Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vista security 2012 virus

Started by remember_jordana , Jun 19 2011 10:26 AM

  • This topic is locked This topic is locked

#31
remember_jordana
Posted 25 June 2011 - 11:47 AM

remember_jordana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
I got through the whole process.

However,


I can access the internet (while booted with the CD with limits). It will allow me to the geekstgo.com but not to the any forum pages. I get "this page can not be displayed". So I can not posted from the infected PC.

The infected PC (while booted with CD) will not recognize any USB. So I can not post with my clean PC.


I had to reboot without CD to be able to copy the file to a USB.


---------------------------------------------------------------------------------------------------------------------------------

OTL logfile created on: 6/25/2011 1:11:25 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Windows Vista ™ Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.09 Gb Total Space | 134.98 Gb Free Space | 46.85% Space Free | Partition Type: NTFS
Drive H: | 963.70 Mb Total Space | 950.58 Mb Free Space | 98.64% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2011/03/17 17:38:42 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/03/13 12:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011/03/13 12:41:50 | 000,159,832 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/03/13 12:41:36 | 000,165,000 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/05/06 19:28:00 | 003,596,528 | -H-- | M] (INCA Internet Co., Ltd.) [On_Demand] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/02/24 00:38:32 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/22 22:14:28 | 000,012,800 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/06/11 15:18:30 | 000,024,576 | ---- | M] () [Auto] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008/05/05 18:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 12:25:58 | 000,364,192 | -H-- | M] () [Auto] -- C:\Windows\System32\atwtusb.exe -- (WTService)
SRV - [2007/09/11 04:45:04 | 000,124,832 | ---- | M] () [Auto] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/05/15 19:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2007/04/19 17:43:42 | 000,537,520 | -H-- | M] ( ) [Auto] -- C:\Windows\System32\lxczcoms.exe -- (lxcz_device)
SRV - [2007/04/13 11:49:00 | 000,101,528 | ---- | M] () [Auto] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2006/12/11 12:12:06 | 000,537,520 | -H-- | M] ( ) [Auto] -- C:\Windows\System32\lxcrcoms.exe -- (lxcr_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (XDva281)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - [2011/03/13 12:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 12:20:10 | 000,337,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/03/13 12:20:10 | 000,179,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/03/13 12:20:10 | 000,163,400 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/03/13 12:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/03/13 12:20:10 | 000,085,984 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/03/13 12:20:10 | 000,064,648 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/03/13 12:20:10 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/13 12:20:10 | 000,057,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/01/07 18:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2008/07/22 22:14:24 | 001,203,808 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/06/11 15:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/05/02 10:46:00 | 007,460,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/03/25 01:38:20 | 001,048,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/25 08:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/01/20 22:23:27 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/01/08 15:52:40 | 000,238,072 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\WUSB54GSCV2_X86.sys -- (WUSB54GSCv2.NTx86)
DRV - [2007/10/18 02:11:00 | 000,056,448 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2007/07/23 11:56:58 | 000,042,624 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Alpham1.sys -- (Alpham1)
DRV - [2007/03/20 13:49:52 | 000,018,432 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Alpham2.sys -- (Alpham2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...109&m=et1161-07
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Brianna_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...109&m=et1161-07
IE - HKU\Brianna_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Brianna_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://gaiaonline.com/
IE - HKU\Brianna_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Brianna_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Chris_&_Brianna_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...109&m=et1161-07
IE - HKU\Chris_&_Brianna_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Chris_&_Brianna_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\Chris_&_Brianna_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Chris_&_Brianna_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...109&m=et1161-07
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\Guest_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Jennifer_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Jennifer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKU\Jennifer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com
IE - HKU\Jennifer_ON_C\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - Reg Error: Key error. File not found
IE - HKU\Jennifer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: {0df7b3bb-9581-44bb-835f-061a29ec8a46}:2.1.20090720

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/06/22 11:50:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 18:39:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2009/04/12 15:35:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brianna\AppData\Roaming\Mozilla\Extensions
[2009/02/23 20:05:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brianna\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/12/04 08:14:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\Profiles\v4q6wz1q.default\extensions
[2009/08/02 15:57:36 | 000,000,000 | ---D | M] ("tektek.org GaiaOnline Toolbar 2.1") -- C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\Profiles\v4q6wz1q.default\extensions\{0df7b3bb-9581-44bb-835f-061a29ec8a46}
[2009/09/21 16:15:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\Profiles\v4q6wz1q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/04 08:14:04 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\Profiles\v4q6wz1q.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/09/15 16:08:39 | 000,000,000 | ---D | M] (Personas for Firefox) -- C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\Profiles\v4q6wz1q.default\extensions\personas@christopher(203).beard
[2011/06/22 12:15:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/16 00:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/03/24 09:41:42 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/09/22 04:26:30 | 000,002,040 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchstonicus.xml

O1 HOSTS File: ([2011/06/20 01:23:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - File not found
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110622175522.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\Brianna_ON_C\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\Chris_&_Brianna_ON_C\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (no name) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - No CLSID value found.
O3 - HKU\Jennifer_ON_C\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [lxcrmon.exe] C:\Program Files\Lexmark 2400 Series\lxcrmon.exe ()
O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MacrokeyManager] C:\Windows\System32\WTMKM.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Users\Jennifer\Desktop\security\Malwarebytes' Anti-Malware\gogetum2.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\Chris_&_Brianna_ON_C..\Run: [NrIAdsssyo] File not found
O4 - HKU\Chris_&_Brianna_ON_C..\Run: [swg] File not found
O4 - HKU\Guest_ON_C..\Run: [swg] File not found
O4 - HKU\Guest_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Jennifer_ON_C..\Run: [4074265990] File not found
O4 - Startup: C:\Users\Brianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found
O4 - Startup: C:\Users\Chris & Brianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKU\Brianna_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Brianna_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Brianna_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\Chris_&_Brianna_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Chris_&_Brianna_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Chris_&_Brianna_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\Jennifer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Jennifer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Jennifer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Jennifer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://kingsisle.hs...ameLauncher.CAB (Wizard101GameLauncher)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F94859F2-3810-48FA-8403-0E163FD67CAD} https://video.global...idplayer8.2.cab (canvidplayer8ctrl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/06/23 10:46:02 | 000,000,016 | -H-- | M] () - H:\AUTORUN.INF -- [ FAT ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/23 19:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/06/23 11:55:37 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\RK_Quarantine
[2011/06/23 11:55:08 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2011/06/22 22:25:00 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\Chris & Brianna
[2011/06/22 12:16:01 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Mozilla
[2011/06/22 12:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareGuard
[2011/06/22 12:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2011/06/22 11:43:49 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2011/06/22 11:08:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/06/22 11:08:20 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\temp
[2011/06/22 11:08:20 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Local\temp
[2011/06/22 11:08:20 | 000,000,000 | ---D | C] -- C:\Users\Chris & Brianna\AppData\Local\temp
[2011/06/22 11:08:20 | 000,000,000 | ---D | C] -- C:\Users\Brianna\AppData\Local\temp
[2011/06/22 11:07:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/21 12:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/20 00:49:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/20 00:48:54 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/06/19 18:26:12 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\security
[2011/06/19 17:42:18 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2011/06/19 17:41:52 | 000,148,520 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2011/06/19 17:41:36 | 000,163,400 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2011/06/19 17:41:36 | 000,064,648 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2011/06/19 17:41:35 | 000,459,728 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2011/06/19 17:41:35 | 000,337,912 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2011/06/19 17:41:35 | 000,085,984 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2011/06/19 17:41:34 | 000,179,248 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2011/06/19 17:41:34 | 000,118,784 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2011/06/19 17:41:34 | 000,059,288 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2011/06/19 17:41:33 | 000,057,432 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2011/06/18 02:49:13 | 000,000,000 | -H-D | C] -- C:\Users\Chris & Brianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Repair
[2011/06/17 13:46:58 | 000,000,000 | -H-D | C] -- C:\Windows\System32\Updates
[2011/06/17 13:43:03 | 000,000,000 | -H-D | C] -- C:\Windows\System32\Data
[2011/06/14 01:24:27 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Conduit
[2011/05/30 00:14:14 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/05/29 23:59:18 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\New Folder (2)
[2011/03/01 20:01:41 | 000,413,696 | -H-- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
[2011/03/01 20:01:41 | 000,397,312 | -H-- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
[2011/03/01 20:01:41 | 000,323,584 | -H-- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll
[2011/03/01 20:01:40 | 001,224,704 | -H-- | C] ( ) -- C:\Windows\System32\lxczserv.dll
[2011/03/01 20:01:40 | 000,991,232 | -H-- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
[2011/03/01 20:01:40 | 000,696,320 | -H-- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
[2011/03/01 20:01:40 | 000,643,072 | -H-- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
[2011/03/01 20:01:40 | 000,585,728 | -H-- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
[2011/03/01 20:01:40 | 000,385,968 | -H-- | C] ( ) -- C:\Windows\System32\lxczih.exe
[2011/03/01 20:01:40 | 000,163,840 | -H-- | C] ( ) -- C:\Windows\System32\lxczprox.dll
[2011/03/01 20:01:40 | 000,094,208 | -H-- | C] ( ) -- C:\Windows\System32\lxczpplc.dll
[2011/03/01 20:01:39 | 000,684,032 | -H-- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
[2011/03/01 20:01:39 | 000,537,520 | -H-- | C] ( ) -- C:\Windows\System32\lxczcoms.exe
[2011/03/01 20:01:39 | 000,421,888 | -H-- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
[2011/03/01 20:01:39 | 000,381,872 | -H-- | C] ( ) -- C:\Windows\System32\lxczcfg.exe
[2009/04/27 23:15:57 | 001,224,704 | -H-- | C] ( ) -- C:\Windows\System32\lxcrserv.dll
[2009/04/27 23:15:57 | 000,991,232 | -H-- | C] ( ) -- C:\Windows\System32\lxcrusb1.dll
[2009/04/27 23:15:57 | 000,684,032 | -H-- | C] ( ) -- C:\Windows\System32\lxcrcomc.dll
[2009/04/27 23:15:57 | 000,643,072 | -H-- | C] ( ) -- C:\Windows\System32\lxcrpmui.dll
[2009/04/27 23:15:57 | 000,585,728 | -H-- | C] ( ) -- C:\Windows\System32\lxcrlmpm.dll
[2009/04/27 23:15:57 | 000,537,520 | -H-- | C] ( ) -- C:\Windows\System32\lxcrcoms.exe
[2009/04/27 23:15:57 | 000,421,888 | -H-- | C] ( ) -- C:\Windows\System32\lxcrcomm.dll
[2009/04/27 23:15:57 | 000,413,696 | -H-- | C] ( ) -- C:\Windows\System32\lxcrinpa.dll
[2009/04/27 23:15:57 | 000,397,312 | -H-- | C] ( ) -- C:\Windows\System32\lxcriesc.dll
[2009/04/27 23:15:57 | 000,385,968 | -H-- | C] ( ) -- C:\Windows\System32\lxcrih.exe
[2009/04/27 23:15:57 | 000,323,584 | -H-- | C] ( ) -- C:\Windows\System32\LXCRhcp.dll
[2009/04/27 23:15:57 | 000,163,840 | -H-- | C] ( ) -- C:\Windows\System32\lxcrprox.dll
[2009/04/27 23:15:57 | 000,094,208 | -H-- | C] ( ) -- C:\Windows\System32\lxcrpplc.dll

========== Files - Modified Within 30 Days ==========

[2011/06/25 12:43:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/25 12:43:29 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/25 12:43:29 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/25 12:39:00 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B1976C9C-5D04-4CBD-A895-6745F90D2F60}.job
[2011/06/24 00:46:40 | 000,010,360 | -HS- | M] () -- C:\Users\Jennifer\AppData\Local\w568slnqkb30e8664s56
[2011/06/24 00:46:40 | 000,010,360 | -HS- | M] () -- C:\ProgramData\w568slnqkb30e8664s56
[2011/06/23 19:43:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/06/23 19:43:37 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011/06/23 19:41:11 | 3085,398,016 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/22 22:35:45 | 000,043,520 | ---- | M] () -- C:\Users\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/22 22:22:14 | 000,009,812 | -HS- | M] () -- C:\Users\Jennifer\AppData\Local\2719248685
[2011/06/22 22:22:14 | 000,009,812 | -HS- | M] () -- C:\ProgramData\2719248685
[2011/06/22 20:56:28 | 000,208,896 | -HS- | M] () -- C:\Users\Jennifer\AppData\Local\jv53g.dll
[2011/06/22 12:26:21 | 000,000,794 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/06/22 12:15:57 | 000,000,872 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/22 12:15:57 | 000,000,860 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/22 12:15:57 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/22 12:09:58 | 000,000,798 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2011/06/22 12:09:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareGuard
[2011/06/22 11:24:37 | 000,395,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/22 00:39:59 | 000,000,274 | ---- | M] () -- C:\Users\Public\Documents\neople_uninstaller0.bat
[2011/06/20 01:23:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/06/19 18:25:10 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/19 18:25:10 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/19 18:20:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2011/06/18 02:39:35 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/06/18 02:33:36 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2011/05/30 00:12:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BoontyGames

========== Files Created - No Company Name ==========

[2011/06/22 22:21:41 | 000,009,812 | -HS- | C] () -- C:\Users\Jennifer\AppData\Local\2719248685
[2011/06/22 22:21:41 | 000,009,812 | -HS- | C] () -- C:\ProgramData\2719248685
[2011/06/22 20:56:30 | 000,010,360 | -HS- | C] () -- C:\Users\Jennifer\AppData\Local\w568slnqkb30e8664s56
[2011/06/22 20:56:30 | 000,010,360 | -HS- | C] () -- C:\ProgramData\w568slnqkb30e8664s56
[2011/06/22 20:56:28 | 000,208,896 | -HS- | C] () -- C:\Users\Jennifer\AppData\Local\jv53g.dll
[2011/06/22 12:15:57 | 000,000,872 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/22 12:15:57 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/22 12:15:57 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/22 12:09:58 | 000,000,798 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2011/06/22 11:45:24 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011/06/22 00:39:59 | 000,000,274 | ---- | C] () -- C:\Users\Public\Documents\neople_uninstaller0.bat
[2011/03/01 20:05:05 | 000,000,311 | -H-- | C] () -- C:\Windows\Lexstat.ini
[2011/03/01 20:01:41 | 000,413,696 | -H-- | C] () -- C:\Windows\System32\lxczutil.dll
[2011/03/01 20:01:41 | 000,274,432 | -H-- | C] () -- C:\Windows\System32\LXCZinst.dll
[2010/11/23 12:55:02 | 000,000,552 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\d3d8caps.dat
[2010/02/18 14:32:01 | 000,238,072 | ---- | C] () -- C:\Windows\System32\drivers\WUSB54GSCV2_X86.sys
[2010/02/18 14:32:00 | 000,000,758 | -H-- | C] () -- C:\Windows\System32\WLAN.INI
[2010/01/04 01:51:54 | 000,230,752 | -H-- | C] () -- C:\Windows\patchw32.dll
[2010/01/04 01:51:53 | 000,118,176 | -H-- | C] () -- C:\Windows\patchw.dll
[2009/08/03 02:21:54 | 000,197,912 | -H-- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 02:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 02:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 02:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 02:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 02:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 02:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 02:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 02:21:52 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 02:21:52 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/07/17 20:44:43 | 000,007,063 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/07/08 12:35:23 | 000,000,000 | -H-- | C] () -- C:\Users\Chris & Brianna\AppData\Roaming\wklnhst.dat
[2009/07/06 23:17:05 | 000,000,114 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\wklnhst.dat
[2009/07/06 21:54:03 | 000,364,192 | -H-- | C] () -- C:\Windows\System32\atwtusb.exe
[2009/07/06 21:54:02 | 001,969,824 | -H-- | C] () -- C:\Windows\System32\WTMKM.exe
[2009/07/06 21:54:02 | 000,045,056 | -H-- | C] () -- C:\Windows\System32\InstallService.exe
[2009/07/06 21:54:01 | 000,180,224 | -H-- | C] () -- C:\Windows\System32\ATWTINK.DLL
[2009/07/06 21:54:01 | 000,102,048 | -H-- | C] () -- C:\Windows\RmTablet.exe
[2009/07/06 21:54:01 | 000,021,784 | -H-- | C] () -- C:\Windows\System32\Photoshop Elements.ini
[2009/07/06 21:54:01 | 000,014,446 | -H-- | C] () -- C:\Windows\System32\PhotoImpact XL SE.ini
[2009/07/06 21:54:01 | 000,011,125 | -H-- | C] () -- C:\Windows\System32\Vista.ini
[2009/07/06 21:54:01 | 000,010,438 | -H-- | C] () -- C:\Windows\System32\XP_2000.INI
[2009/07/06 21:54:01 | 000,000,619 | -H-- | C] () -- C:\Windows\System32\MKProfile.ini
[2009/07/06 21:54:00 | 000,006,874 | ---- | C] () -- C:\Windows\aiptbl.ini
[2009/05/16 23:59:27 | 000,003,584 | -H-- | C] () -- C:\Users\Chris & Brianna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/27 23:15:57 | 000,274,432 | -H-- | C] () -- C:\Windows\System32\LXCRinst.dll
[2009/04/27 23:04:45 | 000,000,680 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\d3d9caps.dat
[2009/04/12 15:35:14 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2009/02/28 17:01:14 | 000,000,000 | -H-- | C] () -- C:\Windows\setup32.INI
[2009/02/24 00:33:48 | 000,000,209 | -H-- | C] () -- C:\Windows\ODBCINST.INI
[2009/02/24 00:24:51 | 000,000,000 | -H-- | C] () -- C:\Windows\popcinfo.dat
[2009/02/23 20:15:47 | 000,027,136 | ---- | C] () -- C:\Users\Brianna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/22 21:27:02 | 000,043,520 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/22 21:13:07 | 000,000,295 | -H-- | C] () -- C:\Windows\wininit.ini
[2009/01/14 14:40:17 | 000,487,424 | -H-- | C] () -- C:\Windows\System32\INT15.dll
[2008/10/29 22:15:35 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/10/29 22:01:46 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/10/29 22:01:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007/02/07 20:58:12 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007/01/22 11:49:34 | 000,344,064 | -H-- | C] () -- C:\Windows\System32\lxczcoin.dll
[2006/11/30 12:32:52 | 000,344,064 | -H-- | C] () -- C:\Windows\System32\lxcrcoin.dll
[2006/11/22 18:16:18 | 000,003,612 | -H-- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 14:50:06 | 000,000,037 | -H-- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,395,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,446 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,101,144 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/14 17:01:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcrcaps.dll
[2006/08/08 15:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxcrdrs.dll
[2006/06/07 16:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll
[2006/03/27 14:19:14 | 000,040,960 | -H-- | C] () -- C:\Windows\System32\lxczvs.dll
[2006/03/23 04:33:20 | 000,040,960 | -H-- | C] () -- C:\Windows\System32\lxcrvs.dll
[2006/03/07 14:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll
[2006/01/10 20:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
[2006/01/10 20:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll
[2005/12/20 12:54:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcrcnv4.dll
[1997/11/17 18:13:16 | 000,010,240 | -H-- | C] () -- C:\Windows\System32\vidx16.dll

========== LOP Check ==========

[2010/01/08 19:46:52 | 000,000,000 | ---D | M] -- C:\Users\Brianna\AppData\Roaming\LimeWire
[2009/06/16 12:44:25 | 000,000,000 | ---D | M] -- C:\Users\Brianna\AppData\Roaming\Meebo
[2009/12/18 16:56:45 | 000,000,000 | -H-D | M] -- C:\Users\Chris & Brianna\AppData\Roaming\LimeWire
[2011/01/16 15:07:05 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\WildTangent
[2011/06/21 12:49:33 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\7BFC6CB9824A6E610F33ECA95451ED4F
[2009/11/20 19:34:29 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Acoustica
[2010/03/20 10:36:15 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\LimeWire
[2011/06/22 00:39:59 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\NeopleLauncherDFO
[2009/02/22 20:31:23 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\PlayFirst
[2011/03/14 01:40:25 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\SPORE
[2010/11/23 13:30:11 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Template
[2009/02/22 20:30:41 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\WildTangent
[2010/03/20 00:32:05 | 000,000,000 | -HSD | M] -- C:\ProgramData\48b5b94
[2009/11/20 19:34:13 | 000,000,000 | -H-D | M] -- C:\ProgramData\Acoustica
[2009/07/06 22:00:10 | 000,000,000 | -H-D | M] -- C:\ProgramData\AppData
[2009/02/22 20:07:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data
[2009/05/01 00:53:40 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2010/01/26 00:59:12 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJPLM
[2010/05/15 17:32:14 | 000,000,000 | -H-D | M] -- C:\ProgramData\Dekovir
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/07/02 23:39:07 | 000,000,000 | -H-D | M] -- C:\ProgramData\EscapeTheMuseum
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/02/28 22:25:57 | 000,000,000 | -H-D | M] -- C:\ProgramData\HiddenSecretsNightmare
[2011/02/03 22:18:25 | 000,000,000 | -H-D | M] -- C:\ProgramData\HipSoft
[2009/02/23 22:52:34 | 000,000,000 | -H-D | M] -- C:\ProgramData\KingsIsle Entertainment
[2010/04/23 07:16:24 | 000,000,000 | -H-D | M] -- C:\ProgramData\NexonUS
[2009/02/22 20:31:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\PlayFirst
[2011/03/16 19:33:47 | 000,000,000 | -H-D | M] -- C:\ProgramData\PMB Files
[2009/03/28 11:01:47 | 000,000,000 | -H-D | M] -- C:\ProgramData\RT_Multiplayer
[2010/02/27 17:01:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\SACNQIHZAV
[2010/12/19 21:24:20 | 000,000,000 | -H-D | M] -- C:\ProgramData\Screentime
[2009/06/18 02:49:01 | 000,000,000 | -H-D | M] -- C:\ProgramData\Stardock
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/01/02 14:43:06 | 000,000,000 | -H-D | M] -- C:\ProgramData\Tablet
[2009/01/14 14:44:45 | 000,000,000 | -H-D | M] -- C:\ProgramData\Temp
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/01/16 15:08:10 | 000,000,000 | -H-D | M] -- C:\ProgramData\WildTangent
[2010/12/19 17:19:40 | 000,000,000 | -H-D | M] -- C:\ProgramData\WindowsSearch
[2009/02/22 20:26:00 | 000,000,000 | -H-D | M] -- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/12/18 09:57:33 | 000,000,000 | -H-D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/16 23:57:32 | 000,000,000 | -H-D | M] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/06/25 12:43:29 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/25 12:39:00 | 000,000,442 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B1976C9C-5D04-4CBD-A895-6745F90D2F60}.job

========== Purity Check ==========


< End of report >
  • 0

Advertisements

#32
ali.B
Posted 26 June 2011 - 05:03 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB

  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Open fix.txt copy the content and copy them into the Custom scans and fixes box
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Next

From the clean pc download combofix from Here Save it to desktop then move it to the USB.

Disconnect your infected pc from the internet and start it.

Move ComboFix to the desktop, double click it to run it.

Move the log it produces to your USB and post it here.

Attached Files

  • Attached File  Fix.txt   1018bytes   103 downloads

  • 0

#33
remember_jordana
Posted 26 June 2011 - 11:16 AM

remember_jordana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
OTL logfile created on: 6/26/2011 1:54:56 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Jennifer\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 62.79% Memory free
5.95 Gb Paging File | 4.92 Gb Available in Paging File | 82.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.09 Gb Total Space | 135.66 Gb Free Space | 47.09% Space Free | Partition Type: NTFS

Computer Name: JENNIFER-PC | User Name: Jennifer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/19 17:20:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
PRC - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/22 21:14:28 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/06/11 14:18:30 | 000,024,576 | ---- | M] () -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
PRC - [2007/12/05 11:25:58 | 000,364,192 | -H-- | M] () -- C:\Windows\System32\atwtusb.exe
PRC - [2007/09/11 03:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/05/15 18:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/05/15 18:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/04/19 16:43:42 | 000,537,520 | -H-- | M] ( ) -- C:\Windows\System32\lxczcoms.exe
PRC - [2007/04/13 10:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2006/12/11 11:12:06 | 000,537,520 | -H-- | M] ( ) -- C:\Windows\System32\lxcrcoms.exe


========== Modules (SafeList) ==========

MOD - [2011/06/19 17:20:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (npggsvc)
SRV - [2011/03/17 16:38:42 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/02/23 23:38:32 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/22 21:14:28 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/06/11 14:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008/05/05 17:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 11:25:58 | 000,364,192 | -H-- | M] () [Auto | Running] -- C:\Windows\System32\atwtusb.exe -- (WTService)
SRV - [2007/09/11 03:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/05/15 18:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2007/04/19 16:43:42 | 000,537,520 | -H-- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxczcoms.exe -- (lxcz_device)
SRV - [2007/04/13 10:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2006/12/11 11:12:06 | 000,537,520 | -H-- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcrcoms.exe -- (lxcr_device)


========== Driver Services (SafeList) ==========

DRV - [2011/03/13 11:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 11:20:10 | 000,337,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/03/13 11:20:10 | 000,179,248 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/03/13 11:20:10 | 000,163,400 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/03/13 11:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/03/13 11:20:10 | 000,085,984 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/03/13 11:20:10 | 000,064,648 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/03/13 11:20:10 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/13 11:20:10 | 000,057,432 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/01/07 17:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2008/07/22 21:14:24 | 001,203,808 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/06/11 14:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/05/02 09:46:00 | 007,460,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/03/25 00:38:20 | 001,048,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/25 07:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/01/20 21:23:27 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/01/08 14:52:40 | 000,238,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUSB54GSCV2_X86.sys -- (WUSB54GSCv2.NTx86)
DRV - [2007/10/18 01:11:00 | 000,056,448 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2007/07/23 10:56:58 | 000,042,624 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Alpham1.sys -- (Alpham1)
DRV - [2007/03/20 12:49:52 | 000,018,432 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Alpham2.sys -- (Alpham2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...109&m=et1161-07
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://yahoo.com/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/06/22 10:50:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 17:39:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2009/02/23 18:20:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Extensions
[2009/02/23 18:20:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Extensions\[email protected]
[2010/06/08 20:52:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\extensions
[2010/06/08 20:52:07 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011/06/22 11:15:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/03/30 19:31:23 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\JENNIFER\APPDATA\LOCAL\{4879C4C5-59BD-4068-AF08-9E9746DB3B1E}
[2009/09/20 03:03:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/15 23:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/03/24 08:41:42 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/09/22 03:26:30 | 000,002,040 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchstonicus.xml

O1 HOSTS File: ([2011/06/26 12:45:22 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - File not found
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110622175522.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [lxcrmon.exe] C:\Program Files\Lexmark 2400 Series\lxcrmon.exe ()
O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MacrokeyManager] C:\Windows\System32\WTMKM.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Users\Jennifer\Desktop\security\Malwarebytes' Anti-Malware\gogetum2.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [4074265990] File not found
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O15 - HKCU\..Trusted Domains: army.mil ([rw3] https in Trusted sites)
O15 - HKCU\..Trusted Domains: armyfrg.org ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: battle.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: blizzard.com ([us] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://kingsisle.hs...ameLauncher.CAB (Wizard101GameLauncher)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F94859F2-3810-48FA-8403-0E163FD67CAD} https://video.global...idplayer8.2.cab (canvidplayer8ctrl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O24 - Desktop WallPaper: C:\Users\Jennifer\Pictures\WereWolf-1.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jennifer\Pictures\WereWolf-1.jpg
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Users\Jennifer\AppData\Local\lch.exe" -a "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Users\Jennifer\AppData\Local\lch.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/26 13:52:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/06/26 12:46:41 | 002,234,368 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011/06/26 12:45:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/25 12:12:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/23 10:55:37 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\RK_Quarantine
[2011/06/23 10:55:08 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2011/06/22 21:25:00 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\Chris & Brianna
[2011/06/22 11:16:01 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Mozilla
[2011/06/22 11:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareGuard
[2011/06/22 11:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2011/06/22 10:43:49 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2011/06/22 10:08:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/06/22 10:08:20 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\temp
[2011/06/22 10:07:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/21 11:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/19 23:49:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/19 23:48:54 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/06/19 17:26:12 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\security
[2011/06/19 16:42:18 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2011/06/19 16:41:52 | 000,148,520 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2011/06/19 16:41:36 | 000,163,400 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2011/06/19 16:41:36 | 000,064,648 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2011/06/19 16:41:35 | 000,459,728 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2011/06/19 16:41:35 | 000,337,912 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2011/06/19 16:41:35 | 000,085,984 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2011/06/19 16:41:34 | 000,179,248 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2011/06/19 16:41:34 | 000,118,784 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2011/06/19 16:41:34 | 000,059,288 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2011/06/19 16:41:33 | 000,057,432 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2011/06/17 12:46:58 | 000,000,000 | -H-D | C] -- C:\Windows\System32\Updates
[2011/06/17 12:43:03 | 000,000,000 | -H-D | C] -- C:\Windows\System32\Data
[2011/06/14 00:24:27 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Conduit
[2011/05/29 23:14:14 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/05/29 22:59:18 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\New Folder (2)
[2011/03/01 19:01:41 | 000,413,696 | -H-- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
[2011/03/01 19:01:41 | 000,397,312 | -H-- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
[2011/03/01 19:01:41 | 000,323,584 | -H-- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll
[2011/03/01 19:01:40 | 001,224,704 | -H-- | C] ( ) -- C:\Windows\System32\lxczserv.dll
[2011/03/01 19:01:40 | 000,991,232 | -H-- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
[2011/03/01 19:01:40 | 000,696,320 | -H-- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
[2011/03/01 19:01:40 | 000,643,072 | -H-- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
[2011/03/01 19:01:40 | 000,585,728 | -H-- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
[2011/03/01 19:01:40 | 000,385,968 | -H-- | C] ( ) -- C:\Windows\System32\lxczih.exe
[2011/03/01 19:01:40 | 000,163,840 | -H-- | C] ( ) -- C:\Windows\System32\lxczprox.dll
[2011/03/01 19:01:40 | 000,094,208 | -H-- | C] ( ) -- C:\Windows\System32\lxczpplc.dll
[2011/03/01 19:01:39 | 000,684,032 | -H-- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
[2011/03/01 19:01:39 | 000,537,520 | -H-- | C] ( ) -- C:\Windows\System32\lxczcoms.exe
[2011/03/01 19:01:39 | 000,421,888 | -H-- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
[2011/03/01 19:01:39 | 000,381,872 | -H-- | C] ( ) -- C:\Windows\System32\lxczcfg.exe
[2009/04/27 22:15:57 | 001,224,704 | -H-- | C] ( ) -- C:\Windows\System32\lxcrserv.dll
[2009/04/27 22:15:57 | 000,991,232 | -H-- | C] ( ) -- C:\Windows\System32\lxcrusb1.dll
[2009/04/27 22:15:57 | 000,684,032 | -H-- | C] ( ) -- C:\Windows\System32\lxcrcomc.dll
[2009/04/27 22:15:57 | 000,643,072 | -H-- | C] ( ) -- C:\Windows\System32\lxcrpmui.dll
[2009/04/27 22:15:57 | 000,585,728 | -H-- | C] ( ) -- C:\Windows\System32\lxcrlmpm.dll
[2009/04/27 22:15:57 | 000,537,520 | -H-- | C] ( ) -- C:\Windows\System32\lxcrcoms.exe
[2009/04/27 22:15:57 | 000,421,888 | -H-- | C] ( ) -- C:\Windows\System32\lxcrcomm.dll
[2009/04/27 22:15:57 | 000,413,696 | -H-- | C] ( ) -- C:\Windows\System32\lxcrinpa.dll
[2009/04/27 22:15:57 | 000,397,312 | -H-- | C] ( ) -- C:\Windows\System32\lxcriesc.dll
[2009/04/27 22:15:57 | 000,385,968 | -H-- | C] ( ) -- C:\Windows\System32\lxcrih.exe
[2009/04/27 22:15:57 | 000,323,584 | -H-- | C] ( ) -- C:\Windows\System32\LXCRhcp.dll
[2009/04/27 22:15:57 | 000,163,840 | -H-- | C] ( ) -- C:\Windows\System32\lxcrprox.dll
[2009/04/27 22:15:57 | 000,094,208 | -H-- | C] ( ) -- C:\Windows\System32\lxcrpplc.dll

========== Files - Modified Within 30 Days ==========

[2011/06/26 13:59:00 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B1976C9C-5D04-4CBD-A895-6745F90D2F60}.job
[2011/06/26 13:50:20 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/26 13:50:20 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/26 13:50:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/26 13:50:13 | 3085,352,960 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/26 12:45:22 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/06/22 21:35:45 | 000,043,520 | ---- | M] () -- C:\Users\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/22 11:15:57 | 000,000,872 | ---- | M] () -- C:\Users\Jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/22 11:09:58 | 000,000,798 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2011/06/22 10:24:37 | 000,395,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/19 17:25:10 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/19 17:25:10 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/19 17:20:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2011/06/18 01:39:35 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\LogConfigTemp.xml

========== Files Created - No Company Name ==========

[2011/06/22 11:15:57 | 000,000,872 | ---- | C] () -- C:\Users\Jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/22 11:15:57 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/22 11:09:58 | 000,000,798 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2011/03/01 19:05:05 | 000,000,311 | -H-- | C] () -- C:\Windows\Lexstat.ini
[2011/03/01 19:01:41 | 000,413,696 | -H-- | C] () -- C:\Windows\System32\lxczutil.dll
[2011/03/01 19:01:41 | 000,274,432 | -H-- | C] () -- C:\Windows\System32\LXCZinst.dll
[2010/11/23 11:55:02 | 000,000,552 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\d3d8caps.dat
[2010/02/18 13:32:01 | 000,238,072 | ---- | C] () -- C:\Windows\System32\drivers\WUSB54GSCV2_X86.sys
[2010/02/18 13:32:00 | 000,000,758 | -H-- | C] () -- C:\Windows\System32\WLAN.INI
[2010/01/04 00:51:54 | 000,230,752 | -H-- | C] () -- C:\Windows\patchw32.dll
[2010/01/04 00:51:53 | 000,118,176 | -H-- | C] () -- C:\Windows\patchw.dll
[2009/08/03 01:21:54 | 000,197,912 | -H-- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/07/17 19:44:43 | 000,007,063 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/07/06 22:17:05 | 000,000,114 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\wklnhst.dat
[2009/07/06 20:54:03 | 000,364,192 | -H-- | C] () -- C:\Windows\System32\atwtusb.exe
[2009/07/06 20:54:02 | 001,969,824 | -H-- | C] () -- C:\Windows\System32\WTMKM.exe
[2009/07/06 20:54:02 | 000,045,056 | -H-- | C] () -- C:\Windows\System32\InstallService.exe
[2009/07/06 20:54:01 | 000,180,224 | -H-- | C] () -- C:\Windows\System32\ATWTINK.DLL
[2009/07/06 20:54:01 | 000,102,048 | -H-- | C] () -- C:\Windows\RmTablet.exe
[2009/07/06 20:54:01 | 000,021,784 | -H-- | C] () -- C:\Windows\System32\Photoshop Elements.ini
[2009/07/06 20:54:01 | 000,014,446 | -H-- | C] () -- C:\Windows\System32\PhotoImpact XL SE.ini
[2009/07/06 20:54:01 | 000,011,125 | -H-- | C] () -- C:\Windows\System32\Vista.ini
[2009/07/06 20:54:01 | 000,010,438 | -H-- | C] () -- C:\Windows\System32\XP_2000.INI
[2009/07/06 20:54:01 | 000,000,619 | -H-- | C] () -- C:\Windows\System32\MKProfile.ini
[2009/07/06 20:54:00 | 000,006,874 | ---- | C] () -- C:\Windows\aiptbl.ini
[2009/04/27 22:15:57 | 000,274,432 | -H-- | C] () -- C:\Windows\System32\LXCRinst.dll
[2009/04/27 22:04:45 | 000,000,680 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\d3d9caps.dat
[2009/04/12 14:35:14 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2009/02/28 16:01:14 | 000,000,000 | -H-- | C] () -- C:\Windows\setup32.INI
[2009/02/23 23:33:48 | 000,000,209 | -H-- | C] () -- C:\Windows\ODBCINST.INI
[2009/02/23 23:24:51 | 000,000,000 | -H-- | C] () -- C:\Windows\popcinfo.dat
[2009/02/22 20:27:02 | 000,043,520 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/22 20:13:07 | 000,000,295 | -H-- | C] () -- C:\Windows\wininit.ini
[2009/01/14 13:40:17 | 000,487,424 | -H-- | C] () -- C:\Windows\System32\INT15.dll
[2008/10/29 21:15:35 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/10/29 21:01:46 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/10/29 21:01:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007/02/07 19:58:12 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007/01/22 10:49:34 | 000,344,064 | -H-- | C] () -- C:\Windows\System32\lxczcoin.dll
[2006/11/30 11:32:52 | 000,344,064 | -H-- | C] () -- C:\Windows\System32\lxcrcoin.dll
[2006/11/22 17:16:18 | 000,003,612 | -H-- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 13:50:06 | 000,000,037 | -H-- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,395,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,595,446 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,101,144 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/14 16:01:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcrcaps.dll
[2006/08/08 14:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxcrdrs.dll
[2006/06/07 15:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll
[2006/03/27 13:19:14 | 000,040,960 | -H-- | C] () -- C:\Windows\System32\lxczvs.dll
[2006/03/23 03:33:20 | 000,040,960 | -H-- | C] () -- C:\Windows\System32\lxcrvs.dll
[2006/03/07 13:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll
[2006/01/10 19:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
[2006/01/10 19:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll
[2005/12/20 11:54:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcrcnv4.dll
[1997/11/17 17:13:16 | 000,010,240 | -H-- | C] () -- C:\Windows\System32\vidx16.dll

< End of report >
  • 0

#34
remember_jordana
Posted 26 June 2011 - 11:21 AM

remember_jordana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
I downloaded combofix, but could not run it.

I attached the message I got from it and McAfee kept trying to block it.

And this is on my clean PC.

Attached Thumbnails

  • error from combofix.jpg

Edited by remember_jordana, 26 June 2011 - 11:23 AM.

  • 0

#35
ali.B
Posted 26 June 2011 - 01:56 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

please disable mcafee.

Download a fresh copy of combofix and run it.
  • 0

#36
remember_jordana
Posted 27 June 2011 - 02:49 PM

remember_jordana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
ComboFix 11-06-27.01 - Jennifer 06/27/2011 17:32:24.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2942.1714 [GMT -5:00]
Running from: I:\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jennifer\AppData\Local\{4879C4C5-59BD-4068-AF08-9E9746DB3B1E}
c:\users\Jennifer\AppData\Local\{4879C4C5-59BD-4068-AF08-9E9746DB3B1E}\chrome.manifest
c:\users\Jennifer\AppData\Local\{4879C4C5-59BD-4068-AF08-9E9746DB3B1E}\chrome\content\_cfg.js
c:\users\Jennifer\AppData\Local\{4879C4C5-59BD-4068-AF08-9E9746DB3B1E}\chrome\content\overlay.xul
c:\users\Jennifer\AppData\Local\{4879C4C5-59BD-4068-AF08-9E9746DB3B1E}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2011-05-27 to 2011-06-27 )))))))))))))))))))))))))))))))
.
.
2011-06-27 22:44 . 2011-06-27 22:44 -------- d-----w- c:\users\Jennifer\AppData\Local\temp
2011-06-26 17:46 . 2011-03-06 22:12 2234368 ----a-r- C:\OTLPE.exe
2011-06-26 17:45 . 2011-06-26 17:45 -------- d-----w- C:\_OTL
2011-06-22 22:55 . 2011-03-13 16:42 24376 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2011-06-22 22:39 . 2011-03-24 13:41 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
2011-06-22 16:16 . 2011-06-22 16:16 -------- d-----w- c:\users\Jennifer\AppData\Local\Mozilla
2011-06-22 16:09 . 2011-06-22 16:10 -------- d-----w- c:\program files\SpywareGuard
2011-06-22 15:43 . 2011-06-22 15:43 -------- d-----w- c:\program files\McAfee.com
2011-06-21 16:05 . 2011-06-21 16:05 -------- d-----w- c:\program files\ESET
2011-06-21 06:33 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DA673C5-22E1-42B1-86C0-2B3D90987C14}\mpengine.dll
2011-06-20 04:48 . 2011-06-27 22:30 -------- d-----w- C:\32788R22FWJFW
2011-06-19 21:42 . 2011-03-13 16:20 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-06-19 21:41 . 2011-03-13 16:45 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-06-19 21:41 . 2011-03-13 16:20 64648 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-06-19 21:41 . 2011-03-13 16:20 163400 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-06-19 21:41 . 2011-03-13 16:20 85984 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-06-19 21:41 . 2011-03-13 16:20 459728 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-06-19 21:41 . 2011-03-13 16:20 337912 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-06-19 21:41 . 2011-03-13 16:20 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-06-19 21:41 . 2011-03-13 16:20 179248 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-06-19 21:41 . 2011-03-13 16:20 118784 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-06-19 21:41 . 2011-03-13 16:20 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-06-17 17:46 . 2011-06-17 17:47 -------- d--h--w- c:\windows\system32\Updates
2011-06-17 17:43 . 2011-06-17 17:47 -------- d--h--w- c:\windows\system32\Data
2011-06-14 05:24 . 2011-06-23 02:21 -------- d-----w- c:\users\Jennifer\AppData\Local\Conduit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 00:14 . 2009-10-03 02:12 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-16 04:17 . 2011-06-22 16:15 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-24 13:41 . 2011-06-22 22:39 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-23 6183456]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-27 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 92704]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2006-12-11 291760]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"MacrokeyManager"="WTMKM.exe" [2007-11-13 1969824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-04-19 74672]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-26 1306216]
"Malwarebytes' Anti-Malware (reboot)"="c:\users\Jennifer\Desktop\security\Malwarebytes' Anti-Malware\gogetum2.exe" [2011-05-29 1047656]
.
c:\users\Brianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire4\LimeWire.exe [N/A]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Chris & Brianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire4\LimeWire.exe [N/A]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ActivClient Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk
backup=c:\windows\pss\ActivClient Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Jennifer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\accrdsub]
2007-05-15 23:08 293168 ----a-w- c:\program files\ActivIdentity\ActivClient\accrdsub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-11 08:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-09-14 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2006-12-11 16:11 82864 ----a-w- c:\program files\Lexmark 2400 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 22:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCRCATS]
2006-11-21 17:27 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxcrtime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2011-03-16 23:33 3046808 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zboard]
2007-09-24 21:57 57344 ----a-w- c:\program files\Ideazon\ZEngine\Zboard.exe
.
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-01-07 38224]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-03-13 85984]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [2007-10-18 56448]
R3 WUSB54GSCv2.NTx86;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\DRIVERS\WUSB54GSCV2_X86.sys [2008-01-08 238072]
R3 XDva281;XDva281;c:\windows\system32\XDva281.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-03-13 64648]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-03-13 163400]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
S2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [2008-06-11 24576]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-13 159832]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-03-13 148520]
S2 WTService;WTService;c:\windows\system32\atwtusb.exe [2007-12-05 364192]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-03-13 57432]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-03-13 337912]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-27 c:\windows\Tasks\User_Feed_Synchronization-{B1976C9C-5D04-4CBD-A895-6745F90D2F60}.job
- c:\windows\system32\msfeedssync.exe [2011-01-16 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0109&m=et1161-07
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: army.mil\rw3
Trusted Zone: armyfrg.org\www
Trusted Zone: battle.net
Trusted Zone: blizzard.com\us
Trusted Zone: yahoo.com\www
TCP: DhcpNameServer = 10.0.0.1
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {F94859F2-3810-48FA-8403-0E163FD67CAD} - hxxps://video.globalwageringservice.com/canvid/canvidplayer8.2.cab
FF - ProfilePath - c:\users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\6vzu0tfn.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)
WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)
ShellIconOverlayIdentifiers-{DACA36CB-4226-7130-ECD3-12DA25BCA0BA} - c:\users\Jennifer\AppData\Local\jv53g.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-27 17:44
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-900549949-4010315702-2149795806-1000\Software\SecuROM\License information*]
"datasecu"=hex:25,94,e2,3e,39,fe,2c,55,f2,26,71,1f,f6,69,fc,42,e5,13,41,74,d6,
d5,a1,b7,50,bf,dd,0c,dc,67,83,af,05,82,03,1a,f4,1f,1c,98,20,91,b1,7a,67,84,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-06-27 17:47:55
ComboFix-quarantined-files.txt 2011-06-27 22:47
.
Pre-Run: 145,337,688,064 bytes free
Post-Run: 145,309,966,336 bytes free
.
- - End Of File - - 58CC019E217106925A1F9099CD83AF1C
  • 0

#37
ali.B
Posted 27 June 2011 - 03:36 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\XDva281.sys

Driver::
XDva281


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Then

Download Dr.Web CureIt to the desktop.
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow Posted Image at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new OTL log.
NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.
  • 0

#38
remember_jordana
Posted 27 June 2011 - 04:54 PM

remember_jordana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
ComboFix 11-06-27.01 - Jennifer 06/27/2011 19:17:38.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2942.1541 [GMT -5:00]
Running from: I:\ComboFix.exe
Command switches used :: c:\users\Jennifer\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\XDva281.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XDVA281
-------\Service_XDva281
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-28 )))))))))))))))))))))))))))))))
.
.
2011-06-28 00:37 . 2011-06-28 00:39 -------- d-----w- c:\users\Jennifer\AppData\Local\temp
2011-06-28 00:37 . 2011-06-28 00:37 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-06-28 00:37 . 2011-06-28 00:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-28 00:37 . 2011-06-28 00:37 -------- d-----w- c:\users\Chris & Brianna\AppData\Local\temp
2011-06-28 00:37 . 2011-06-28 00:37 -------- d-----w- c:\users\Brianna\AppData\Local\temp
2011-06-26 17:46 . 2011-03-06 22:12 2234368 ----a-r- C:\OTLPE.exe
2011-06-26 17:45 . 2011-06-26 17:45 -------- d-----w- C:\_OTL
2011-06-22 22:55 . 2011-03-13 16:42 24376 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2011-06-22 22:39 . 2011-03-24 13:41 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
2011-06-22 16:16 . 2011-06-22 16:16 -------- d-----w- c:\users\Jennifer\AppData\Local\Mozilla
2011-06-22 16:09 . 2011-06-22 16:10 -------- d-----w- c:\program files\SpywareGuard
2011-06-22 15:43 . 2011-06-22 15:43 -------- d-----w- c:\program files\McAfee.com
2011-06-21 16:05 . 2011-06-21 16:05 -------- d-----w- c:\program files\ESET
2011-06-21 06:33 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DA673C5-22E1-42B1-86C0-2B3D90987C14}\mpengine.dll
2011-06-20 04:48 . 2011-06-28 00:16 -------- d-----w- C:\32788R22FWJFW
2011-06-19 21:42 . 2011-03-13 16:20 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-06-19 21:41 . 2011-03-13 16:45 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-06-19 21:41 . 2011-03-13 16:20 64648 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-06-19 21:41 . 2011-03-13 16:20 163400 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-06-19 21:41 . 2011-03-13 16:20 85984 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-06-19 21:41 . 2011-03-13 16:20 459728 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-06-19 21:41 . 2011-03-13 16:20 337912 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-06-19 21:41 . 2011-03-13 16:20 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-06-19 21:41 . 2011-03-13 16:20 179248 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-06-19 21:41 . 2011-03-13 16:20 118784 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-06-19 21:41 . 2011-03-13 16:20 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-06-17 17:46 . 2011-06-17 17:47 -------- d--h--w- c:\windows\system32\Updates
2011-06-17 17:43 . 2011-06-17 17:47 -------- d--h--w- c:\windows\system32\Data
2011-06-14 05:24 . 2011-06-23 02:21 -------- d-----w- c:\users\Jennifer\AppData\Local\Conduit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 00:14 . 2009-10-03 02:12 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-16 04:17 . 2011-06-22 16:15 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-24 13:41 . 2011-06-22 22:39 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-23 6183456]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-27 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 92704]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2006-12-11 291760]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"MacrokeyManager"="WTMKM.exe" [2007-11-13 1969824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-04-19 74672]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-26 1306216]
"Malwarebytes' Anti-Malware (reboot)"="c:\users\Jennifer\Desktop\security\Malwarebytes' Anti-Malware\gogetum2.exe" [2011-05-29 1047656]
.
c:\users\Brianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire4\LimeWire.exe [N/A]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Chris & Brianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire4\LimeWire.exe [N/A]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ActivClient Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk
backup=c:\windows\pss\ActivClient Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Jennifer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\accrdsub]
2007-05-15 23:08 293168 ----a-w- c:\program files\ActivIdentity\ActivClient\accrdsub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-11 08:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-09-14 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2006-12-11 16:11 82864 ----a-w- c:\program files\Lexmark 2400 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 22:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCRCATS]
2006-11-21 17:27 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxcrtime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2011-03-16 23:33 3046808 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zboard]
2007-09-24 21:57 57344 ----a-w- c:\program files\Ideazon\ZEngine\Zboard.exe
.
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-01-07 38224]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-03-13 85984]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [2007-10-18 56448]
R3 WUSB54GSCv2.NTx86;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\DRIVERS\WUSB54GSCV2_X86.sys [2008-01-08 238072]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-03-13 64648]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-03-13 163400]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
S2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [2008-06-11 24576]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-13 159832]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-03-13 148520]
S2 WTService;WTService;c:\windows\system32\atwtusb.exe [2007-12-05 364192]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-03-13 57432]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-03-13 337912]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-28 c:\windows\Tasks\User_Feed_Synchronization-{B1976C9C-5D04-4CBD-A895-6745F90D2F60}.job
- c:\windows\system32\msfeedssync.exe [2011-01-16 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0109&m=et1161-07
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: army.mil\rw3
Trusted Zone: armyfrg.org\www
Trusted Zone: battle.net
Trusted Zone: blizzard.com\us
Trusted Zone: yahoo.com\www
TCP: DhcpNameServer = 10.0.0.1
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {F94859F2-3810-48FA-8403-0E163FD67CAD} - hxxps://video.globalwageringservice.com/canvid/canvidplayer8.2.cab
FF - ProfilePath - c:\users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\6vzu0tfn.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-27 19:42
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-900549949-4010315702-2149795806-1000\Software\SecuROM\License information*]
"datasecu"=hex:25,94,e2,3e,39,fe,2c,55,f2,26,71,1f,f6,69,fc,42,e5,13,41,74,d6,
d5,a1,b7,50,bf,dd,0c,dc,67,83,af,05,82,03,1a,f4,1f,1c,98,20,91,b1,7a,67,84,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3052)
c:\progra~1\mcafee\sitead~1\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\System32\LEXBCES.EXE
c:\windows\System32\LEXPPS.EXE
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\system32\lxcrcoms.exe
c:\windows\system32\lxczcoms.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
.
**************************************************************************
.
Completion time: 2011-06-27 19:46:29 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-28 00:46
.
Pre-Run: 145,337,348,096 bytes free
Post-Run: 145,002,160,128 bytes free
.
- - End Of File - - 9739326E8E18B62A2E2FDD807448761F
  • 0

#39
remember_jordana
Posted 27 June 2011 - 05:36 PM

remember_jordana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
drweb-cureit short scan is still actively running (30mins so far). Nothing found so far.
  • 0

#40
remember_jordana
Posted 27 June 2011 - 07:09 PM

remember_jordana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
short scan finished, Starting Complete Scan now.
  • 0

Advertisements

#41
remember_jordana
Posted 27 June 2011 - 10:03 PM

remember_jordana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Dr Web CureIt "complete scan" is still activity running.

However, the only thing it has found so far is a trojan (siggen2.43612) in the the OTL.exe

Should I still run and post the OTL after the reboot?
  • 0

#42
ali.B
Posted 28 June 2011 - 01:33 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
When the scan is done post a new OTL log.
  • 0

#43
remember_jordana
Posted 28 June 2011 - 09:38 AM

remember_jordana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Ran the whole DR Web (complete scan). Only found OTL.exe and McAfee.

When I went to "file", clicked the save log. I got a blue screen saying something about a spool/pool error then the PC rebooted on its own.

There is no log posted on the desktop or after running a search.

Edited by remember_jordana, 28 June 2011 - 10:13 AM.

  • 0

#44
remember_jordana
Posted 28 June 2011 - 10:00 AM

remember_jordana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
OTL logfile created on: 6/28/2011 12:39:45 PM - Run 3
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Jennifer\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 62.86% Memory free
5.96 Gb Paging File | 4.94 Gb Available in Paging File | 82.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.09 Gb Total Space | 134.29 Gb Free Space | 46.61% Space Free | Partition Type: NTFS
Drive I: | 963.70 Mb Total Space | 950.14 Mb Free Space | 98.59% Space Free | Partition Type: FAT

Computer Name: JENNIFER-PC | User Name: Jennifer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/19 17:20:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
PRC - [2011/06/15 23:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/25 21:24:16 | 001,306,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/03/17 16:38:48 | 000,308,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\McVsShld.exe
PRC - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/12/15 23:46:06 | 000,151,056 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\Core\mchost.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/23 13:25:32 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/07/22 21:14:28 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/06/11 14:18:30 | 000,024,576 | ---- | M] () -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
PRC - [2007/12/05 11:25:58 | 000,364,192 | -H-- | M] () -- C:\Windows\System32\atwtusb.exe
PRC - [2007/11/13 13:23:18 | 001,969,824 | -H-- | M] () -- C:\Windows\System32\WTMKM.exe
PRC - [2007/09/11 03:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/05/15 18:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/05/15 18:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/04/19 16:44:18 | 000,074,672 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
PRC - [2007/04/19 16:44:12 | 000,058,288 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\LXCZbmon.exe
PRC - [2007/04/19 16:43:42 | 000,537,520 | -H-- | M] ( ) -- C:\Windows\System32\lxczcoms.exe
PRC - [2007/04/13 10:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2006/12/11 11:12:06 | 000,537,520 | -H-- | M] ( ) -- C:\Windows\System32\lxcrcoms.exe
PRC - [2006/12/11 11:11:54 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
PRC - [2006/11/02 07:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (SafeList) ==========

MOD - [2011/06/19 17:20:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (npggsvc)
SRV - [2011/03/17 16:38:42 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/02/23 23:38:32 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/22 21:14:28 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/06/11 14:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008/05/05 17:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 11:25:58 | 000,364,192 | -H-- | M] () [Auto | Running] -- C:\Windows\System32\atwtusb.exe -- (WTService)
SRV - [2007/09/11 03:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/05/15 18:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2007/04/19 16:43:42 | 000,537,520 | -H-- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxczcoms.exe -- (lxcz_device)
SRV - [2007/04/13 10:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2006/12/11 11:12:06 | 000,537,520 | -H-- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcrcoms.exe -- (lxcr_device)


========== Driver Services (SafeList) ==========

DRV - [2011/03/13 11:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 11:20:10 | 000,337,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/03/13 11:20:10 | 000,179,248 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/03/13 11:20:10 | 000,163,400 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/03/13 11:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/03/13 11:20:10 | 000,085,984 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/03/13 11:20:10 | 000,064,648 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/03/13 11:20:10 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/13 11:20:10 | 000,057,432 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/01/07 17:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2008/07/22 21:14:24 | 001,203,808 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/06/11 14:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/05/02 09:46:00 | 007,460,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/03/25 00:38:20 | 001,048,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/25 07:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/01/20 21:23:27 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/01/08 14:52:40 | 000,238,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUSB54GSCV2_X86.sys -- (WUSB54GSCv2.NTx86)
DRV - [2007/10/18 01:11:00 | 000,056,448 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2007/07/23 10:56:58 | 000,042,624 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Alpham1.sys -- (Alpham1)
DRV - [2007/03/20 12:49:52 | 000,018,432 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Alpham2.sys -- (Alpham2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...109&m=et1161-07
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://yahoo.com/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/06/22 10:50:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 17:39:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2009/02/23 18:20:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Extensions
[2009/02/23 18:20:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Extensions\[email protected]
[2010/06/08 20:52:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\extensions
[2010/06/08 20:52:07 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011/06/22 11:15:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2009/09/20 03:03:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/15 23:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/03/24 08:41:42 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/09/22 03:26:30 | 000,002,040 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchstonicus.xml

O1 HOSTS File: ([2011/06/27 19:39:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - File not found
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110622175522.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [lxcrmon.exe] C:\Program Files\Lexmark 2400 Series\lxcrmon.exe ()
O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MacrokeyManager] C:\Windows\System32\WTMKM.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Users\Jennifer\Desktop\security\Malwarebytes' Anti-Malware\gogetum2.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O15 - HKCU\..Trusted Domains: army.mil ([rw3] https in Trusted sites)
O15 - HKCU\..Trusted Domains: armyfrg.org ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: battle.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: blizzard.com ([us] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://kingsisle.hs...ameLauncher.CAB (Wizard101GameLauncher)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F94859F2-3810-48FA-8403-0E163FD67CAD} https://video.global...idplayer8.2.cab (canvidplayer8ctrl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O24 - Desktop WallPaper: C:\Users\Jennifer\Pictures\WereWolf-1.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jennifer\Pictures\WereWolf-1.jpg
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/06/23 10:46:02 | 000,000,016 | -H-- | M] () - I:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/28 12:39:31 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2011/06/28 12:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/06/27 20:08:09 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\DoctorWeb
[2011/06/27 19:46:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/06/27 19:46:32 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\temp
[2011/06/27 19:40:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/27 19:16:49 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/06/27 17:30:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/06/27 17:30:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/06/27 17:30:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/06/26 14:07:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/26 12:46:41 | 002,234,368 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011/06/26 12:45:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/23 10:55:37 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\RK_Quarantine
[2011/06/22 21:25:00 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\Chris & Brianna
[2011/06/22 11:16:01 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Mozilla
[2011/06/22 11:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareGuard
[2011/06/22 11:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2011/06/22 10:43:49 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2011/06/21 11:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/19 23:49:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/19 23:48:54 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/06/19 17:26:12 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\security
[2011/06/19 16:42:18 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2011/06/19 16:41:52 | 000,148,520 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2011/06/19 16:41:36 | 000,163,400 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2011/06/19 16:41:36 | 000,064,648 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2011/06/19 16:41:35 | 000,459,728 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2011/06/19 16:41:35 | 000,337,912 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2011/06/19 16:41:35 | 000,085,984 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2011/06/19 16:41:34 | 000,179,248 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2011/06/19 16:41:34 | 000,118,784 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2011/06/19 16:41:34 | 000,059,288 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2011/06/19 16:41:33 | 000,057,432 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2011/06/17 12:46:58 | 000,000,000 | -H-D | C] -- C:\Windows\System32\Updates
[2011/06/17 12:43:03 | 000,000,000 | -H-D | C] -- C:\Windows\System32\Data
[2011/06/14 00:24:27 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Conduit
[2011/05/29 23:14:14 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/05/29 22:59:18 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\New Folder (2)
[2011/03/01 19:01:41 | 000,413,696 | -H-- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
[2011/03/01 19:01:41 | 000,397,312 | -H-- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
[2011/03/01 19:01:41 | 000,323,584 | -H-- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll
[2011/03/01 19:01:40 | 001,224,704 | -H-- | C] ( ) -- C:\Windows\System32\lxczserv.dll
[2011/03/01 19:01:40 | 000,991,232 | -H-- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
[2011/03/01 19:01:40 | 000,696,320 | -H-- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
[2011/03/01 19:01:40 | 000,643,072 | -H-- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
[2011/03/01 19:01:40 | 000,585,728 | -H-- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
[2011/03/01 19:01:40 | 000,385,968 | -H-- | C] ( ) -- C:\Windows\System32\lxczih.exe
[2011/03/01 19:01:40 | 000,163,840 | -H-- | C] ( ) -- C:\Windows\System32\lxczprox.dll
[2011/03/01 19:01:40 | 000,094,208 | -H-- | C] ( ) -- C:\Windows\System32\lxczpplc.dll
[2011/03/01 19:01:39 | 000,684,032 | -H-- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
[2011/03/01 19:01:39 | 000,537,520 | -H-- | C] ( ) -- C:\Windows\System32\lxczcoms.exe
[2011/03/01 19:01:39 | 000,421,888 | -H-- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
[2011/03/01 19:01:39 | 000,381,872 | -H-- | C] ( ) -- C:\Windows\System32\lxczcfg.exe
[2009/04/27 22:15:57 | 001,224,704 | -H-- | C] ( ) -- C:\Windows\System32\lxcrserv.dll
[2009/04/27 22:15:57 | 000,991,232 | -H-- | C] ( ) -- C:\Windows\System32\lxcrusb1.dll
[2009/04/27 22:15:57 | 000,684,032 | -H-- | C] ( ) -- C:\Windows\System32\lxcrcomc.dll
[2009/04/27 22:15:57 | 000,643,072 | -H-- | C] ( ) -- C:\Windows\System32\lxcrpmui.dll
[2009/04/27 22:15:57 | 000,585,728 | -H-- | C] ( ) -- C:\Windows\System32\lxcrlmpm.dll
[2009/04/27 22:15:57 | 000,537,520 | -H-- | C] ( ) -- C:\Windows\System32\lxcrcoms.exe
[2009/04/27 22:15:57 | 000,421,888 | -H-- | C] ( ) -- C:\Windows\System32\lxcrcomm.dll
[2009/04/27 22:15:57 | 000,413,696 | -H-- | C] ( ) -- C:\Windows\System32\lxcrinpa.dll
[2009/04/27 22:15:57 | 000,397,312 | -H-- | C] ( ) -- C:\Windows\System32\lxcriesc.dll
[2009/04/27 22:15:57 | 000,385,968 | -H-- | C] ( ) -- C:\Windows\System32\lxcrih.exe
[2009/04/27 22:15:57 | 000,323,584 | -H-- | C] ( ) -- C:\Windows\System32\LXCRhcp.dll
[2009/04/27 22:15:57 | 000,163,840 | -H-- | C] ( ) -- C:\Windows\System32\lxcrprox.dll
[2009/04/27 22:15:57 | 000,094,208 | -H-- | C] ( ) -- C:\Windows\System32\lxcrpplc.dll

========== Files - Modified Within 30 Days ==========

[2011/06/28 12:44:00 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B1976C9C-5D04-4CBD-A895-6745F90D2F60}.job
[2011/06/28 12:31:24 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/28 12:31:24 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/28 12:31:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/28 12:31:06 | 3085,312,000 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/28 12:31:04 | 385,780,238 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/27 19:39:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/06/27 17:28:57 | 000,000,293 | ---- | M] () -- C:\Users\Jennifer\Desktop\ComboFix - Shortcut.lnk
[2011/06/22 21:35:45 | 000,043,520 | ---- | M] () -- C:\Users\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/22 11:15:57 | 000,000,872 | ---- | M] () -- C:\Users\Jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/22 11:09:58 | 000,000,798 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2011/06/22 10:24:37 | 000,395,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/19 17:25:10 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/19 17:25:10 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/19 17:20:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2011/06/18 01:39:35 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\LogConfigTemp.xml

========== Files Created - No Company Name ==========

[2011/06/27 17:30:43 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/27 17:30:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/27 17:30:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/27 17:30:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/27 17:30:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/27 17:28:57 | 000,000,293 | ---- | C] () -- C:\Users\Jennifer\Desktop\ComboFix - Shortcut.lnk
[2011/06/22 11:15:57 | 000,000,872 | ---- | C] () -- C:\Users\Jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/22 11:15:57 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/22 11:09:58 | 000,000,798 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2011/03/01 19:05:05 | 000,000,311 | -H-- | C] () -- C:\Windows\Lexstat.ini
[2011/03/01 19:01:41 | 000,413,696 | -H-- | C] () -- C:\Windows\System32\lxczutil.dll
[2011/03/01 19:01:41 | 000,274,432 | -H-- | C] () -- C:\Windows\System32\LXCZinst.dll
[2010/11/23 11:55:02 | 000,000,552 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\d3d8caps.dat
[2010/02/18 13:32:01 | 000,238,072 | ---- | C] () -- C:\Windows\System32\drivers\WUSB54GSCV2_X86.sys
[2010/02/18 13:32:00 | 000,000,758 | -H-- | C] () -- C:\Windows\System32\WLAN.INI
[2010/01/04 00:51:54 | 000,230,752 | -H-- | C] () -- C:\Windows\patchw32.dll
[2010/01/04 00:51:53 | 000,118,176 | -H-- | C] () -- C:\Windows\patchw.dll
[2009/08/03 01:21:54 | 000,197,912 | -H-- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/07/17 19:44:43 | 000,007,063 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/07/06 22:17:05 | 000,000,114 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\wklnhst.dat
[2009/07/06 20:54:03 | 000,364,192 | -H-- | C] () -- C:\Windows\System32\atwtusb.exe
[2009/07/06 20:54:02 | 001,969,824 | -H-- | C] () -- C:\Windows\System32\WTMKM.exe
[2009/07/06 20:54:02 | 000,045,056 | -H-- | C] () -- C:\Windows\System32\InstallService.exe
[2009/07/06 20:54:01 | 000,180,224 | -H-- | C] () -- C:\Windows\System32\ATWTINK.DLL
[2009/07/06 20:54:01 | 000,102,048 | -H-- | C] () -- C:\Windows\RmTablet.exe
[2009/07/06 20:54:01 | 000,021,784 | -H-- | C] () -- C:\Windows\System32\Photoshop Elements.ini
[2009/07/06 20:54:01 | 000,014,446 | -H-- | C] () -- C:\Windows\System32\PhotoImpact XL SE.ini
[2009/07/06 20:54:01 | 000,011,125 | -H-- | C] () -- C:\Windows\System32\Vista.ini
[2009/07/06 20:54:01 | 000,010,438 | -H-- | C] () -- C:\Windows\System32\XP_2000.INI
[2009/07/06 20:54:01 | 000,000,619 | -H-- | C] () -- C:\Windows\System32\MKProfile.ini
[2009/07/06 20:54:00 | 000,006,874 | ---- | C] () -- C:\Windows\aiptbl.ini
[2009/04/27 22:15:57 | 000,274,432 | -H-- | C] () -- C:\Windows\System32\LXCRinst.dll
[2009/04/27 22:04:45 | 000,000,680 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\d3d9caps.dat
[2009/04/12 14:35:14 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2009/02/28 16:01:14 | 000,000,000 | -H-- | C] () -- C:\Windows\setup32.INI
[2009/02/23 23:33:48 | 000,000,209 | -H-- | C] () -- C:\Windows\ODBCINST.INI
[2009/02/23 23:24:51 | 000,000,000 | -H-- | C] () -- C:\Windows\popcinfo.dat
[2009/02/22 20:27:02 | 000,043,520 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/22 20:13:07 | 000,000,295 | -H-- | C] () -- C:\Windows\wininit.ini
[2009/01/14 13:40:17 | 000,487,424 | -H-- | C] () -- C:\Windows\System32\INT15.dll
[2008/10/29 21:15:35 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/10/29 21:01:46 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/10/29 21:01:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007/02/07 19:58:12 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007/01/22 10:49:34 | 000,344,064 | -H-- | C] () -- C:\Windows\System32\lxczcoin.dll
[2006/11/30 11:32:52 | 000,344,064 | -H-- | C] () -- C:\Windows\System32\lxcrcoin.dll
[2006/11/22 17:16:18 | 000,003,612 | -H-- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 13:50:06 | 000,000,037 | -H-- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,395,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,595,446 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,101,144 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/14 16:01:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcrcaps.dll
[2006/08/08 14:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxcrdrs.dll
[2006/06/07 15:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll
[2006/03/27 13:19:14 | 000,040,960 | -H-- | C] () -- C:\Windows\System32\lxczvs.dll
[2006/03/23 03:33:20 | 000,040,960 | -H-- | C] () -- C:\Windows\System32\lxcrvs.dll
[2006/03/07 13:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll
[2006/01/10 19:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
[2006/01/10 19:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll
[2005/12/20 11:54:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcrcnv4.dll
[1997/11/17 17:13:16 | 000,010,240 | -H-- | C] () -- C:\Windows\System32\vidx16.dll

< End of report >
  • 0

#45
ali.B
Posted 28 June 2011 - 01:56 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
that log is not complete

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

How is your system running? any issues?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP