WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Bankerfox.A and Win32/Nuqel.e help please

2 posters

descriptionBankerfox.A and Win32/Nuqel.e help please EmptyBankerfox.A and Win32/Nuqel.e help please17th April 2010, 12:46 am

more_horiz
I need help getting this off my computer I download Malware but I am unable to run the program. I can also download hijackthis but again unable to run. Can you help please
Dmcc85

descriptionBankerfox.A and Win32/Nuqel.e help please EmptyRe: Bankerfox.A and Win32/Nuqel.e help please17th April 2010, 12:34 pm

more_horiz
Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Bankerfox.A and Win32/Nuqel.e help please DXwU4
Bankerfox.A and Win32/Nuqel.e help please VvYDg

descriptionBankerfox.A and Win32/Nuqel.e help please EmptyRe: Bankerfox.A and Win32/Nuqel.e help please17th April 2010, 4:40 pm

more_horiz
When I try to run the program a security warning pops up and will not allow me execute the OTL program. Tells me file otl(3).exe is infected.

Dmcc85

descriptionBankerfox.A and Win32/Nuqel.e help please EmptyRe: Bankerfox.A and Win32/Nuqel.e help please17th April 2010, 7:16 pm

more_horiz
Please download exeHelper from one of the two links.
Link 1
Link 2

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Bankerfox.A and Win32/Nuqel.e help please DXwU4
Bankerfox.A and Win32/Nuqel.e help please VvYDg

descriptionBankerfox.A and Win32/Nuqel.e help please EmptyMcvpdui.exe17th April 2010, 7:23 pm

more_horiz
After downloading both links one at a time the screen will go black then I am not allowed to let it run for 1 sec till a pop up says Mcvpdui.exe is infected. man this one stinks.... if it helps any there is a antispyware soft on the bottom right that will not go away

Last edited by dmcc85 on 17th April 2010, 7:26 pm; edited 1 time in total

descriptionBankerfox.A and Win32/Nuqel.e help please EmptyRe: Bankerfox.A and Win32/Nuqel.e help please17th April 2010, 7:24 pm

more_horiz
Hello.

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

Try OTL.exe in Safe Mode.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Bankerfox.A and Win32/Nuqel.e help please DXwU4
Bankerfox.A and Win32/Nuqel.e help please VvYDg

descriptionBankerfox.A and Win32/Nuqel.e help please EmptyRe: Bankerfox.A and Win32/Nuqel.e help please17th April 2010, 7:44 pm

more_horiz
was able to get otl to run in safe mode now how can i post them on the board it will not let me

descriptionBankerfox.A and Win32/Nuqel.e help please EmptyRe: Bankerfox.A and Win32/Nuqel.e help please17th April 2010, 7:47 pm

more_horiz
OTL Extras logfile created on: 4/17/2010 3:31:34 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\southernchic12001\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): c:\pagefile.sys 3054 3300 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.71 Gb Total Space | 328.48 Gb Free Space | 72.08% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.71 Gb Free Space | 57.11% Space Free | Partition Type: NTFS
Drive E: | 7.50 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LEANNE-PC
Current User Name: southernchic12001
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E653BF3-DD67-468E-890B-4BC2F7BD5C18}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{25E7605A-01D6-40F5-98D4-4C1552801D1D}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{32E4DAFF-F3DE-4D16-8898-C828414C07F6}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{3E0642C8-9656-41A1-8BFF-FA28351326FB}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{3E968C3C-3C7E-460B-84DB-BF27C52C41C0}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{407FDD8D-6DF6-4F02-B121-FD814FD6B3EF}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{4750F192-B7F6-42C4-B231-28E1E6CC4C90}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{5BDCA76E-196B-4BC6-9B92-3B464FEA4360}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{68D00AB5-1637-4B16-9424-6A8BCE8D4F8D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8020FB6E-F078-42A5-B315-829A376F508C}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{9ED5A097-6C53-40E5-AD85-767527A9A728}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{A567D420-6205-4AEA-87D2-D1E0BBBE6433}" = protocol=17 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{B4FA5BC0-16B3-4B04-8BD1-BB0763D8E158}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{BA6342E8-114F-4C40-8371-B6FAED731943}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{C376DE45-322D-4B56-A49A-37A7118F691D}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C60D5C47-99A5-419E-AEAD-664A04940CEB}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{C98AC3C9-A6A5-460C-A248-F613DDEF34A5}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{F2BF9534-901F-4EED-BAF3-129FEF4B34B6}" = protocol=6 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"TCP Query User{AEA5D270-F7B6-4A8A-8345-35D6C6B5A2BB}C:\users\southernchic12001\appdata\local\chat republic games\superstar racing\chatrepublicplayer.exe" = protocol=6 | dir=in | app=c:\users\southernchic12001\appdata\local\chat republic games\superstar racing\chatrepublicplayer.exe |
"TCP Query User{DD78A96C-F656-4940-903B-2F3A039BD42C}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{2929643A-50C0-4236-878C-7FCF66546578}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{E3E879AF-0569-459C-9244-CFEBE482B0BE}C:\users\southernchic12001\appdata\local\chat republic games\superstar racing\chatrepublicplayer.exe" = protocol=17 | dir=in | app=c:\users\southernchic12001\appdata\local\chat republic games\superstar racing\chatrepublicplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0FA7B858-E0E1-400B-B5C0-1285F7D6FE5E}" = 926plv32
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 18
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A64D224E-E06A-43D2-A919-8BE108F47305}_is1" = Crawler Smileys
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ChameleonTom" = Chameleon Tom
"Dell PC Fax" = Dell PC Fax
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Imikimi Plugin" = Imikimi Plugin
"K_9_nq_-61" = LoudMo Contextual Ad Assistant
"LimeWire" = LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSC" = McAfee SecurityCenter
"PCFriendly" = PCFriendly
"Picasa 3" = Picasa 3
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"Spyware Doctor" = Spyware Doctor 7.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/9/2010 5:40:54 PM | Computer Name = leanne-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 8

Error - 4/9/2010 5:44:06 PM | Computer Name = leanne-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 8

Error - 4/9/2010 5:44:08 PM | Computer Name = leanne-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 8

Error - 4/9/2010 5:45:26 PM | Computer Name = leanne-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 8

Error - 4/9/2010 5:45:28 PM | Computer Name = leanne-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 8

Error - 4/9/2010 5:48:07 PM | Computer Name = leanne-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 8

Error - 4/9/2010 5:48:09 PM | Computer Name = leanne-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 8

Error - 4/9/2010 5:48:54 PM | Computer Name = leanne-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 8

Error - 4/9/2010 5:48:56 PM | Computer Name = leanne-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 8

Error - 4/9/2010 7:29:34 PM | Computer Name = leanne-PC | Source = Application Error | ID = 1000
Description = Faulting application ExportController.exe, version 7.65.17.80, time
stamp 0x4afa572b, faulting module CoreFoundation.dll, version 6.0.6002.18005, time
stamp 0x49e03821, exception code 0xc0000135, fault offset 0x00009eed, process id
0x1618, application start time 0x01cad83c82c53328.

[ Media Center Events ]
Error - 6/2/2008 5:22:58 AM | Computer Name = leanne-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 8/28/2008 7:36:24 AM | Computer Name = leanne-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/27/2008 7:54:43 PM | Computer Name = leanne-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/23/2009 12:53:46 AM | Computer Name = leanne-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/28/2009 7:40:14 PM | Computer Name = leanne-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/11/2009 12:07:52 PM | Computer Name = leanne-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/11/2009 11:07:01 PM | Computer Name = leanne-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 4/17/2010 3:30:43 PM | Computer Name = leanne-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 4/17/2010 3:30:43 PM | Computer Name = leanne-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 4/17/2010 3:30:43 PM | Computer Name = leanne-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 4/17/2010 3:30:43 PM | Computer Name = leanne-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 4/17/2010 3:30:43 PM | Computer Name = leanne-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 4/17/2010 3:30:43 PM | Computer Name = leanne-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 4/17/2010 3:30:43 PM | Computer Name = leanne-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 4/17/2010 3:30:43 PM | Computer Name = leanne-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 4/17/2010 3:30:48 PM | Computer Name = leanne-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 4/17/2010 3:33:37 PM | Computer Name = leanne-PC | Source = DCOM | ID = 10005
Description =


< End of report >

descriptionBankerfox.A and Win32/Nuqel.e help please EmptyRe: Bankerfox.A and Win32/Nuqel.e help please17th April 2010, 7:48 pm

more_horiz
OTL logfile created on: 4/17/2010 3:31:34 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\southernchic12001\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): c:\pagefile.sys 3054 3300 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.71 Gb Total Space | 328.48 Gb Free Space | 72.08% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.71 Gb Free Space | 57.11% Space Free | Partition Type: NTFS
Drive E: | 7.50 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LEANNE-PC
Current User Name: southernchic12001
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/16 21:15:09 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\southernchic12001\Downloads\OTL.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/04/16 21:15:09 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\southernchic12001\Downloads\OTL.exe
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (TabQuery Service)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/19 19:30:16 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/12/23 15:57:18 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2006/11/03 21:07:04 | 000,537,480 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\dlcxcoms.exe -- (dlcx_device)


========== Driver Services (SafeList) ==========

DRV - [2010/03/10 11:36:36 | 000,217,032 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/05/10 05:06:12 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/05/10 05:06:12 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/05/10 05:06:12 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/02/11 20:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/24 12:06:40 | 002,054,872 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/29 04:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/04/26 06:41:38 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D 1A F8 8B C3 C5 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Feboz Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA79}:1.0.21
FF - prefs.js..extensions.enabledItems: {488ff335-6759-2080-49f3-d1acecf9f06b}:4.6.6.6
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={9A09E598-4C53-B279-3271-D85BBD638739}&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/03/27 14:50:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 20:22:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 20:22:07 | 000,000,000 | ---D | M]

[2009/02/22 13:49:07 | 000,000,000 | ---D | M] -- C:\Users\southernchic12001\AppData\Roaming\Mozilla\Extensions
[2009/02/22 13:49:07 | 000,000,000 | ---D | M] -- C:\Users\southernchic12001\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/04/16 16:53:20 | 000,000,000 | ---D | M] -- C:\Users\southernchic12001\AppData\Roaming\Mozilla\Firefox\Profiles\xkd5v20s.default\extensions
[2009/09/02 11:50:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\southernchic12001\AppData\Roaming\Mozilla\Firefox\Profiles\xkd5v20s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/07 15:08:46 | 000,000,000 | ---D | M] (Chameleon Tom) -- C:\Users\southernchic12001\AppData\Roaming\Mozilla\Firefox\Profiles\xkd5v20s.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA79}
[2009/03/07 11:55:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\southernchic12001\AppData\Roaming\Mozilla\Firefox\Profiles\xkd5v20s.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/15 18:17:03 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\southernchic12001\AppData\Roaming\Mozilla\Firefox\Profiles\xkd5v20s.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}(140)
[2009/03/16 18:33:29 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\southernchic12001\AppData\Roaming\Mozilla\Firefox\Profiles\xkd5v20s.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/07/28 18:00:13 | 000,000,000 | ---D | M] -- C:\Users\southernchic12001\AppData\Roaming\Mozilla\Firefox\Profiles\xkd5v20s.default\extensions\moveplayer@movenetworks.com
[2010/04/07 15:09:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/07 15:09:22 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{488ff335-6759-2080-49f3-d1acecf9f06b}
[2009/03/07 23:25:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/04 16:01:50 | 000,000,000 | ---D | M] (TabQuery) -- C:\Program Files\Mozilla Firefox\extensions\{D591A8AF-267A-4626-AB5E-B37F643B7046}
[2007/12/17 13:16:14 | 000,065,536 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npkimi.dll
[2010/04/07 15:09:46 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2010/04/07 15:09:46 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (WitBHO Class) - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - C:\Program Files\ChameleonTom\wit4ie.dll (ChameleonTom)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: () - {DB35C569-5624-4CFC-8043-E5139F55A073} - C:\Program Files\Crawler\Shared\CShared.dll (Crawler.com)
O2 - BHO: (chameleontom) - {f8d3f818-2fd5-456c-4aee-07be2db1598b} - C:\Windows\System32\rcNL8Dx0kZOqdm_.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CSmileys] C:\Program Files\Crawler\Smileys\CSmileysIM.exe (Crawler.com)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLCXCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [CSmileys] C:\Program Files\Crawler\Smileys\CSmileysIM.exe (Crawler.com)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [gblsiyuk] C:\Users\southernchic12001\AppData\Local\wylmdtbqm\uteawhrtssd.exe (pLkqmxBPlnw)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [SfKg6wIPuS] C:\Users\southernchic12001\AppData\Roaming\Microsoft\Windows\oulwsv.exe File not found
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe File not found
O4 - HKCU..\Run: [WhereSphere] C:\Users\southernchic12001\AppData\Roaming\WhereSphere\wheresphere.exe File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: ChameleonTom - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\ChameleonTom\ct.htm ()
O9 - Extra 'Tools' menuitem : ChameleonTom - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\ChameleonTom\ct.htm ()
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\southernchic12001\Pictures\Pictures misc\1178749979-997-2.gif.jpg
O24 - Desktop BackupWallPaper: C:\Users\southernchic12001\Pictures\Pictures misc\1178749979-997-2.gif.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1239303f-ce9b-11de-878a-001d09989a5c}\Shell - "" = AutoRun
O33 - MountPoints2\{1239303f-ce9b-11de-878a-001d09989a5c}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/16 20:06:56 | 000,000,000 | ---D | C] -- C:\Users\southernchic12001\AppData\Roaming\Malwarebytes
[2010/04/16 20:06:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/16 20:06:44 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/16 20:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/16 20:06:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/16 16:49:11 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/04/16 16:49:11 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/04/16 16:49:07 | 000,217,032 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/04/16 16:49:07 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/04/16 16:49:01 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/04/16 16:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/04/16 16:48:57 | 000,000,000 | ---D | C] -- C:\Users\southernchic12001\AppData\Roaming\PC Tools
[2010/04/16 16:48:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/04/16 16:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/04/16 16:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/04/15 21:33:41 | 000,000,000 | ---D | C] -- C:\Users\southernchic12001\AppData\Local\wylmdtbqm
[2010/04/14 00:42:13 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/14 00:42:13 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/14 00:42:00 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/14 00:41:58 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/04/14 00:41:58 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/04/07 15:08:46 | 000,000,000 | ---D | C] -- C:\Program Files\ChameleonTom
[2010/03/31 04:14:45 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/03/31 04:14:45 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/03/31 04:14:45 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/03/31 04:14:45 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/03/31 04:14:45 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/03/31 04:14:45 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/03/31 04:14:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/03/31 04:14:45 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/03/31 04:14:45 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/03/31 04:14:45 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/03/31 04:14:45 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/03/31 04:14:45 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/03/31 04:14:45 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/03/31 04:14:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/03/31 04:14:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/03/30 17:36:54 | 000,000,000 | ---D | C] -- C:\Users\southernchic12001\AppData\Roaming\Facebook
[2010/03/22 18:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/05/19 12:34:05 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\dlcxhcp.dll
[2008/05/10 05:11:27 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll
[2008/05/10 05:11:27 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll
[2008/05/10 05:11:27 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll
[2008/05/10 05:11:27 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll
[2008/05/10 05:11:27 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll
[2008/05/10 05:11:27 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll
[2008/05/10 05:11:27 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll
[2008/05/10 05:11:27 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll
[2008/05/10 05:11:27 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll
[2008/05/10 05:11:27 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll
[2008/05/10 05:11:27 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/17 15:29:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/17 15:27:53 | 000,196,608 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/04/17 15:27:53 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/17 15:27:52 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/17 15:27:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/17 15:27:51 | 000,026,481 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/04/17 15:27:51 | 000,008,212 | ---- | M] () -- C:\Windows\mfebcdata
[2010/04/17 15:27:49 | 002,621,440 | ---- | M] () -- C:\Users\southernchic12001\ntuser.dat
[2010/04/17 15:27:49 | 000,524,288 | -HS- | M] () -- C:\Users\southernchic12001\ntuser.dat{f6384ab9-2b31-11df-8a4b-001d09989a5c}.TMContainer00000000000000000001.regtrans-ms
[2010/04/17 15:27:49 | 000,065,536 | -HS- | M] () -- C:\Users\southernchic12001\ntuser.dat{f6384ab9-2b31-11df-8a4b-001d09989a5c}.TM.blf
[2010/04/17 15:27:44 | 003,457,941 | -H-- | M] () -- C:\Users\southernchic12001\AppData\Local\IconCache.db
[2010/04/17 15:00:00 | 000,704,434 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/17 15:00:00 | 000,604,214 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/17 15:00:00 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/17 14:56:49 | 000,000,446 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9628A3BE-4AA6-48B9-B922-9A930E2A3433}.job
[2010/04/16 20:06:48 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/16 16:49:03 | 000,001,761 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/04/16 13:31:34 | 000,060,672 | ---- | M] () -- C:\Users\southernchic12001\AppData\Local\syssvc.exe
[2010/04/15 01:42:07 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/04/09 13:11:32 | 014,521,344 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2010/04/09 13:11:32 | 008,312,832 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2010/04/07 15:09:23 | 000,105,482 | ---- | M] () -- C:\Windows\System32\K_9_nq_-61.exe
[2010/04/01 01:00:07 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/18 21:55:46 | 001,122,304 | ---- | M] () -- C:\Windows\System32\rcNL8Dx0kZOqdm_.dll
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/17 15:27:51 | 000,008,212 | ---- | C] () -- C:\Windows\mfebcdata
[2010/04/16 20:06:48 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/16 16:49:11 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/04/16 16:49:07 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/04/16 16:49:07 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/04/16 16:49:03 | 000,001,761 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/04/16 16:49:01 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/04/16 13:31:33 | 000,060,672 | ---- | C] () -- C:\Users\southernchic12001\AppData\Local\syssvc.exe
[2010/04/07 15:09:23 | 000,105,482 | ---- | C] () -- C:\Windows\System32\K_9_nq_-61.exe
[2010/03/18 21:55:46 | 001,122,304 | ---- | C] () -- C:\Windows\System32\rcNL8Dx0kZOqdm_.dll
[2010/03/09 00:31:39 | 000,524,288 | -HS- | C] () -- C:\Users\southernchic12001\ntuser.dat{f6384ab9-2b31-11df-8a4b-001d09989a5c}.TMContainer00000000000000000002.regtrans-ms
[2010/03/09 00:31:39 | 000,524,288 | -HS- | C] () -- C:\Users\southernchic12001\ntuser.dat{f6384ab9-2b31-11df-8a4b-001d09989a5c}.TMContainer00000000000000000001.regtrans-ms
[2010/03/09 00:31:39 | 000,065,536 | -HS- | C] () -- C:\Users\southernchic12001\ntuser.dat{f6384ab9-2b31-11df-8a4b-001d09989a5c}.TM.blf
[2009/10/04 09:43:26 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI
[2009/09/23 18:32:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/02/16 22:20:39 | 000,000,868 | ---- | C] () -- C:\Users\southernchic12001\.recently-used.xbel
[2008/08/01 21:31:15 | 000,000,022 | ---- | C] () -- C:\Users\southernchic12001\AppData\Local\kodakpcd.ini
[2008/06/18 09:55:46 | 000,008,500 | ---- | C] () -- C:\Users\southernchic12001\AppData\Roaming\wklnhst.dat
[2008/05/20 23:47:48 | 000,000,063 | -H-- | C] () -- C:\ProgramData\Ts_infos.ini
[2008/05/19 12:34:48 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2008/05/19 12:34:48 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2008/05/19 12:34:05 | 000,274,432 | ---- | C] () -- C:\Windows\System32\dlcxinst.dll
[2008/05/13 23:58:07 | 000,016,384 | ---- | C] () -- C:\Users\southernchic12001\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/13 20:54:21 | 002,621,440 | ---- | C] () -- C:\Users\southernchic12001\ntuser.dat
[2008/05/13 20:54:21 | 000,524,288 | -HS- | C] () -- C:\Users\southernchic12001\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2008/05/13 20:54:21 | 000,524,288 | -HS- | C] () -- C:\Users\southernchic12001\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2008/05/13 20:54:21 | 000,262,144 | -H-- | C] () -- C:\Users\southernchic12001\ntuser.dat.LOG1
[2008/05/13 20:54:21 | 000,065,536 | -HS- | C] () -- C:\Users\southernchic12001\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2008/05/13 20:54:21 | 000,000,020 | -HS- | C] () -- C:\Users\southernchic12001\ntuser.ini
[2008/05/13 20:54:21 | 000,000,000 | -H-- | C] () -- C:\Users\southernchic12001\ntuser.dat.LOG2
[2008/05/10 05:11:36 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/05/10 05:11:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2008/05/10 05:11:36 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/05/10 05:11:27 | 000,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll
[2008/05/10 05:11:27 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2008/05/10 05:11:27 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll
[2008/05/10 05:11:27 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll
[2008/05/10 05:11:27 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll
[2008/05/10 05:11:27 | 000,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll
[2008/05/10 05:11:27 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll
[2008/05/10 05:11:27 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll
[2008/05/10 05:11:26 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll
[2008/05/10 05:11:26 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll
[2008/05/10 05:11:26 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll
[2008/05/10 05:11:25 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dlcxdrs.dll
[2008/05/10 05:11:25 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcfg.dll
[2008/05/10 05:11:25 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dlcxcaps.dll
[2008/05/10 05:11:25 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlcxcnv4.dll
[2008/02/11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/02/13 08:56:04 | 000,000,438 | ---- | C] () -- C:\Windows\System32\dlcxplc.ini
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Iticheck.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

descriptionBankerfox.A and Win32/Nuqel.e help please EmptyRe: Bankerfox.A and Win32/Nuqel.e help please17th April 2010, 8:54 pm

more_horiz
Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
    FF - prefs.js..browser.search.defaultthis.engineName: "Feboz Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q="
    FF - prefs.js..browser.search.order.1: "Fast Browser Search"
    FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={9A09E598-4C53-B279-3271-D85BBD638739}&q="
    O2 - BHO: () - {DB35C569-5624-4CFC-8043-E5139F55A073} - C:\Program Files\Crawler\Shared\CShared.dll (Crawler.com)
    O2 - BHO: (chameleontom) - {f8d3f818-2fd5-456c-4aee-07be2db1598b} - C:\Windows\System32\rcNL8Dx0kZOqdm_.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No CLSID value found.
    O4 - HKCU..\Run: [CSmileys] C:\Program Files\Crawler\Smileys\CSmileysIM.exe (Crawler.com)
    O4 - HKCU..\Run: [gblsiyuk] C:\Users\southernchic12001\AppData\Local\wylmdtbqm\uteawhrtssd.exe (pLkqmxBPlnw)
    O4 - HKCU..\Run: [SfKg6wIPuS] C:\Users\southernchic12001\AppData\Roaming\Microsoft\Windows\oulwsv.exe File not found
    O4 - HKCU..\Run: [WhereSphere] C:\Users\southernchic12001\AppData\Roaming\WhereSphere\wheresphere.exe File not found
    O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe File not found
    [2010/04/17 15:27:51 | 000,008,212 | ---- | C] () -- C:\Windows\mfebcdata
    [2010/04/07 15:09:23 | 000,105,482 | ---- | M] () -- C:\Windows\System32\K_9_nq_-61.exe
    [2010/03/18 21:55:46 | 001,122,304 | ---- | M] () -- C:\Windows\System32\rcNL8Dx0kZOqdm_.dll
    [2010/04/16 13:31:33 | 000,060,672 | ---- | C] () -- C:\Users\southernchic12001\AppData\Local\syssvc.exe



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Bankerfox.A and Win32/Nuqel.e help please DXwU4
Bankerfox.A and Win32/Nuqel.e help please VvYDg

descriptionBankerfox.A and Win32/Nuqel.e help please EmptyRe: Bankerfox.A and Win32/Nuqel.e help please

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum