[ali.B]

hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces

Step 2

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install
• Click Start
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic

Things i would like to see in your reply:

• Malwarebytes Results.
• Eset scanner report.
• Update on how your computer is running

[Advertisements]

Malwarebytes' Anti-Malware
www.malwarebytes.org

Database version:

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18999

6/21/2011 10:35:02 AM
mbam-log-2011-06-21 (10-35-02).txt

Scan type: Quick scan
Objects scanned: 127390
Time elapsed: 3 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

----------------------------------------------------------------------------------------------------------------------------------------------

C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll Win32/Adware.Yontoo.A application cleaned by deleting (after the next restart) - quarantined
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\Jennifer\AppData\Local\temp\NODAC52.tmp Win32/Adware.Yontoo.A application cleaned by deleting (after the next restart) - quarantined
C:\Users\Jennifer\AppData\Roaming\7BFC6CB9824A6E610F33ECA95451ED4F\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
C:\Users\Jennifer\AppData\Roaming\7BFC6CB9824A6E610F33ECA95451ED4F\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
C:\Users\Jennifer\AppData\Roaming\7BFC6CB9824A6E610F33ECA95451ED4F\upd_debug.exe a variant of Win32/Kryptik.MCY trojan cleaned by deleting - quarantined
C:\Users\Jennifer\Desktop\2 christopher\Brianna\Brianna\Desktop\songs\Music1\Music\arabesque debussy.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\Jennifer\Desktop\2 christopher\Brianna\Brianna\Desktop\songs\Music1\Music\Muzik\im only happy when it rains (best quality).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\Jennifer\Desktop\2 christopher\Brianna\Brianna\Desktop\songs\Music1\Music\Muzik\jump on it.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\Jennifer\Desktop\2 christopher\Brianna\Brianna\Desktop\songs\Music1\Music\Muzik\right now akon.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\Jennifer\Desktop\2 christopher\Brianna\Brianna\Documents\LimeWire\Incomplete\Preview-T-3555427-technologic draft punk.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\Jennifer\Desktop\2 christopher\Brianna\Brianna\Documents\LimeWire\Incomplete\Preview-T-5079722-diamond in rhinestone world on top #1 hit.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\Jennifer\Desktop\2 christopher\Brianna\Brianna\Documents\LimeWire\Incomplete\T-3555427-shopaholic verse (best quality).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\Jennifer\Desktop\2 christopher\Brianna\Brianna\Documents\LimeWire\Incomplete\T-5079722-diamond in rhinestone world on top #1 hit.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\Jennifer\Documents\LimeWire\Incomplete\T-5970745-going through motions (from new album).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\Jennifer\Documents\LimeWire\Saved\Dreams\Donna Lewis - I love You Always Forever.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\_OTL\MovedFiles\06192011_232951\C_ProgramData\49862524.exe a variant of Win32/Kryptik.PEN trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06192011_232951\C_ProgramData\NrIAdsssyo.exe a variant of Win32/Kryptik.PEN trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06192011_232951\C_Users\Jennifer\AppData\Local\ari.exe a variant of Win32/Kryptik.PFE trojan cleaned by deleting - quarantined

[remember_jordana]

Malwarebytes' Anti-Malware
www.malwarebytes.org

Database version:

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18999

6/21/2011 10:35:02 AM
mbam-log-2011-06-21 (10-35-02).txt

Scan type: Quick scan
Objects scanned: 127390
Time elapsed: 3 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

----------------------------------------------------------------------------------------------------------------------------------------------

C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll Win32/Adware.Yontoo.A application cleaned by deleting (after the next restart) - quarantined
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\Jennifer\AppData\Local\temp\NODAC52.tmp Win32/Adware.Yontoo.A application cleaned by deleting (after the next restart) - quarantined
C:\Users\Jennifer\AppData\Roaming\7BFC6CB9824A6E610F33ECA95451ED4F\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
C:\Users\Jennifer\AppData\Roaming\7BFC6CB9824A6E610F33ECA95451ED4F\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
C:\Users\Jennifer\AppData\Roaming\7BFC6CB9824A6E610F33ECA95451ED4F\upd_debug.exe a variant of Win32/Kryptik.MCY trojan cleaned by deleting - quarantined
C:\Users\Jennifer\Desktop\2 christopher\Brianna\Brianna\Desktop\songs\Music1\Music\arabesque debussy.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\Jennifer\Desktop\2 christopher\Brianna\Brianna\Desktop\songs\Music1\Music\Muzik\im only happy when it rains (best quality).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\Jennifer\Desktop\2 christopher\Brianna\Brianna\Desktop\songs\Music1\Music\Muzik\jump on it.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\Jennifer\Desktop\2 christopher\Brianna\Brianna\Desktop\songs\Music1\Music\Muzik\right now akon.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\Jennifer\Desktop\2 christopher\Brianna\Brianna\Documents\LimeWire\Incomplete\Preview-T-3555427-technologic draft punk.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\Jennifer\Desktop\2 christopher\Brianna\Brianna\Documents\LimeWire\Incomplete\Preview-T-5079722-diamond in rhinestone world on top #1 hit.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\Jennifer\Desktop\2 christopher\Brianna\Brianna\Documents\LimeWire\Incomplete\T-3555427-shopaholic verse (best quality).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\Jennifer\Desktop\2 christopher\Brianna\Brianna\Documents\LimeWire\Incomplete\T-5079722-diamond in rhinestone world on top #1 hit.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\Jennifer\Documents\LimeWire\Incomplete\T-5970745-going through motions (from new album).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\Jennifer\Documents\LimeWire\Saved\Dreams\Donna Lewis - I love You Always Forever.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\_OTL\MovedFiles\06192011_232951\C_ProgramData\49862524.exe a variant of Win32/Kryptik.PEN trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06192011_232951\C_ProgramData\NrIAdsssyo.exe a variant of Win32/Kryptik.PEN trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06192011_232951\C_Users\Jennifer\AppData\Local\ari.exe a variant of Win32/Kryptik.PFE trojan cleaned by deleting - quarantined

[remember_jordana]

Pc seems to be just fine. No popups or glitches that I can see.

[ali.B]

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[remember_jordana]

OTL logfile created on: 6/21/2011 4:41:13 PM - Run 5
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Jennifer\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 52.94% Memory free
5.97 Gb Paging File | 4.94 Gb Available in Paging File | 82.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.09 Gb Total Space | 133.35 Gb Free Space | 46.29% Space Free | Partition Type: NTFS
Drive I: | 963.70 Mb Total Space | 951.33 Mb Free Space | 98.72% Space Free | Partition Type: FAT

Computer Name: JENNIFER-PC | User Name: Jennifer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jennifer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atwtusb.exe ()
PRC - C:\Windows\System32\WTMKM.exe ()
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\Windows\System32\lxczcoms.exe ( )
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Windows\System32\lxcrcoms.exe ( )
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Jennifer\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (McProxy) -- File not found
SRV - (McNASvc) -- File not found
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (ETService) -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()
SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WTService) -- C:\Windows\System32\atwtusb.exe ()
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (accoca) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
SRV - (lxcz_device) -- C:\Windows\System32\lxczcoms.exe ( )
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (lxcr_device) -- C:\Windows\System32\lxcrcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (WUSB54GSCv2.NTx86) -- C:\Windows\System32\drivers\WUSB54GSCV2_X86.sys ()
DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (Alpham1) -- C:\Windows\System32\drivers\Alpham1.sys (Ideazon Corporation)
DRV - (Alpham2) -- C:\Windows\System32\drivers\Alpham2.sys (Ideazon Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...109&m=et1161-07
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/02/23 18:20:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Extensions
[2009/02/23 18:20:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Extensions\[email protected]
[2010/06/08 20:52:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\extensions
[2010/06/08 20:52:07 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010/09/22 03:26:30 | 000,002,040 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchstonicus.xml

O1 HOSTS File: ([2011/06/20 00:23:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110619164219.dll (McAfee, Inc.)
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [lxcrmon.exe] C:\Program Files\Lexmark 2400 Series\lxcrmon.exe ()
O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MacrokeyManager] C:\Windows\System32\WTMKM.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O15 - HKCU\..Trusted Domains: army.mil ([rw3] https in Trusted sites)
O15 - HKCU\..Trusted Domains: armyfrg.org ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: battle.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: blizzard.com ([us] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://kingsisle.hs...ameLauncher.CAB (Wizard101GameLauncher)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F94859F2-3810-48FA-8403-0E163FD67CAD} https://video.global...idplayer8.2.cab (canvidplayer8ctrl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O24 - Desktop WallPaper: C:\Users\Jennifer\Pictures\WereWolf-1.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jennifer\Pictures\WereWolf-1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/21 11:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/20 00:27:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/20 00:27:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/06/20 00:27:01 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\temp
[2011/06/19 23:49:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/06/19 23:49:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/06/19 23:49:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/06/19 23:49:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/19 23:49:04 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/06/19 23:49:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/19 23:48:54 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/06/19 23:29:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/19 23:29:22 | 004,130,419 | R--- | C] (Swearware) -- C:\Users\Jennifer\Desktop\ComboFix.exe
[2011/06/19 17:26:12 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\security
[2011/06/19 17:22:17 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2011/06/19 16:42:18 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2011/06/19 16:41:52 | 000,141,792 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2011/06/19 16:41:36 | 000,164,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2011/06/19 16:41:36 | 000,064,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2011/06/19 16:41:35 | 000,386,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2011/06/19 16:41:35 | 000,313,288 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2011/06/19 16:41:35 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2011/06/19 16:41:34 | 000,152,960 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2011/06/19 16:41:34 | 000,095,600 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2011/06/19 16:41:34 | 000,052,104 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2011/06/19 16:41:33 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2011/06/17 12:46:58 | 000,000,000 | -H-D | C] -- C:\Windows\System32\Updates
[2011/06/17 12:43:03 | 000,000,000 | -H-D | C] -- C:\Windows\System32\Data
[2011/06/14 00:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/06/14 00:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/06/14 00:24:27 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Conduit
[2011/06/14 00:24:26 | 000,000,000 | ---D | C] -- C:\Program Files\PageRage
[2011/06/14 00:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Runtime
[2011/05/29 23:14:14 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/05/29 22:59:18 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\New Folder (2)
[2011/03/01 19:01:41 | 000,413,696 | -H-- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
[2011/03/01 19:01:41 | 000,397,312 | -H-- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
[2011/03/01 19:01:41 | 000,323,584 | -H-- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll
[2011/03/01 19:01:40 | 001,224,704 | -H-- | C] ( ) -- C:\Windows\System32\lxczserv.dll
[2011/03/01 19:01:40 | 000,991,232 | -H-- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
[2011/03/01 19:01:40 | 000,696,320 | -H-- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
[2011/03/01 19:01:40 | 000,643,072 | -H-- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
[2011/03/01 19:01:40 | 000,585,728 | -H-- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
[2011/03/01 19:01:40 | 000,385,968 | -H-- | C] ( ) -- C:\Windows\System32\lxczih.exe
[2011/03/01 19:01:40 | 000,163,840 | -H-- | C] ( ) -- C:\Windows\System32\lxczprox.dll
[2011/03/01 19:01:40 | 000,094,208 | -H-- | C] ( ) -- C:\Windows\System32\lxczpplc.dll
[2011/03/01 19:01:39 | 000,684,032 | -H-- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
[2011/03/01 19:01:39 | 000,537,520 | -H-- | C] ( ) -- C:\Windows\System32\lxczcoms.exe
[2011/03/01 19:01:39 | 000,421,888 | -H-- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
[2011/03/01 19:01:39 | 000,381,872 | -H-- | C] ( ) -- C:\Windows\System32\lxczcfg.exe
[2009/04/27 22:15:57 | 001,224,704 | -H-- | C] ( ) -- C:\Windows\System32\lxcrserv.dll
[2009/04/27 22:15:57 | 000,991,232 | -H-- | C] ( ) -- C:\Windows\System32\lxcrusb1.dll
[2009/04/27 22:15:57 | 000,684,032 | -H-- | C] ( ) -- C:\Windows\System32\lxcrcomc.dll
[2009/04/27 22:15:57 | 000,643,072 | -H-- | C] ( ) -- C:\Windows\System32\lxcrpmui.dll
[2009/04/27 22:15:57 | 000,585,728 | -H-- | C] ( ) -- C:\Windows\System32\lxcrlmpm.dll
[2009/04/27 22:15:57 | 000,537,520 | -H-- | C] ( ) -- C:\Windows\System32\lxcrcoms.exe
[2009/04/27 22:15:57 | 000,421,888 | -H-- | C] ( ) -- C:\Windows\System32\lxcrcomm.dll
[2009/04/27 22:15:57 | 000,413,696 | -H-- | C] ( ) -- C:\Windows\System32\lxcrinpa.dll
[2009/04/27 22:15:57 | 000,397,312 | -H-- | C] ( ) -- C:\Windows\System32\lxcriesc.dll
[2009/04/27 22:15:57 | 000,385,968 | -H-- | C] ( ) -- C:\Windows\System32\lxcrih.exe
[2009/04/27 22:15:57 | 000,323,584 | -H-- | C] ( ) -- C:\Windows\System32\LXCRhcp.dll
[2009/04/27 22:15:57 | 000,163,840 | -H-- | C] ( ) -- C:\Windows\System32\lxcrprox.dll
[2009/04/27 22:15:57 | 000,094,208 | -H-- | C] ( ) -- C:\Windows\System32\lxcrpplc.dll

========== Files - Modified Within 30 Days ==========

[2011/06/21 16:39:00 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B1976C9C-5D04-4CBD-A895-6745F90D2F60}.job
[2011/06/21 16:28:18 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/21 16:28:18 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/21 15:53:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/21 09:53:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/20 16:28:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/20 16:28:10 | 3085,369,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/20 00:23:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/06/19 23:27:38 | 004,130,419 | R--- | M] (Swearware) -- C:\Users\Jennifer\Desktop\ComboFix.exe
[2011/06/19 17:45:43 | 000,043,520 | ---- | M] () -- C:\Users\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/19 17:25:10 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/19 17:25:10 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/19 17:20:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2011/06/18 10:21:28 | 000,000,794 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/06/18 01:39:35 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\LogConfigTemp.xml

========== Files Created - No Company Name ==========

[2011/06/19 23:49:09 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/19 23:49:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/19 23:49:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/19 23:49:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/19 23:49:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/01 19:05:05 | 000,000,311 | -H-- | C] () -- C:\Windows\Lexstat.ini
[2011/03/01 19:01:41 | 000,413,696 | -H-- | C] () -- C:\Windows\System32\lxczutil.dll
[2011/03/01 19:01:41 | 000,274,432 | -H-- | C] () -- C:\Windows\System32\LXCZinst.dll
[2010/11/23 11:55:02 | 000,000,552 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\d3d8caps.dat
[2010/02/18 13:32:01 | 000,238,072 | ---- | C] () -- C:\Windows\System32\drivers\WUSB54GSCV2_X86.sys
[2010/02/18 13:32:00 | 000,000,758 | -H-- | C] () -- C:\Windows\System32\WLAN.INI
[2010/01/04 00:51:54 | 000,230,752 | -H-- | C] () -- C:\Windows\patchw32.dll
[2010/01/04 00:51:53 | 000,118,176 | -H-- | C] () -- C:\Windows\patchw.dll
[2009/08/03 01:21:54 | 000,197,912 | -H-- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/07/17 19:44:43 | 000,007,063 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/07/06 22:17:05 | 000,000,114 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\wklnhst.dat
[2009/07/06 20:54:03 | 000,364,192 | -H-- | C] () -- C:\Windows\System32\atwtusb.exe
[2009/07/06 20:54:02 | 001,969,824 | -H-- | C] () -- C:\Windows\System32\WTMKM.exe
[2009/07/06 20:54:02 | 000,045,056 | -H-- | C] () -- C:\Windows\System32\InstallService.exe
[2009/07/06 20:54:01 | 000,180,224 | -H-- | C] () -- C:\Windows\System32\ATWTINK.DLL
[2009/07/06 20:54:01 | 000,102,048 | -H-- | C] () -- C:\Windows\RmTablet.exe
[2009/07/06 20:54:01 | 000,021,784 | -H-- | C] () -- C:\Windows\System32\Photoshop Elements.ini
[2009/07/06 20:54:01 | 000,014,446 | -H-- | C] () -- C:\Windows\System32\PhotoImpact XL SE.ini
[2009/07/06 20:54:01 | 000,011,125 | -H-- | C] () -- C:\Windows\System32\Vista.ini
[2009/07/06 20:54:01 | 000,010,438 | -H-- | C] () -- C:\Windows\System32\XP_2000.INI
[2009/07/06 20:54:01 | 000,000,619 | -H-- | C] () -- C:\Windows\System32\MKProfile.ini
[2009/07/06 20:54:00 | 000,006,874 | ---- | C] () -- C:\Windows\aiptbl.ini
[2009/04/27 22:15:57 | 000,274,432 | -H-- | C] () -- C:\Windows\System32\LXCRinst.dll
[2009/04/27 22:04:45 | 000,000,680 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\d3d9caps.dat
[2009/04/12 14:35:14 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2009/02/28 16:01:14 | 000,000,000 | -H-- | C] () -- C:\Windows\setup32.INI
[2009/02/23 23:33:48 | 000,000,209 | -H-- | C] () -- C:\Windows\ODBCINST.INI
[2009/02/23 23:24:51 | 000,000,000 | -H-- | C] () -- C:\Windows\popcinfo.dat
[2009/02/22 20:27:02 | 000,043,520 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/22 20:13:07 | 000,000,295 | -H-- | C] () -- C:\Windows\wininit.ini
[2009/01/14 13:40:17 | 000,487,424 | -H-- | C] () -- C:\Windows\System32\INT15.dll
[2008/10/29 21:15:35 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/10/29 21:01:46 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/10/29 21:01:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007/02/07 19:58:12 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007/01/22 10:49:34 | 000,344,064 | -H-- | C] () -- C:\Windows\System32\lxczcoin.dll
[2006/11/30 11:32:52 | 000,344,064 | -H-- | C] () -- C:\Windows\System32\lxcrcoin.dll
[2006/11/22 17:16:18 | 000,003,612 | -H-- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 13:50:06 | 000,000,037 | -H-- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,395,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,595,446 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,101,144 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/14 16:01:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcrcaps.dll
[2006/08/08 14:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxcrdrs.dll
[2006/06/07 15:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll
[2006/03/27 13:19:14 | 000,040,960 | -H-- | C] () -- C:\Windows\System32\lxczvs.dll
[2006/03/23 03:33:20 | 000,040,960 | -H-- | C] () -- C:\Windows\System32\lxcrvs.dll
[2006/03/07 13:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll
[2006/01/10 19:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
[2006/01/10 19:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll
[2005/12/20 11:54:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcrcnv4.dll
[1997/11/17 17:13:16 | 000,010,240 | -H-- | C] () -- C:\Windows\System32\vidx16.dll

========== LOP Check ==========

[2011/06/21 11:49:33 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\7BFC6CB9824A6E610F33ECA95451ED4F
[2009/11/20 18:34:29 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Acoustica
[2010/03/20 09:36:15 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\LimeWire
[2010/07/09 13:16:20 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\NeopleLauncherDFO
[2009/02/22 19:31:23 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\PlayFirst
[2011/03/14 00:40:25 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\SPORE
[2010/11/23 12:30:11 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Template
[2009/02/22 19:30:41 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\WildTangent
[2011/06/20 16:27:10 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/21 16:44:00 | 000,000,442 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B1976C9C-5D04-4CBD-A895-6745F90D2F60}.job

========== Purity Check ==========



< End of report >

[ali.B]

hi

Congratulations your logs appear clean

Reset and Re-enable your System Restore

The following will implement some cleanup procedures as well as reset System Restore points:

• Click START then RUN
• Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

NEXT

• Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
• Click on the CleanUp button.
• Click Yes to begin the cleanup process and remove tools, including this application
• You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

Recommendations

See Here for a list of recommendations for free Antivirus\AntiSpyware applications.

• Keep Your windows up to date by regularly checking their website at:
  http://windowsupdate.microsoft.com/
  
  
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  
  
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  
  
• Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  
  
  
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  
  
• Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
  secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
  blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
  Here
  
  If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
  
  • NoScript - for blocking ads and other potential website attacks
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
  
  
• Click Here to learn how to keep a backup of your important files
  
  
• FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

Thank you

[remember_jordana]

I put the spywareguard on and added firefox.

We have only been to thottbot.com(with firefox) and on the game world of warcraft.

The Vista Home security 2012 came back. Pops up when we open Firefox now.

Edited by remember_jordana, 22 June 2011 - 07:36 PM.

[remember_jordana]

I can no longer access internet again on the infected pc.

Starting to get several popups saying different programs are infected by the vista home security 2012.

Edited by remember_jordana, 22 June 2011 - 07:38 PM.

[ali.B]

Hi

did you perform any downloads or plugged any external drives?

From the clean PC do this

• Please download Panda USB Vaccine here (you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
• Install and run it.
• Plug in USB drive and click on Vaccinate USB and Vaccinate computer.

Now

Please download Rogue Kill from here to your Desktop then move it to the USB.

Please download OTL to your Desktop then move it to the USB.

Now plug the USB on the infected system.

Move both files to the desktop.

Double-click on rkill.com to run it. You may need to run this program a few times to stop the malware process running. The malware will probably complain about being stopped but please ignore this. Do not reboot your computer after running rkill as the malware programs will start again.

Next

Double it on OTL to run it.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.


Now move both logs to the clean pc and post them from there.

[remember_jordana]

The only things that was downloaded was the auto update to World of Warcraft game and FireFox.

Roguekiller

RogueKiller V5.2.4 [06/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User: Jennifer [Admin rights]
Mode: Scan -- Date : 06/23/2011 10:55:41

Bad processes: 1
[SUSP PATH] lch.exe -- c:\users\jennifer\appdata\local\lch.exe -> KILLED

Registry Entries: 12
[ROGUE ST] HKCU\[...]\Run : 4074265990 (C:\Users\Jennifer\AppData\Local\lch.exe) -> FOUND
[SUSP PATH] HKLM\[...]\Run : Malwarebytes' Anti-Malware (reboot) ("C:\Users\Jennifer\Desktop\security\Malwarebytes' Anti-Malware\gogetum2.exe" /runcleanupscript) -> FOUND
[ROGUE ST] HKUS\S-1-5-21-900549949-4010315702-2149795806-1000[...]\Run : 4074265990 (C:\Users\Jennifer\AppData\Local\lch.exe) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[FILEASSO] HKCU\[...]Software\Classes\.exe\shell\open\command : ("C:\Users\Jennifer\AppData\Local\lch.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCU\[...]Software\Classes\exefile\shell\open\command : ("C:\Users\Jennifer\AppData\Local\lch.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCR\[...]exefile\shell\open\command : ("C:\Users\Jennifer\AppData\Local\lch.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCR\[...].exe\shell\open\command : ("C:\Users\Jennifer\AppData\Local\lch.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command : ("C:\Users\Jennifer\AppData\Local\lch.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") -> FOUND
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command : ("C:\Users\Jennifer\AppData\Local\lch.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) -> FOUND
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command : ("C:\Users\Jennifer\AppData\Local\lch.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") -> FOUND

HOSTS File:
127.0.0.1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt

-------------------------------------------------------------------------------------------------------------------

OTL

OTL logfile created on: 6/21/2011 4:41:13 PM - Run 5
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Jennifer\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 52.94% Memory free
5.97 Gb Paging File | 4.94 Gb Available in Paging File | 82.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.09 Gb Total Space | 133.35 Gb Free Space | 46.29% Space Free | Partition Type: NTFS
Drive I: | 963.70 Mb Total Space | 951.33 Mb Free Space | 98.72% Space Free | Partition Type: FAT

Computer Name: JENNIFER-PC | User Name: Jennifer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jennifer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atwtusb.exe ()
PRC - C:\Windows\System32\WTMKM.exe ()
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\Windows\System32\lxczcoms.exe ( )
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Windows\System32\lxcrcoms.exe ( )
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Jennifer\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (McProxy) -- File not found
SRV - (McNASvc) -- File not found
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (ETService) -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()
SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WTService) -- C:\Windows\System32\atwtusb.exe ()
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (accoca) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
SRV - (lxcz_device) -- C:\Windows\System32\lxczcoms.exe ( )
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (lxcr_device) -- C:\Windows\System32\lxcrcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (WUSB54GSCv2.NTx86) -- C:\Windows\System32\drivers\WUSB54GSCV2_X86.sys ()
DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (Alpham1) -- C:\Windows\System32\drivers\Alpham1.sys (Ideazon Corporation)
DRV - (Alpham2) -- C:\Windows\System32\drivers\Alpham2.sys (Ideazon Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...109&m=et1161-07
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/02/23 18:20:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Extensions
[2009/02/23 18:20:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Extensions\[email protected]
[2010/06/08 20:52:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\extensions
[2010/06/08 20:52:07 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010/09/22 03:26:30 | 000,002,040 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchstonicus.xml

O1 HOSTS File: ([2011/06/20 00:23:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110619164219.dll (McAfee, Inc.)
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [lxcrmon.exe] C:\Program Files\Lexmark 2400 Series\lxcrmon.exe ()
O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MacrokeyManager] C:\Windows\System32\WTMKM.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O15 - HKCU\..Trusted Domains: army.mil ([rw3] https in Trusted sites)
O15 - HKCU\..Trusted Domains: armyfrg.org ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: battle.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: blizzard.com ([us] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://kingsisle.hs...ameLauncher.CAB (Wizard101GameLauncher)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F94859F2-3810-48FA-8403-0E163FD67CAD} https://video.global...idplayer8.2.cab (canvidplayer8ctrl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O24 - Desktop WallPaper: C:\Users\Jennifer\Pictures\WereWolf-1.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jennifer\Pictures\WereWolf-1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/21 11:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/20 00:27:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/20 00:27:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/06/20 00:27:01 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\temp
[2011/06/19 23:49:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/06/19 23:49:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/06/19 23:49:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/06/19 23:49:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/19 23:49:04 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/06/19 23:49:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/19 23:48:54 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/06/19 23:29:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/19 23:29:22 | 004,130,419 | R--- | C] (Swearware) -- C:\Users\Jennifer\Desktop\ComboFix.exe
[2011/06/19 17:26:12 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\security
[2011/06/19 17:22:17 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2011/06/19 16:42:18 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2011/06/19 16:41:52 | 000,141,792 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2011/06/19 16:41:36 | 000,164,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2011/06/19 16:41:36 | 000,064,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2011/06/19 16:41:35 | 000,386,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2011/06/19 16:41:35 | 000,313,288 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2011/06/19 16:41:35 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2011/06/19 16:41:34 | 000,152,960 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2011/06/19 16:41:34 | 000,095,600 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2011/06/19 16:41:34 | 000,052,104 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2011/06/19 16:41:33 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2011/06/17 12:46:58 | 000,000,000 | -H-D | C] -- C:\Windows\System32\Updates
[2011/06/17 12:43:03 | 000,000,000 | -H-D | C] -- C:\Windows\System32\Data
[2011/06/14 00:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/06/14 00:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/06/14 00:24:27 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Conduit
[2011/06/14 00:24:26 | 000,000,000 | ---D | C] -- C:\Program Files\PageRage
[2011/06/14 00:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Runtime
[2011/05/29 23:14:14 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/05/29 22:59:18 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\New Folder (2)
[2011/03/01 19:01:41 | 000,413,696 | -H-- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
[2011/03/01 19:01:41 | 000,397,312 | -H-- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
[2011/03/01 19:01:41 | 000,323,584 | -H-- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll
[2011/03/01 19:01:40 | 001,224,704 | -H-- | C] ( ) -- C:\Windows\System32\lxczserv.dll
[2011/03/01 19:01:40 | 000,991,232 | -H-- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
[2011/03/01 19:01:40 | 000,696,320 | -H-- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
[2011/03/01 19:01:40 | 000,643,072 | -H-- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
[2011/03/01 19:01:40 | 000,585,728 | -H-- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
[2011/03/01 19:01:40 | 000,385,968 | -H-- | C] ( ) -- C:\Windows\System32\lxczih.exe
[2011/03/01 19:01:40 | 000,163,840 | -H-- | C] ( ) -- C:\Windows\System32\lxczprox.dll
[2011/03/01 19:01:40 | 000,094,208 | -H-- | C] ( ) -- C:\Windows\System32\lxczpplc.dll
[2011/03/01 19:01:39 | 000,684,032 | -H-- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
[2011/03/01 19:01:39 | 000,537,520 | -H-- | C] ( ) -- C:\Windows\System32\lxczcoms.exe
[2011/03/01 19:01:39 | 000,421,888 | -H-- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
[2011/03/01 19:01:39 | 000,381,872 | -H-- | C] ( ) -- C:\Windows\System32\lxczcfg.exe
[2009/04/27 22:15:57 | 001,224,704 | -H-- | C] ( ) -- C:\Windows\System32\lxcrserv.dll
[2009/04/27 22:15:57 | 000,991,232 | -H-- | C] ( ) -- C:\Windows\System32\lxcrusb1.dll
[2009/04/27 22:15:57 | 000,684,032 | -H-- | C] ( ) -- C:\Windows\System32\lxcrcomc.dll
[2009/04/27 22:15:57 | 000,643,072 | -H-- | C] ( ) -- C:\Windows\System32\lxcrpmui.dll
[2009/04/27 22:15:57 | 000,585,728 | -H-- | C] ( ) -- C:\Windows\System32\lxcrlmpm.dll
[2009/04/27 22:15:57 | 000,537,520 | -H-- | C] ( ) -- C:\Windows\System32\lxcrcoms.exe
[2009/04/27 22:15:57 | 000,421,888 | -H-- | C] ( ) -- C:\Windows\System32\lxcrcomm.dll
[2009/04/27 22:15:57 | 000,413,696 | -H-- | C] ( ) -- C:\Windows\System32\lxcrinpa.dll
[2009/04/27 22:15:57 | 000,397,312 | -H-- | C] ( ) -- C:\Windows\System32\lxcriesc.dll
[2009/04/27 22:15:57 | 000,385,968 | -H-- | C] ( ) -- C:\Windows\System32\lxcrih.exe
[2009/04/27 22:15:57 | 000,323,584 | -H-- | C] ( ) -- C:\Windows\System32\LXCRhcp.dll
[2009/04/27 22:15:57 | 000,163,840 | -H-- | C] ( ) -- C:\Windows\System32\lxcrprox.dll
[2009/04/27 22:15:57 | 000,094,208 | -H-- | C] ( ) -- C:\Windows\System32\lxcrpplc.dll

========== Files - Modified Within 30 Days ==========

[2011/06/21 16:39:00 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B1976C9C-5D04-4CBD-A895-6745F90D2F60}.job
[2011/06/21 16:28:18 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/21 16:28:18 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/21 15:53:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/21 09:53:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/20 16:28:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/20 16:28:10 | 3085,369,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/20 00:23:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/06/19 23:27:38 | 004,130,419 | R--- | M] (Swearware) -- C:\Users\Jennifer\Desktop\ComboFix.exe
[2011/06/19 17:45:43 | 000,043,520 | ---- | M] () -- C:\Users\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/19 17:25:10 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/19 17:25:10 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/19 17:20:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2011/06/18 10:21:28 | 000,000,794 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/06/18 01:39:35 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\LogConfigTemp.xml

========== Files Created - No Company Name ==========

[2011/06/19 23:49:09 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/19 23:49:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/19 23:49:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/19 23:49:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/19 23:49:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/01 19:05:05 | 000,000,311 | -H-- | C] () -- C:\Windows\Lexstat.ini
[2011/03/01 19:01:41 | 000,413,696 | -H-- | C] () -- C:\Windows\System32\lxczutil.dll
[2011/03/01 19:01:41 | 000,274,432 | -H-- | C] () -- C:\Windows\System32\LXCZinst.dll
[2010/11/23 11:55:02 | 000,000,552 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\d3d8caps.dat
[2010/02/18 13:32:01 | 000,238,072 | ---- | C] () -- C:\Windows\System32\drivers\WUSB54GSCV2_X86.sys
[2010/02/18 13:32:00 | 000,000,758 | -H-- | C] () -- C:\Windows\System32\WLAN.INI
[2010/01/04 00:51:54 | 000,230,752 | -H-- | C] () -- C:\Windows\patchw32.dll
[2010/01/04 00:51:53 | 000,118,176 | -H-- | C] () -- C:\Windows\patchw.dll
[2009/08/03 01:21:54 | 000,197,912 | -H-- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/07/17 19:44:43 | 000,007,063 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/07/06 22:17:05 | 000,000,114 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\wklnhst.dat
[2009/07/06 20:54:03 | 000,364,192 | -H-- | C] () -- C:\Windows\System32\atwtusb.exe
[2009/07/06 20:54:02 | 001,969,824 | -H-- | C] () -- C:\Windows\System32\WTMKM.exe
[2009/07/06 20:54:02 | 000,045,056 | -H-- | C] () -- C:\Windows\System32\InstallService.exe
[2009/07/06 20:54:01 | 000,180,224 | -H-- | C] () -- C:\Windows\System32\ATWTINK.DLL
[2009/07/06 20:54:01 | 000,102,048 | -H-- | C] () -- C:\Windows\RmTablet.exe
[2009/07/06 20:54:01 | 000,021,784 | -H-- | C] () -- C:\Windows\System32\Photoshop Elements.ini
[2009/07/06 20:54:01 | 000,014,446 | -H-- | C] () -- C:\Windows\System32\PhotoImpact XL SE.ini
[2009/07/06 20:54:01 | 000,011,125 | -H-- | C] () -- C:\Windows\System32\Vista.ini
[2009/07/06 20:54:01 | 000,010,438 | -H-- | C] () -- C:\Windows\System32\XP_2000.INI
[2009/07/06 20:54:01 | 000,000,619 | -H-- | C] () -- C:\Windows\System32\MKProfile.ini
[2009/07/06 20:54:00 | 000,006,874 | ---- | C] () -- C:\Windows\aiptbl.ini
[2009/04/27 22:15:57 | 000,274,432 | -H-- | C] () -- C:\Windows\System32\LXCRinst.dll
[2009/04/27 22:04:45 | 000,000,680 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\d3d9caps.dat
[2009/04/12 14:35:14 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2009/02/28 16:01:14 | 000,000,000 | -H-- | C] () -- C:\Windows\setup32.INI
[2009/02/23 23:33:48 | 000,000,209 | -H-- | C] () -- C:\Windows\ODBCINST.INI
[2009/02/23 23:24:51 | 000,000,000 | -H-- | C] () -- C:\Windows\popcinfo.dat
[2009/02/22 20:27:02 | 000,043,520 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/22 20:13:07 | 000,000,295 | -H-- | C] () -- C:\Windows\wininit.ini
[2009/01/14 13:40:17 | 000,487,424 | -H-- | C] () -- C:\Windows\System32\INT15.dll
[2008/10/29 21:15:35 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/10/29 21:01:46 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/10/29 21:01:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007/02/07 19:58:12 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007/01/22 10:49:34 | 000,344,064 | -H-- | C] () -- C:\Windows\System32\lxczcoin.dll
[2006/11/30 11:32:52 | 000,344,064 | -H-- | C] () -- C:\Windows\System32\lxcrcoin.dll
[2006/11/22 17:16:18 | 000,003,612 | -H-- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 13:50:06 | 000,000,037 | -H-- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,395,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,595,446 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,101,144 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/14 16:01:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcrcaps.dll
[2006/08/08 14:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxcrdrs.dll
[2006/06/07 15:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll
[2006/03/27 13:19:14 | 000,040,960 | -H-- | C] () -- C:\Windows\System32\lxczvs.dll
[2006/03/23 03:33:20 | 000,040,960 | -H-- | C] () -- C:\Windows\System32\lxcrvs.dll
[2006/03/07 13:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll
[2006/01/10 19:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
[2006/01/10 19:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll
[2005/12/20 11:54:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcrcnv4.dll
[1997/11/17 17:13:16 | 000,010,240 | -H-- | C] () -- C:\Windows\System32\vidx16.dll

========== LOP Check ==========

[2011/06/21 11:49:33 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\7BFC6CB9824A6E610F33ECA95451ED4F
[2009/11/20 18:34:29 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Acoustica
[2010/03/20 09:36:15 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\LimeWire
[2010/07/09 13:16:20 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\NeopleLauncherDFO
[2009/02/22 19:31:23 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\PlayFirst
[2011/03/14 00:40:25 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\SPORE
[2010/11/23 12:30:11 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Template
[2009/02/22 19:30:41 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\WildTangent
[2011/06/20 16:27:10 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/21 16:44:00 | 000,000,442 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B1976C9C-5D04-4CBD-A895-6745F90D2F60}.job

========== Purity Check ==========



< End of report >



OTL Extras logfile created on: 6/23/2011 10:57:04 AM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Jennifer\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 66.30% Memory free
5.96 Gb Paging File | 4.98 Gb Available in Paging File | 83.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.09 Gb Total Space | 136.10 Gb Free Space | 47.24% Space Free | Partition Type: NTFS
Drive H: | 123.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 963.70 Mb Total Space | 950.73 Mb Free Space | 98.65% Space Free | Partition Type: FAT

Computer Name: JENNIFER-PC | User Name: Jennifer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\Users\Jennifer\AppData\Local\lch.exe ()
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1FFC30A5-82DA-45A6-8807-B748801F5FDC}" = rport=137 | protocol=17 | dir=out | app=system |
"{2029AB4A-974F-4FF0-9FD0-E633CF2AFF0B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{39ACB875-88AA-4019-8AD2-4D8DBFB0E354}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{3CEEEB08-84C8-47EB-A3BC-EC2C2C52B4E4}" = rport=138 | protocol=17 | dir=out | app=system |
"{5F21EF30-6ECD-4429-96A9-4BE3929A4C8F}" = lport=138 | protocol=17 | dir=in | app=system |
"{655105E8-832F-4790-8B03-30B162EBFEC7}" = rport=139 | protocol=6 | dir=out | app=system |
"{69862C35-8F28-4C4D-9420-CE9741508E8E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{6BEC7593-D9D1-4B66-A40A-BAF8F9CC1094}" = lport=139 | protocol=6 | dir=in | app=system |
"{76A0D16C-0716-4591-BB58-ECAD9999CC7C}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader |
"{82B0275C-612D-4788-8EC4-DDEF76D6E832}" = lport=137 | protocol=17 | dir=in | app=system |
"{87CDB451-62BB-482F-AA73-1E13FB9C4C53}" = lport=6112 | protocol=6 | dir=in | name=blizzard downloader |
"{9FF112EC-ED27-432A-9830-E41CD14B3AEE}" = lport=445 | protocol=6 | dir=in | app=system |
"{F06D25D3-F5CD-4E70-BF83-24A46554ACD8}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FC8283-9AB1-4030-AF74-954548064AE6}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{05414E4D-47F7-41D0-9B69-6C04EEF57C3B}" = protocol=17 | dir=in | app=c:\program files\lexmark 2400 series\lxcraiox.exe |
"{05DC1E67-37C5-44B6-8BD4-B4FE0648455B}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{1D5E742F-876F-48F2-A275-993402D058F3}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{23DE2BCD-1FD8-491D-A1A6-9C430169908F}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{243E589B-360A-4D71-A927-0CDE004BB95D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{28DF50D1-2E03-465B-9FF7-C4B799A92DB3}" = protocol=1 | dir=in | [email protected],-28543 |
"{2A3E6658-7D9E-4149-BBC9-F8C858E63615}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{31B3861F-2721-492B-8C6B-00CCBD5139EC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{3F5F249F-F92F-4A1E-86F2-40E0A7E616BB}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{41042D37-6E45-4A02-A6BE-7DF7E7D89D47}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{46B65FF8-BF9E-4F96-BD07-7221168363EF}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{4F53B161-C732-472B-A9DB-6F1D65F2B4FD}" = protocol=1 | dir=out | [email protected],-28544 |
"{548739EE-133B-4396-B40E-B24D2CDD19F1}" = protocol=6 | dir=in | app=c:\windows\system32\lxcrcoms.exe |
"{5FCFD9AE-15B7-4BFB-BE04-44AD96EFDF51}" = protocol=6 | dir=in | app=c:\program files\limewire4\limewire.exe |
"{6182B87A-597B-47CB-95C9-80D1C63645DF}" = protocol=58 | dir=out | [email protected],-28546 |
"{6AC3F764-0C2A-4677-86A0-AE0345CE146B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6B37A4B0-FB3F-4CEA-A933-88E3003ED8BC}" = protocol=6 | dir=in | app=c:\program files\microsoft silverlight\2.0.40115.0\silverlight.configuration.exe |
"{6B462748-C7DB-4DC9-8C3E-909221804570}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6F994B9E-28EF-4D1C-A6A2-24D36F74305B}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{71565BF2-C157-4D34-9C2F-210464CE3BE2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{747A818B-73AA-402F-9714-37CDB52DC0D3}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{77B305F9-8D14-4E07-9E64-37324407DC24}" = protocol=17 | dir=in | app=c:\program files\lexmark 2400 series\lxcrmon.exe |
"{7AAB60C8-7505-476A-AC90-ABC39580E662}" = protocol=6 | dir=in | app=c:\program files\lexmark 2400 series\lxcraiox.exe |
"{7F5C00EC-5252-4AB8-9F2C-300516D5274F}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{8AD4D865-6E24-4D52-BD1B-C1C15975A11F}" = protocol=58 | dir=in | [email protected],-28545 |
"{91659F7F-C4E8-470A-867A-96D2E8079349}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\repair.exe |
"{917981FA-1675-4461-9A72-12EAF4AD2410}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{91A5FBC0-C44E-4CEE-B146-02168B245C33}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{9AA0A6E0-CDE7-46FB-B5B3-DD853C5A8349}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{9C5E00CD-780A-4D6B-8B21-40D394D7A5BA}" = protocol=6 | dir=in | app=c:\program files\lexmark 2400 series\lxcrmon.exe |
"{9F5289FE-D763-4B1C-A10E-CCF08B78F7C1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A13E2519-6BC8-4B23-AB2E-76124A6EEE6E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A22CC669-0205-477C-AF3B-D5DAD1A4D0DC}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{A6F64A26-DFAA-4E22-AACF-158806265D70}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{B161C325-CFF9-479F-9F26-3976877AF683}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{B94D84A7-7E69-40F8-B3E3-7B61DCD80C6D}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe |
"{BE156E99-2FED-4EB5-AD1D-55F26BFE9BD2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{C000C216-0CCE-4193-A8A0-64EA0E2E073B}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{C1709444-A5C2-478D-9429-88A504FDFCC0}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{C66379BF-2070-48FE-8624-C4039F59B265}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{CD9DD064-974E-464B-97CC-BE2394B042EF}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{D14E5239-D0A9-42F2-AC94-C6D95F92640C}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{D1A9B9A9-A8FF-4CEA-919C-9107FFF95F3A}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D436884E-C237-4C49-9735-9C645B4213DE}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{D9799877-FF24-4702-920E-5A3C224D56A3}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{DBEE2844-32DA-401F-86A0-35D4D21AEDE8}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{DC18C0E0-DFF9-4F72-AEF5-8CECB68ED809}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E22C314B-25F7-4ADF-AFA5-C4E1A0CA7B28}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E262D9F8-8E2F-4902-AE8B-1C521284658E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{E60FCFF3-EFB4-4D35-9FDE-1C3EED3B85F4}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{E860F2F9-4AA0-4F81-8F56-B88A375C69D6}" = protocol=17 | dir=in | app=c:\program files\limewire4\limewire.exe |
"{F0FF25B9-6070-4B5D-BEAE-2D8E58926AF0}" = protocol=17 | dir=in | app=c:\windows\system32\lxcrcoms.exe |
"{F4217050-C7D9-47A0-B4BC-314CD7EBB1F5}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{F7BB3F76-630D-4123-9398-95F2A81EF1D9}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F8B629DA-58E2-4EC4-BF93-F9C9A479B43C}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\repair.exe |
"{F8E99B7A-E0B3-49AB-A97C-160A531623D2}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{FBD90657-B169-44C5-BE9F-C75F666927FF}" = protocol=17 | dir=in | app=c:\program files\microsoft silverlight\2.0.40115.0\silverlight.configuration.exe |
"{FE713257-7AAD-4674-8447-55787F9327BB}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe |
"TCP Query User{1FD2CD56-218F-4ED8-A189-D55A5ED82E6B}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{3E3FEAE4-D19F-413C-B3FF-D6B207E909C9}C:\program files\limewire4\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire4\limewire.exe |
"TCP Query User{47EFE739-E8B5-420B-8177-88CF5DF37A01}C:\programdata\48b5b94\sa48b5.exe" = protocol=6 | dir=in | app=c:\programdata\48b5b94\sa48b5.exe |
"TCP Query User{54AAC79B-75A3-408E-B707-2E480C9097B9}C:\programdata\48b5b94\sa48b5.exe" = protocol=6 | dir=in | app=c:\programdata\48b5b94\sa48b5.exe |
"UDP Query User{90211B6E-8FD7-4389-B340-C65FDA54BE79}C:\programdata\48b5b94\sa48b5.exe" = protocol=17 | dir=in | app=c:\programdata\48b5b94\sa48b5.exe |
"UDP Query User{928AB3D1-AABB-4484-9C1A-BBAC86DAC68B}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{9332BA71-F6B9-4D68-B516-A77640FF5374}C:\programdata\48b5b94\sa48b5.exe" = protocol=17 | dir=in | app=c:\programdata\48b5b94\sa48b5.exe |
"UDP Query User{F5FA3BF1-38BE-4671-87C1-1C1FDD6E203A}C:\program files\limewire4\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire4\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{24EEF6D7-A7B6-4AA9-AFD9-407185A7769F}" = MapleStory
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{65563451-00B6-458C-9F9A-03A7757355A6}" = Compact Wireless-G USB Network Adapter with SpeedBooster Driver - WUSB54GSC
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient CAC 6.1 x86
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5F9FF84-6349-4BE6-94AA-F71975412E4A}" = Z Engine
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"Canon iP2600 series User Registration" = Canon iP2600 series User Registration
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Chuzzle Deluxe 1.0" = Chuzzle Deluxe 1.0
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Escape The Museum1.0" = Escape The Museum
"ESET Online Scanner" = ESET Online Scanner v3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"Lexmark 1200 Series" = Lexmark 1200 Series
"Lexmark 2400 Series" = Lexmark 2400 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"PocketRAR" = Pocket RAR documentation
"PROPLUS" = Microsoft Office Professional Plus 2007
"Rmtablet" = Pen Pad Driver with Macro Key Manager
"SpywareGuard_is1" = SpywareGuard v2.2
"UnityWebPlayer" = Unity Web Player
"WildTangent emachines Master Uninstall" = eMachines Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

[ali.B]

hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces

Step 2

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install
• Click Start
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic

Things i would like to see in your reply:

• Malwarebytes Results.
• Eset scanner report.
• Update on how your computer is running

[remember_jordana]

Malwarebytes' Anti-Malware
www.malwarebytes.org

Database version:

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18999

6/23/2011 6:39:36 PM
mbam-log-2011-06-23 (18-39-36).txt

Scan type: Quick scan
Objects scanned: 126649
Time elapsed: 5 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Users\Jennifer\AppData\Local\lch.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



--------------------------------------------------------------------------------------------------------------------------------------------------

rebooted as Malwarebytes said.

Vista Home Security 2012 virus came up as soon as the infected pc opened.

I can not run the ESET scan, cause it will not allow me to use firefox or internet explore.

Edited by remember_jordana, 23 June 2011 - 05:57 PM.

[ali.B]

hi

File details OTLPENet.exe
Bytes=126,850,486
MB=120.9
MD5=8A7C5BA1C92552ADDCC5E468D0AA069A

• Download OTLPENet.exe to your desktop
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
  
  
• Your system should now display a Reatogo desktop.
  Note : as you are running from CD it is not exactly speedy
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• You should have internet access.
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.

[remember_jordana]

Have to go buy CD.

Also, when I download this, I can only access the download from my clean PC. Is that fine.

Second, I don't know what infected drive to enter? C drive?

[ali.B]

hi

Yes its meant that you access it from the clean PC.

C:\ Drive