- C:\Windows\System32\lxcrvs.dll
[2006/03/07 13:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll
[2006/01/10 19:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
[2006/01/10 19:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll
[2005/12/20 11:54:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcrcnv4.dll
[1997/11/17 17:13:16 | 000,010,240 | -H-- | C] () -- C:\Windows\System32\vidx16.dll

========== LOP Check ==========

[2011/04/02 04:07:01 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\7BFC6CB9824A6E610F33ECA95451ED4F
[2009/11/20 18:34:29 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Acoustica
[2010/03/20 09:36:15 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\LimeWire
[2010/07/09 13:16:20 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\NeopleLauncherDFO
[2009/02/22 19:31:23 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\PlayFirst
[2010/02/27 16:02:17 | 000,000,000 | -HSD | M] -- C:\Users\Jennifer\AppData\Roaming\Security Antivirus
[2011/03/14 00:40:25 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\SPORE
[2010/11/23 12:30:11 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Template
[2009/02/22 19:30:41 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\WildTangent
[2011/06/19 23:39:17 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/19 23:44:00 | 000,000,442 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B1976C9C-5D04-4CBD-A895-6745F90D2F60}.job

========== Purity Check ==========



< End of report >



----------------------------------------------------------------------------------------------------------------------------------------------------------------

Combofix report:

ComboFix 11-06-17.04 - Jennifer 06/19/2011 23:52:18.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2942.1951 [GMT -5:00]
Running from: c:\users\Jennifer\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\users\Jennifer\AppData\Roaming\Adobe\plugs
c:\users\Jennifer\AppData\Roaming\Adobe\shed
c:\users\Jennifer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\cb.dll
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\cb.sys
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\cid.sys
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\CLSV.drv
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.sys
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\ddv.dll
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\delfile.sys
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\energy.dll
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\energy.tmp
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\fan.exe
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\fix.drv
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\fix.exe
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\fix.tmp
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\hymt.dll
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\pal.tmp
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\sld.dll
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\std.tmp
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\users\Jennifer\AppData\Roaming\Security Antivirus
c:\users\Jennifer\AppData\Roaming\Security Antivirus\Instructions.ini
c:\windows\system32\comsats.sys
c:\windows\system32\Install.txt
c:\windows\system32\spool\prtprocs\w32x86\LXBCPP5C.DLL
c:\windows\system32\tukdtjsr.txt
c:\windows\Update.bat
.
----- BITS: Possible infected sites -----
.
hxxp://ads1.msads.net
.
((((((((((((((((((((((((( Files Created from 2011-05-20 to 2011-06-20 )))))))))))))))))))))))))))))))
.
.
2011-06-20 05:23 . 2011-06-20 05:23 -------- d-----w- c:\users\Jennifer\AppData\Local\temp
2011-06-20 05:23 . 2011-06-20 05:23 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-06-20 04:48 . 2011-06-20 04:49 -------- d-----w- C:\32788R22FWJFW
2011-06-20 04:29 . 2011-06-20 04:29 -------- d-----w- C:\_OTL
2011-06-19 21:47 . 2011-05-25 00:12 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2CFE1BB-715C-4A91-A759-79F3B004938C}\mpengine.dll
2011-06-19 21:42 . 2011-03-24 13:41 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-06-19 21:41 . 2011-03-24 13:41 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-06-19 21:41 . 2011-03-24 13:41 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-06-19 21:41 . 2011-03-24 13:41 164840 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-06-19 21:41 . 2011-03-24 13:41 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-06-19 21:41 . 2011-03-24 13:41 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-06-19 21:41 . 2011-03-24 13:41 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-06-19 21:41 . 2011-03-24 13:41 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-06-19 21:41 . 2011-03-24 13:41 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-06-19 21:41 . 2011-03-24 13:41 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-06-19 21:41 . 2011-03-24 13:41 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-06-17 17:46 . 2011-06-17 17:47 -------- d--h--w- c:\windows\system32\Updates
2011-06-17 17:43 . 2011-06-17 17:47 -------- d--h--w- c:\windows\system32\Data
2011-06-14 05:24 . 2011-06-14 05:24 -------- d-----w- c:\program files\Conduit
2011-06-14 05:24 . 2011-06-14 05:24 -------- d-----w- c:\users\Jennifer\AppData\Local\Conduit
2011-06-14 05:24 . 2011-06-14 05:24 -------- d-----w- c:\program files\PageRage
2011-06-14 05:23 . 2011-06-14 05:23 -------- d-----w- c:\program files\Yontoo Layers Runtime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 00:14 . 2009-10-03 02:12 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9565115d-c7d6-46d3-bd63-b67b481a4368}"= "c:\program files\PageRage\prxtbPage.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
2011-03-28 16:22 176936 ----a-w- c:\program files\PageRage\prxtbPage.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-06-03 18:25 194848 ------w- c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9565115d-c7d6-46d3-bd63-b67b481a4368}"= "c:\program files\PageRage\prxtbPage.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9565115D-C7D6-46D3-BD63-B67B481A4368}"= "c:\program files\PageRage\prxtbPage.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-23 6183456]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-27 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 92704]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2006-12-11 291760]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"MacrokeyManager"="WTMKM.exe" [2007-11-13 1969824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-04-19 74672]
.
c:\users\Brianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire4\LimeWire.exe [N/A]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Chris & Brianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire4\LimeWire.exe [N/A]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ActivClient Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk
backup=c:\windows\pss\ActivClient Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Jennifer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\accrdsub]
2007-05-15 23:08 293168 ----a-w- c:\program files\ActivIdentity\ActivClient\accrdsub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-11 08:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-09-14 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2006-12-11 16:11 82864 ----a-w- c:\program files\Lexmark 2400 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 22:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCRCATS]
2006-11-21 17:27 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxcrtime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2011-03-16 23:33 3046808 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zboard]
2007-09-24 21:57 57344 ----a-w- c:\program files\Ideazon\ZEngine\Zboard.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-23 136176]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-03-24 55840]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-23 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-03-24 84264]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-05-06 3596528]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [2007-10-18 56448]
R3 WUSB54GSCv2.NTx86;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\DRIVERS\WUSB54GSCV2_X86.sys [2008-01-08 238072]
R3 XDva281;XDva281;c:\windows\system32\XDva281.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-03-24 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-03-24 164840]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
S2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [2008-06-11 24576]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-24 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-03-24 141792]
S2 WTService;WTService;c:\windows\system32\atwtusb.exe [2007-12-05 364192]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-03-24 313288]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-23 03:32]
.
2011-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-23 03:32]
.
2011-06-20 c:\windows\Tasks\User_Feed_Synchronization-{B1976C9C-5D04-4CBD-A895-6745F90D2F60}.job
- c:\windows\system32\msfeedssync.exe [2011-01-16 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0109&m=et1161-07
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: army.mil\rw3
Trusted Zone: armyfrg.org\www
Trusted Zone: battle.net
Trusted Zone: blizzard.com\us
Trusted Zone: yahoo.com\www
TCP: DhcpNameServer = 10.0.0.1
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {F94859F2-3810-48FA-8403-0E163FD67CAD} - hxxps://video.globalwageringservice.com/canvid/canvidplayer8.2.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\users\Jennifer\Desktop\Malwarebytes' Anti-Malware\gogetum2.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-Security Antivirus - c:\programdata\48b5b94\SA48b5.exe
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~2\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-20 00:23
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-900549949-4010315702-2149795806-1000\Software\SecuROM\License information*]
"datasecu"=hex:25,94,e2,3e,39,fe,2c,55,f2,26,71,1f,f6,69,fc,42,e5,13,41,74,d6,
d5,a1,b7,50,bf,dd,0c,dc,67,83,af,05,82,03,1a,f4,1f,1c,98,20,91,b1,7a,67,84,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-06-20 00:26:58
ComboFix-quarantined-files.txt 2011-06-20 05:26
.
Pre-Run: 143,004,917,760 bytes free
Post-Run: 144,716,308,480 bytes free
.
- - End Of File - - 5F8291CF4DC962F8BD22EB009FA172D1
  • 0

#10
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

are you able to now use the internet on the infected pc ?
  • 0

Advertisements


#11
remember_jordana

remember_jordana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Sorry, but no.

It will not even come up at all now.

I get the following message:

"illegal operation attempted on a registry key that has been marked for deletion"
  • 0

#12
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Hi

try to reboot the pc and see if that error is gone.
  • 0

#13
remember_jordana

remember_jordana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
I rebooted.

Internet is up and running.
  • 0

#14
remember_jordana

remember_jordana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
also there has still been no popups or anything from the trojan.
  • 0

#15
remember_jordana

remember_jordana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
is it safe now.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP