Jump to content


Photo

Trojan infected


  • Please log in to reply
25 replies to this topic

#1 AyJ21

AyJ21

    Member

  • Members
  • 16 posts

Posted 09 April 2010 - 09:42 PM

My computer began to run very slow a few days ago, and my Bitdefender blocked a trojan and removed an infection. My computer is still very slow though, and upon start up i get some popups that says programs are bugged. I also ran Malwarebytes and it didn't catch anything, i can post the log if needed. Thanks in advance.

#2 Conspire

Conspire

    Advanced Member

  • Trusted Malware Techs
  • 695 posts
  • Gender:Male


Posted 10 April 2010 - 11:20 AM

Hello there, AyJ21

:wp:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise.
This may cause a delay, but I will do my best to keep it as short as possible.

Please bear with me, I will post back to you as soon as I can.

IMPORTANT NOTE : Please do not delete anything unless instructed to.

**In any case where you happen to be busy or unable to give us a reply, we would be more than grateful if you keep us informed in advance and we will be more than happy to wait. :)

Edited by Conspire, 10 April 2010 - 11:25 AM.

Proud Graduate of the WTT Classroom
Member of ASAP and UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Donate

#3 Conspire

Conspire

    Advanced Member

  • Trusted Malware Techs
  • 695 posts
  • Gender:Male


Posted 10 April 2010 - 12:57 PM

Hi,
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.
===================================================

Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


===================================================

On your next reply please post :
OTL log
GMER log
MBAM log

Good Day!
Proud Graduate of the WTT Classroom
Member of ASAP and UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Donate

#4 AyJ21

AyJ21

    Member

  • Members
  • 16 posts

Posted 12 April 2010 - 11:14 PM

Apologies for the delayed response, i successfully ran OTL but when i ran GMER my computer began to run extremely slow. So much that i've had the scan running for over two days now. I'm not sure if i should keep letting it run or stop it. An idea on how slow my computer is going:took about half an hour for this page to load.

#5 Conspire

Conspire

    Advanced Member

  • Trusted Malware Techs
  • 695 posts
  • Gender:Male


Posted 13 April 2010 - 12:24 AM

Hi, ok scrap that GMER scan and carry on with posting OTL and MBAM. Thanks.
Proud Graduate of the WTT Classroom
Member of ASAP and UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Donate

#6 AyJ21

AyJ21

    Member

  • Members
  • 16 posts

Posted 13 April 2010 - 10:53 PM

Alrighty, here they are.

OTL.Txt log:

OTL logfile created on: 4/10/2010 12:49:58 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Lucero\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.44 Gb Total Space | 0.83 Gb Free Space | 2.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54.75 Mb Total Space | 47.51 Mb Free Space | 86.77% Space Free | Partition Type: FAT
Drive F: | 2.74 Gb Total Space | 0.25 Gb Free Space | 9.17% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAMILYCOMPUTER
Current User Name: Lucero
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Lucero\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
PRC - C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
PRC - C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe (BitDefender S.R.L.)
PRC - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
PRC - C:\Documents and Settings\Lucero\Local Settings\Apps\2.0\Q2T3Z6QP.KPA\CL7917ZQ.BWB\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe (Curse)
PRC - C:\Documents and Settings\Lucero\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
PRC - C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe (Logitech Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Documents and Settings\Lucero\Start Menu\Programs\Startup\syspck32.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Co.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
PRC - C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR)
PRC - C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE (Creative Technology Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Lucero\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\chkdmsg.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\Program Files\Logitech\SetPoint\GameHook.dll (Logitech, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
SRV - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
SRV - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. http://www.bitdefender.com)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Driver Services (SafeList) ==========

DRV - (Bdfndisf) -- C:\WINDOWS\system32\drivers\bdfndisf.sys (BitDefender LLC)
DRV - (BDSelfPr) -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender)
DRV - (bdfsfltr) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys (BitDefender)
DRV - (bdftdif) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (bdfm) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (BDVEDISK) -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys (BitDefender)
DRV - (Profos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys (BitDefender S.R.L.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Trufos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (Changer) -- C:\WINDOWS\system32\drivers\Changer.sys (Microsoft Corporation)
DRV - (lbrtfdc) -- C:\WINDOWS\system32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (WudfRd) -- C:\WINDOWS\system32\drivers\wudfrd.sys.bak (Microsoft Corporation)
DRV - (WudfPf) -- C:\WINDOWS\system32\drivers\wudfpf.sys.bak (Microsoft Corporation)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (WPN111) -- C:\WINDOWS\system32\drivers\WPN111.cat ()
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (bvrp_pci) -- C:\WINDOWS\system32\drivers\bvrp_pci.sys.bak ()
DRV - (DNINDIS5) -- C:\WINDOWS\system32\dnindis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (EMU10K1) -- C:\WINDOWS\system32\drivers\emu10k1.sys.bak (Creative Technology Ltd.)
DRV - (CTSYN) -- C:\WINDOWS\System32\drivers\CTSYN.SYS (Creative Technology Ltd.)
DRV - (SFMAN) -- C:\WINDOWS\System32\drivers\SFMAN.SYS (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s


FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/04/03 13:21:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 14:20:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 14:20:10 | 000,000,000 | ---D | M]

[2009/12/10 15:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\Mozilla\Extensions
[2010/04/09 19:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\Mozilla\Firefox\Profiles\vjeoup07.default\extensions
[2009/12/10 17:19:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Lucero\Application Data\Mozilla\Firefox\Profiles\vjeoup07.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/09 19:36:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/08/21 20:10:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Documents and Settings\Lucero\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Lucero\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Documents and Settings\Lucero\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Lucero\Start Menu\Programs\Startup\syspck32.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (yucsetreg Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} http://webserver.dyy...nt/DyynoCAB.CAB (DyynoX Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.116.46.115 71.9.127.107 24.205.192.61
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Lucero\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lucero\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/04 16:40:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/10/05 10:32:56 | 000,000,398 | ---- | M] () - E:\AUTOEXEC.UP -- [ FAT ]
O32 - AutoRun File - [2004/10/05 10:32:56 | 000,000,398 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT ]
O32 - AutoRun File - [2004/05/20 17:05:22 | 000,001,858 | ---- | M] () - F:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: cscrokup - (C:\WINDOWS\system32\chkdmsg.dll) - C:\WINDOWS\system32\chkdmsg.dll ()
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/09/04 16:39:41 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/07 01:56:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lucero\Recent
[2010/04/06 12:43:23 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys.bak
[2010/04/06 12:43:23 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010/04/06 12:43:23 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010/04/06 12:43:22 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010/04/06 12:43:20 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Changer.sys
[2010/04/06 12:43:20 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010/03/16 14:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/12/10 17:12:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/10 17:12:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/10 17:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/10 17:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/09/16 13:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\HP
[2007/10/18 15:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2005/05/11 23:36:48 | 000,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/10 12:29:07 | 000,000,562 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/10 12:23:23 | 000,235,955 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/04/10 12:22:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/10 12:21:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/10 02:18:46 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\ashttpstats.csv
[2010/04/10 02:18:27 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\Lucero\NTUSER.DAT
[2010/04/10 02:18:27 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Lucero\ntuser.ini
[2010/04/09 19:17:16 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\Lucero\Application Dataprivacy.xml
[2010/04/09 01:23:35 | 003,735,452 | -H-- | M] () -- C:\Documents and Settings\Lucero\Local Settings\Application Data\IconCache.db
[2010/04/07 22:03:37 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\Lucero\Application DataProductTweaks.xml
[2010/04/07 19:03:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/06 12:41:35 | 000,044,032 | -H-- | M] () -- C:\WINDOWS\System32\chkdmsg.dll
[2010/04/03 13:17:48 | 000,110,984 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys
[2010/04/03 13:17:34 | 000,291,352 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2010/03/26 15:52:21 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/03/25 23:40:55 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Lucero\Desktop\Microsoft Office Word 2007.lnk
[2010/03/16 14:40:59 | 000,031,840 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/14 11:56:33 | 000,461,728 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 11:56:32 | 000,078,056 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 11:56:30 | 000,550,666 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2010/04/06 12:41:35 | 000,044,032 | -H-- | C] () -- C:\WINDOWS\System32\chkdmsg.dll
[2010/04/06 12:41:23 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\jasltw.dat
[2010/03/16 14:40:59 | 000,031,840 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/22 23:59:41 | 000,094,864 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/12/24 11:02:16 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Lucero\Application Data\bdfvconp.ini
[2009/12/20 10:52:49 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\Lucero\Application Dataprivacy.xml
[2009/12/16 13:51:41 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\Lucero\Application DataProductTweaks.xml
[2009/12/16 13:51:41 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Lucero\Application Datauser_gensett.xml
[2009/12/08 16:45:56 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Lucero\Local Settings\Application Data\housecall.guid.cache
[2009/09/01 22:20:45 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\Lucero\Application Data\setup.log
[2009/09/01 22:20:41 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Lucero\Application Data\setup_ldm.iss
[2009/06/10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/06/10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/06/10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/06/10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/01/15 13:45:34 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/11/15 20:33:08 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/09/17 14:13:14 | 003,012,080 | ---- | C] () -- C:\Documents and Settings\Lucero\ProductContext5600.log
[2008/09/16 13:05:28 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Lucero\Local Settings\Application Data\fusioncache.dat
[2008/01/21 12:11:33 | 000,000,283 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/01/21 12:10:48 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/01/21 12:10:42 | 000,000,457 | ---- | C] () -- C:\WINDOWS\CTDEL.INI
[2008/01/21 12:08:18 | 000,017,408 | ---- | C] () -- C:\WINDOWS\UnInstall.dll
[2008/01/21 12:08:18 | 000,000,028 | ---- | C] () -- C:\WINDOWS\CTDelLau.INI
[2008/01/01 17:49:05 | 000,063,730 | ---- | C] () -- C:\Program Files\viewsonicinstruct_xp.pdf
[2008/01/01 17:48:24 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2007/12/19 23:58:51 | 000,008,849 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/11/24 16:06:30 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/22 19:04:02 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Lucero\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/23 10:46:55 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2007/09/23 10:46:55 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2007/09/23 10:42:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/09/06 21:26:30 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2007/09/06 19:05:40 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/09/06 19:05:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/09/04 16:58:44 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys.bak
[2007/09/04 16:53:32 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/09/04 16:48:11 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2007/09/04 16:48:11 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2007/09/04 16:45:14 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Lucero\ntuser.ini
[2007/09/04 16:45:13 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Lucero\ntuser.dat.LOG
[2007/09/04 16:45:12 | 007,340,032 | -H-- | C] () -- C:\Documents and Settings\Lucero\NTUSER.DAT
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2008/11/30 13:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/12/10 19:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2008/09/29 22:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2009/09/03 21:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/09/19 17:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2008/11/30 13:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/09/30 10:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/12/25 15:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2007/09/21 15:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\acccore
[2008/09/14 00:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\Acreon
[2009/12/10 19:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\BitDefender
[2009/04/27 16:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\Image Zone Express
[2008/01/01 17:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\Leadertech
[2009/11/07 10:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\MSNInstaller
[2010/01/09 10:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\Octoshape
[2008/09/17 14:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\Windows Desktop Search
[2008/09/20 12:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\Windows Search
[2010/04/07 19:03:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/12 07:06:15 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/12 11:34:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/12 11:34:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/12 07:06:15 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/12 11:34:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/12 11:34:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/12 06:55:51 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\cache\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/12 06:57:17 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2009/06/25 16:04:32 | 000,001,536 | ---- | M] () MD5=8D4CD834292293F4055BAC313268E2DE -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll

< MD5 for: IASTOR.SYS >
[2004/08/12 07:11:50 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\cache\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2004/08/12 07:02:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/12 07:04:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\cache\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/02/22 15:20:02 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bdfm.sys
[2010/04/03 13:17:48 | 000,110,984 | ---- | M] (BitDefender LLC) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bdfndisf.sys
[2010/04/03 13:17:34 | 000,291,352 | ---- | M] (BitDefender) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bdfsfltr.sys

< %systemroot%\System32\config\*.sav >
[2007/09/04 09:27:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/09/04 09:27:16 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/09/04 09:27:16 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >

Extras.Txt log:

OTL Extras logfile created on: 4/10/2010 12:49:58 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Lucero\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.44 Gb Total Space | 0.83 Gb Free Space | 2.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54.75 Mb Total Space | 47.51 Mb Free Space | 86.77% Space Free | Partition Type: FAT
Drive F: | 2.74 Gb Total Space | 0.25 Gb Free Space | 9.17% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAMILYCOMPUTER
Current User Name: Lucero
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = YBrowser.HTML] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe %1 File not found
http [open] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe %1 File not found
https [open] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe %1 File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\VentSrv\ventrilo_srv.exe" = C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\browser\ycommon.exe" = C:\Program Files\Yahoo!\browser\ycommon.exe:*:Disabled:YCommon Exe Module -- File not found
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Documents and Settings\Lucero\Local Settings\Application Data\Dyyno Receiver\DPPM.exe" = C:\Documents and Settings\Lucero\Local Settings\Application Data\Dyyno Receiver\DPPM.exe:*:Enabled:Dyyno Plugin Receiver -- ()
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Curse\CurseClient.exe" = C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client -- ()
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe" = C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe:*:Enabled:LogitechUpdate -- (Logitech, Inc.)
"C:\Program Files\NETGEAR\WPN111\WPN111.exe" = C:\Program Files\NETGEAR\WPN111\WPN111.exe:*:Enabled:wpn111 -- (NETGEAR)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Disabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Disabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Disabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe:*:Disabled:hpqimzone -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Disabled:hpqphunl.exe -- ()
"C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe" = C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe:*:Disabled:KHALMNPR -- (Logitech, Inc.)
"C:\WINDOWS\system32\logon.scr" = C:\WINDOWS\system32\logon.scr:*:Disabled:logon -- (Microsoft Corporation)
"C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe" = C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe:*:Disabled:LULnchr -- (Logitech, Inc.)
"C:\Documents and Settings\Lucero\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Lucero\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Disabled:Main program for Octoshape client -- (Octoshape ApS)
"C:\Program Files\Starcraft\StarCraft.exe" = C:\Program Files\Starcraft\StarCraft.exe:*:Disabled:Starcraft -- (Blizzard Entertainment)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 18
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{4664D722-33D1-4B4A-A317-1E64178B7A97}" = BitDefender Internet Security 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{582E9125-32B6-4CBA-AB48-3E33CE3DB389}" = NETGEAR RangeMax™ Wireless USB 2.0 Adapter WPN111
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-

#7 Conspire

Conspire

    Advanced Member

  • Trusted Malware Techs
  • 695 posts
  • Gender:Male


Posted 14 April 2010 - 09:50 PM

Hi,

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    PRC - C:\Documents and Settings\Lucero\Start Menu\Programs\Startup\syspck32.exe ()
    MOD - C:\WINDOWS\system32\chkdmsg.dll ()
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - Startup: C:\Documents and Settings\Lucero\Start Menu\Programs\Startup\syspck32.exe ()
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
===================================================

Eset online scannner

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish.
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
===================================================

On your next reply please post :
OTL log
ESET log

Good Day!
Proud Graduate of the WTT Classroom
Member of ASAP and UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Donate

#8 AyJ21

AyJ21

    Member

  • Members
  • 16 posts

Posted 15 April 2010 - 04:26 PM

I can't seem to get the ESET scanner to download, it gets to computer scan settings then does nothing else. I'm set to administrator so i think it's another problem. Sorry, anyway here's the second OTL log.

OTL logfile created on: 4/14/2010 9:43:36 PM - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Lucero\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.44 Gb Total Space | 0.44 Gb Free Space | 1.28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54.75 Mb Total Space | 47.51 Mb Free Space | 86.77% Space Free | Partition Type: FAT
Drive F: | 2.74 Gb Total Space | 0.25 Gb Free Space | 9.17% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAMILYCOMPUTER
Current User Name: Lucero
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Lucero\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
PRC - C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
PRC - C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe (BitDefender S.R.L.)
PRC - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
PRC - C:\Documents and Settings\Lucero\Local Settings\Apps\2.0\Q2T3Z6QP.KPA\CL7917ZQ.BWB\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe (Curse)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Documents and Settings\Lucero\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
PRC - C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe (Logitech Inc.)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Co.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
PRC - C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR)
PRC - C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE (Creative Technology Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Lucero\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\chkdmsg.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\Program Files\Logitech\SetPoint\GameHook.dll (Logitech, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
SRV - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
SRV - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. http://www.bitdefender.com)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Driver Services (SafeList) ==========

DRV - (Bdfndisf) -- C:\WINDOWS\system32\drivers\bdfndisf.sys (BitDefender LLC)
DRV - (BDSelfPr) -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender)
DRV - (bdfsfltr) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys (BitDefender)
DRV - (bdftdif) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (bdfm) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (BDVEDISK) -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys (BitDefender)
DRV - (Profos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys (BitDefender S.R.L.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Trufos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (Changer) -- C:\WINDOWS\system32\drivers\Changer.sys (Microsoft Corporation)
DRV - (lbrtfdc) -- C:\WINDOWS\system32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (WudfRd) -- C:\WINDOWS\system32\drivers\wudfrd.sys.bak (Microsoft Corporation)
DRV - (WudfPf) -- C:\WINDOWS\system32\drivers\wudfpf.sys.bak (Microsoft Corporation)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (WPN111) -- C:\WINDOWS\system32\drivers\WPN111.cat ()
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (bvrp_pci) -- C:\WINDOWS\system32\drivers\bvrp_pci.sys.bak ()
DRV - (DNINDIS5) -- C:\WINDOWS\system32\dnindis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (EMU10K1) -- C:\WINDOWS\system32\drivers\emu10k1.sys.bak (Creative Technology Ltd.)
DRV - (CTSYN) -- C:\WINDOWS\System32\drivers\CTSYN.SYS (Creative Technology Ltd.)
DRV - (SFMAN) -- C:\WINDOWS\System32\drivers\SFMAN.SYS (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s


FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/04/03 13:21:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 14:20:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 14:20:10 | 000,000,000 | ---D | M]

[2009/12/10 15:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\Mozilla\Extensions
[2010/04/13 20:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\Mozilla\Firefox\Profiles\vjeoup07.default\extensions
[2009/12/10 17:19:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Lucero\Application Data\Mozilla\Firefox\Profiles\vjeoup07.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/13 20:44:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/08/21 20:10:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O4 - HKLM..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Documents and Settings\Lucero\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Lucero\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Documents and Settings\Lucero\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (yucsetreg Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} http://webserver.dyy...nt/DyynoCAB.CAB (DyynoX Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.116.46.115 71.9.127.107 24.205.192.61
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Lucero\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lucero\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/04 16:40:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/10/05 10:32:56 | 000,000,398 | ---- | M] () - E:\AUTOEXEC.UP -- [ FAT ]
O32 - AutoRun File - [2004/10/05 10:32:56 | 000,000,398 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT ]
O32 - AutoRun File - [2004/05/20 17:05:22 | 000,001,858 | ---- | M] () - F:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: cscrokup - (C:\WINDOWS\system32\chkdmsg.dll) - C:\WINDOWS\system32\chkdmsg.dll ()
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/09/04 16:39:41 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/14 21:27:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/07 01:56:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lucero\Recent
[2010/04/06 12:43:23 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys.bak
[2010/04/06 12:43:23 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010/04/06 12:43:23 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010/04/06 12:43:22 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010/04/06 12:43:20 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Changer.sys
[2010/04/06 12:43:20 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010/03/16 14:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/12/10 17:12:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/10 17:12:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/10 17:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/10 17:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/09/16 13:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\HP
[2007/10/18 15:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2005/05/11 23:36:48 | 000,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/14 21:38:40 | 000,000,562 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/14 21:37:09 | 000,235,955 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/04/14 21:35:54 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\Lucero\Application Dataprivacy.xml
[2010/04/14 21:35:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/14 21:35:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/14 21:34:29 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\Lucero\NTUSER.DAT
[2010/04/14 21:34:11 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\ashttpstats.csv
[2010/04/14 21:34:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Lucero\ntuser.ini
[2010/04/14 00:31:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/13 23:24:54 | 003,739,136 | -H-- | M] () -- C:\Documents and Settings\Lucero\Local Settings\Application Data\IconCache.db
[2010/04/13 22:43:01 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Lucero\Desktop\Microsoft Office Word 2007.lnk
[2010/04/13 19:41:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/10 19:03:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/07 22:03:37 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\Lucero\Application DataProductTweaks.xml
[2010/04/06 12:41:35 | 000,044,032 | -H-- | M] () -- C:\WINDOWS\System32\chkdmsg.dll
[2010/04/03 13:17:48 | 000,110,984 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys
[2010/04/03 13:17:34 | 000,291,352 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2010/03/26 15:52:21 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/03/16 14:40:59 | 000,031,840 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat

========== Files Created - No Company Name ==========

[2010/04/13 23:37:06 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/04/06 12:41:35 | 000,044,032 | -H-- | C] () -- C:\WINDOWS\System32\chkdmsg.dll
[2010/04/06 12:41:23 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\jasltw.dat
[2010/03/16 14:40:59 | 000,031,840 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/22 23:59:41 | 000,094,864 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/12/24 11:02:16 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Lucero\Application Data\bdfvconp.ini
[2009/12/20 10:52:49 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\Lucero\Application Dataprivacy.xml
[2009/12/16 13:51:41 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\Lucero\Application DataProductTweaks.xml
[2009/12/16 13:51:41 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Lucero\Application Datauser_gensett.xml
[2009/12/08 16:45:56 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Lucero\Local Settings\Application Data\housecall.guid.cache
[2009/09/01 22:20:45 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\Lucero\Application Data\setup.log
[2009/09/01 22:20:41 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Lucero\Application Data\setup_ldm.iss
[2009/06/10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/06/10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/06/10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/06/10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/01/15 13:45:34 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/11/15 20:33:08 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/09/17 14:13:14 | 003,012,070 | ---- | C] () -- C:\Documents and Settings\Lucero\ProductContext5600.log
[2008/09/16 13:05:28 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Lucero\Local Settings\Application Data\fusioncache.dat
[2008/01/21 12:11:33 | 000,000,283 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/01/21 12:10:48 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/01/21 12:10:42 | 000,000,457 | ---- | C] () -- C:\WINDOWS\CTDEL.INI
[2008/01/21 12:08:18 | 000,017,408 | ---- | C] () -- C:\WINDOWS\UnInstall.dll
[2008/01/21 12:08:18 | 000,000,028 | ---- | C] () -- C:\WINDOWS\CTDelLau.INI
[2008/01/01 17:49:05 | 000,063,730 | ---- | C] () -- C:\Program Files\viewsonicinstruct_xp.pdf
[2008/01/01 17:48:24 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2007/12/19 23:58:51 | 000,008,849 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/11/24 16:06:30 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/22 19:04:02 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Lucero\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/23 10:46:55 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2007/09/23 10:46:55 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2007/09/23 10:42:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/09/06 21:26:30 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2007/09/06 19:05:40 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/09/06 19:05:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/09/04 16:58:44 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys.bak
[2007/09/04 16:53:32 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/09/04 16:48:11 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2007/09/04 16:48:11 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2007/09/04 16:45:14 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Lucero\ntuser.ini
[2007/09/04 16:45:13 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Lucero\ntuser.dat.LOG
[2007/09/04 16:45:12 | 007,340,032 | -H-- | C] () -- C:\Documents and Settings\Lucero\NTUSER.DAT
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/12 07:06:15 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/12 11:34:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/12 11:34:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/12 07:06:15 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/12 11:34:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/12 11:34:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/12 06:55:51 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\cache\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/12 06:57:17 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2009/06/25 16:04:32 | 000,001,536 | ---- | M] () MD5=8D4CD834292293F4055BAC313268E2DE -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll

< MD5 for: IASTOR.SYS >
[2004/08/12 07:11:50 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\cache\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2004/08/12 07:02:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/12 07:04:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\cache\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/02/22 15:20:02 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bdfm.sys
[2010/04/03 13:17:48 | 000,110,984 | ---- | M] (BitDefender LLC) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bdfndisf.sys
[2010/04/03 13:17:34 | 000,291,352 | ---- | M] (BitDefender) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bdfsfltr.sys

< %systemroot%\System32\config\*.sav >
[2007/09/04 09:27:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/09/04 09:27:16 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/09/04 09:27:16 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >

#9 Conspire

Conspire

    Advanced Member

  • Trusted Malware Techs
  • 695 posts
  • Gender:Male


Posted 17 April 2010 - 10:34 PM

Hi,

Apologize for the delay. Can you please post the OTL fix log as I need to have a look at it? Aside from that, do you experience any other abnormal symptoms of your computer?

Go to My Computer-> Tools-> Folder Options-> View tab:
  • Under the Hidden files and folders heading:
  • Select - Show hidden files and folders.
  • Uncheck- Hide protected operating system files (recommended) option.
  • Also, make sure there is no checkmark beside Hide file extensions for known file types.
  • Click OK. (Remember to Hide files and folders once done)
Please go to one of the below sites to scan the following files:
jotti.org
Kaspersky Virus File Scanner
Virus Total

click on Browse, and upload the following file for analysis:
C:\WINDOWS\system32\chkdmsg.dll

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.

===================================================

On your next reply please post :
OTL fix log
File scanner report

Good Day!
Proud Graduate of the WTT Classroom
Member of ASAP and UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Donate

#10 AyJ21

AyJ21

    Member

  • Members
  • 16 posts

Posted 18 April 2010 - 02:43 PM

No worries, computer feels back to normal again, although there still are the debug popups that started when it began to run slow. I've looked everywhere for the OTL fix log but i can't find it. I thought i saved it but i think i got your directions wrong and thought you only needed a new OTL log, very sorry. Here's the scan report atleast. Jotti's malware scan Filename: chkdmsg.dll Status: Scan finished. 6 out of 20 scanners reported malware. Scan taken on: Sun 18 Apr 2010 21:05:31 (CET) Permalink Additional info File size: 44032 bytes Filetype: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit MD5: b52cb036cc2379222149bd5db403eaae SHA1: 42e30513a356ba4cbea0bf5d9b7fcff4d4ef84b1 Scanners 2010-04-18 Found nothing 2010-04-16 Trojan-Spy:W32/Papras.EL 2010-04-18 Found nothing 2010-04-18 Win32:Malware-gen 2010-04-18 Win32:Malware-gen 2010-04-18 Found nothing 2010-04-18 Found nothing 2010-04-18 Found nothing 2010-04-18 Found nothing 2010-04-18 Win32/PSW.Papras.AW 2010-04-18 Found nothing 2010-04-18 Found nothing 2010-04-18 Found nothing 2010-04-16 Found nothing 2010-04-18 Found nothing 2010-04-18 Troj/Spyurs-B 2010-04-18 Found nothing 2010-04-16 Found nothing 2010-04-18 Found nothing 2010-04-18 Trojan.PWS.Papras.RC

#11 Conspire

Conspire

    Advanced Member

  • Trusted Malware Techs
  • 695 posts
  • Gender:Male


Posted 18 April 2010 - 11:58 PM

Can you tell me was there any message when the debug popped up? What apps you were running or what were you doing when it started to slowdown?
Proud Graduate of the WTT Classroom
Member of ASAP and UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Donate

#12 AyJ21

AyJ21

    Member

  • Members
  • 16 posts

Posted 19 April 2010 - 09:35 PM

The debug popups begin upon start up, its usually only two. They give the option to debug or cancel the program. I didn't have any apps running because i had just turned the computer on, and then i tried to use it and it everything began to run very slow. Also, my internet browser(firefox) wont run unless i use run program. I double clicked it and nothing came up, and i checked in task manager process tab and firefox was on there, but not on the applications tab. I tried to see if another browser would work so i tried google chrome and i got windows application error 0xc00000022, and it would basically disable the page. Not sure if any of that matters, but hope it helped. *edit: firefox now runs when i click it after i restarted.

Edited by AyJ21, 19 April 2010 - 10:04 PM.


#13 Conspire

Conspire

    Advanced Member

  • Trusted Malware Techs
  • 695 posts
  • Gender:Male


Posted 21 April 2010 - 01:15 AM

Can you please post the OTL attach log in your next reply? Thanks.
Proud Graduate of the WTT Classroom
Member of ASAP and UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Donate

#14 AyJ21

AyJ21

    Member

  • Members
  • 16 posts

Posted 21 April 2010 - 05:36 PM

I'm not sure what an OTL attach log is, I have the first run OTL log and extras, and the second run OTL log. I didn't save the fix log. Not sure if i should have gotten an attach log somewhere in there.

#15 Conspire

Conspire

    Advanced Member

  • Trusted Malware Techs
  • 695 posts
  • Gender:Male


Posted 21 April 2010 - 09:34 PM

Sorry, it's the extras log I was talking about which can be found in C:\Documents and Settings\Lucero\My Documents\Downloads\OTL folder.
Proud Graduate of the WTT Classroom
Member of ASAP and UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Donate

#16 AyJ21

AyJ21

    Member

  • Members
  • 16 posts

Posted 22 April 2010 - 12:07 AM

Oh ha, found the fix log in there.

OTL extras(didn't get a log from run 2):

OTL Extras logfile created on: 4/10/2010 12:49:58 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Lucero\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.44 Gb Total Space | 0.83 Gb Free Space | 2.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54.75 Mb Total Space | 47.51 Mb Free Space | 86.77% Space Free | Partition Type: FAT
Drive F: | 2.74 Gb Total Space | 0.25 Gb Free Space | 9.17% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAMILYCOMPUTER
Current User Name: Lucero
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = YBrowser.HTML] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe %1 File not found
http [open] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe %1 File not found
https [open] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe %1 File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\VentSrv\ventrilo_srv.exe" = C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\browser\ycommon.exe" = C:\Program Files\Yahoo!\browser\ycommon.exe:*:Disabled:YCommon Exe Module -- File not found
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Documents and Settings\Lucero\Local Settings\Application Data\Dyyno Receiver\DPPM.exe" = C:\Documents and Settings\Lucero\Local Settings\Application Data\Dyyno Receiver\DPPM.exe:*:Enabled:Dyyno Plugin Receiver -- ()
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Curse\CurseClient.exe" = C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client -- ()
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe" = C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe:*:Enabled:LogitechUpdate -- (Logitech, Inc.)
"C:\Program Files\NETGEAR\WPN111\WPN111.exe" = C:\Program Files\NETGEAR\WPN111\WPN111.exe:*:Enabled:wpn111 -- (NETGEAR)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Disabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Disabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Disabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe:*:Disabled:hpqimzone -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Disabled:hpqphunl.exe -- ()
"C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe" = C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe:*:Disabled:KHALMNPR -- (Logitech, Inc.)
"C:\WINDOWS\system32\logon.scr" = C:\WINDOWS\system32\logon.scr:*:Disabled:logon -- (Microsoft Corporation)
"C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe" = C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe:*:Disabled:LULnchr -- (Logitech, Inc.)
"C:\Documents and Settings\Lucero\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Lucero\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Disabled:Main program for Octoshape client -- (Octoshape ApS)
"C:\Program Files\Starcraft\StarCraft.exe" = C:\Program Files\Starcraft\StarCraft.exe:*:Disabled:Starcraft -- (Blizzard Entertainment)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 18
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{4664D722-33D1-4B4A-A317-1E64178B7A97}" = BitDefender Internet Security 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{582E9125-32B6-4CBA-AB48-3E33CE3DB389}" = NETGEAR RangeMax™ Wireless USB 2.0 Adapter WPN111
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9B5B156B-9A4B-48FB-AA59-47B221495A7B}" = Logitech GamePanel Software 3.01
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7646-A00000000001}" = Adobe Reader 6.0.1
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"HijackThis" = HijackThis 2.0.2
"Hijackthis_is1" = Hijackthis 1.99.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"ie8" = Windows Internet Explorer 8
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel® PRO Network Adapters and Drivers
"Security Task Manager" = Security Task Manager 1.7h
"Sound Blaster Live! Value" = Sound Blaster Live! Value
"Starcraft" = Starcraft
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Move Media Player" = Move Media Player
"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/23/2010 6:25:24 PM | Computer Name = FAMILYCOMPUTER | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1538721867-QkxaMDAwMmpEQkZEYShEQUNFMVs5QzE4RUFENE8wMw==._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 3/26/2010 6:56:14 PM | Computer Name = FAMILYCOMPUTER | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN2020084331-QkxaMDAwMmpEQkZEYShEQUNFMVs5Q0VBODUhOThFMQ==._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 4/5/2010 3:16:29 PM | Computer Name = FAMILYCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application javaw.exe, version 6.0.180.7, faulting module
java.dll, version 6.0.180.7, fault address 0x00005875.

Error - 4/7/2010 2:09:32 PM | Computer Name = FAMILYCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x1000134b.

Error - 4/7/2010 4:26:49 PM | Computer Name = FAMILYCOMPUTER | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x1000134b.

Error - 4/8/2010 1:01:05 AM | Computer Name = FAMILYCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application curseclient.exe, version 4.0.0.10, faulting module
mscorwks.dll, version 2.0.50727.3603, fault address 0x00097d9a.

Error - 4/8/2010 1:03:46 AM | Computer Name = FAMILYCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application hpqimzone.exe, version 53.0.13.0, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 4/8/2010 1:51:51 AM | Computer Name = FAMILYCOMPUTER | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application curseclient.exe, version 4.0.0.10, stamp 4b7b180f,
faulting module mscorwks.dll, version 2.0.50727.3603, stamp 4a7cd88e, debug? 0,
fault address 0x00097d9a.

Error - 4/8/2010 1:42:54 PM | Computer Name = FAMILYCOMPUTER | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application curseclient.exe, version 4.0.0.10, stamp 4b7b180f,
faulting module mscorwks.dll, version 2.0.50727.3603, stamp 4a7cd88e, debug? 0,
fault address 0x00097d9a.

Error - 4/9/2010 10:16:17 PM | Computer Name = FAMILYCOMPUTER | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application curseclient.exe, version 4.0.0.10, stamp 4b7b180f,
faulting module mscorwks.dll, version 2.0.50727.3603, stamp 4a7cd88e, debug? 0,
fault address 0x00097d9a.

[ System Events ]
Error - 4/7/2010 11:26:55 PM | Computer Name = FAMILYCOMPUTER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WSearch service.

Error - 4/8/2010 1:00:32 AM | Computer Name = FAMILYCOMPUTER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service
to connect.

Error - 4/8/2010 1:00:32 AM | Computer Name = FAMILYCOMPUTER | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%1053

Error - 4/8/2010 1:00:32 AM | Computer Name = FAMILYCOMPUTER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows Image Acquisition
(WIA) service to connect.

Error - 4/8/2010 1:00:32 AM | Computer Name = FAMILYCOMPUTER | Source = Service Control Manager | ID = 7000
Description = The Windows Image Acquisition (WIA) service failed to start due to
the following error: %%1053

Error - 4/8/2010 1:00:33 AM | Computer Name = FAMILYCOMPUTER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the nvsvc service.

Error - 4/8/2010 1:02:14 AM | Computer Name = FAMILYCOMPUTER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 4/8/2010 1:02:17 AM | Computer Name = FAMILYCOMPUTER | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 4/8/2010 1:40:59 PM | Computer Name = FAMILYCOMPUTER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the nvsvc service.

Error - 4/10/2010 4:41:26 AM | Computer Name = FAMILYCOMPUTER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WSearch service.


< End of report >

OTL fix log:

All processes killed
========== OTL ==========
No active process named syspck32.exe was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
File move failed. C:\Documents and Settings\Lucero\Start Menu\Programs\Startup\syspck32.exe scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Lucero
->Temp folder emptied: 5534180 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 328523 bytes
->Apple Safari cache emptied: 32585937 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 381007 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 37.00 mb


OTL by OldTimer - Version 3.2.1.1 log created on 04142010_212752

Files\Folders moved on Reboot...
C:\Documents and Settings\Lucero\Start Menu\Programs\Startup\syspck32.exe moved successfully.

Registry entries deleted on Reboot...

#17 Conspire

Conspire

    Advanced Member

  • Trusted Malware Techs
  • 695 posts
  • Gender:Male


Posted 22 April 2010 - 09:32 PM

Hi,

I'm leaning towards the possibility that it is not malware related case and I might have to redirect you to the tech support in this forum. But nevertheless, let's get rid of this file first before we move along.

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    C:\WINDOWS\system32\chkdmsg.dll
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Proud Graduate of the WTT Classroom
Member of ASAP and UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Donate

#18 AyJ21

AyJ21

    Member

  • Members
  • 16 posts

Posted 22 April 2010 - 11:46 PM

Hmn well that doesn't sound good.

OTL Fix log:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Lucero
->Temp folder emptied: 5667289 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Java cache emptied: 156034 bytes
->FireFox cache emptied: 14954145 bytes
->Google Chrome cache emptied: 11732573 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 41026231 bytes

Total Files Cleaned = 70.00 mb


OTL by OldTimer - Version 3.2.1.1 log created on 04222010_213133

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL.txt log:

OTL logfile created on: 4/22/2010 9:37:45 PM - Run 3
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Lucero\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.44 Gb Total Space | 0.64 Gb Free Space | 1.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54.75 Mb Total Space | 47.51 Mb Free Space | 86.77% Space Free | Partition Type: FAT
Drive F: | 2.74 Gb Total Space | 0.25 Gb Free Space | 9.18% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAMILYCOMPUTER
Current User Name: Lucero
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Lucero\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
PRC - C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
PRC - C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe (BitDefender S.R.L.)
PRC - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Documents and Settings\Lucero\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
PRC - C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe (Logitech Inc.)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Co.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
PRC - C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR)
PRC - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
PRC - C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE (Creative Technology Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Lucero\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\chkdmsg.dll ()


========== Win32 Services (SafeList) ==========

SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
SRV - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
SRV - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. http://www.bitdefender.com)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Driver Services (SafeList) ==========

DRV - (Bdfndisf) -- C:\WINDOWS\system32\drivers\bdfndisf.sys (BitDefender LLC)
DRV - (BDSelfPr) -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender)
DRV - (bdfsfltr) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys (BitDefender)
DRV - (bdftdif) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (bdfm) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (BDVEDISK) -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys (BitDefender)
DRV - (Profos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys (BitDefender S.R.L.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Trufos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (Changer) -- C:\WINDOWS\system32\drivers\Changer.sys (Microsoft Corporation)
DRV - (lbrtfdc) -- C:\WINDOWS\system32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (WudfRd) -- C:\WINDOWS\system32\drivers\wudfrd.sys.bak (Microsoft Corporation)
DRV - (WudfPf) -- C:\WINDOWS\system32\drivers\wudfpf.sys.bak (Microsoft Corporation)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (WPN111) -- C:\WINDOWS\system32\drivers\WPN111.sys (NETGEAR, Inc.)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (bvrp_pci) -- C:\WINDOWS\system32\drivers\bvrp_pci.sys.bak ()
DRV - (DNINDIS5) -- C:\WINDOWS\system32\dnindis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (EMU10K1) -- C:\WINDOWS\system32\drivers\emu10k1.sys.bak (Creative Technology Ltd.)
DRV - (CTSYN) -- C:\WINDOWS\System32\drivers\CTSYN.SYS (Creative Technology Ltd.)
DRV - (SFMAN) -- C:\WINDOWS\System32\drivers\SFMAN.SYS (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s


FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/04/03 13:21:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 14:20:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 14:20:10 | 000,000,000 | ---D | M]

[2009/12/10 15:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\Mozilla\Extensions
[2010/04/22 17:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\Mozilla\Firefox\Profiles\vjeoup07.default\extensions
[2009/12/10 17:19:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Lucero\Application Data\Mozilla\Firefox\Profiles\vjeoup07.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/22 17:21:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/08/21 20:10:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O4 - HKLM..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Documents and Settings\Lucero\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Lucero\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Documents and Settings\Lucero\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (yucsetreg Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} http://webserver.dyy...nt/DyynoCAB.CAB (DyynoX Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.9.127.107 68.190.192.35 68.116.46.115
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Lucero\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lucero\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/04 16:40:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/10/05 10:32:56 | 000,000,398 | ---- | M] () - E:\AUTOEXEC.UP -- [ FAT ]
O32 - AutoRun File - [2004/10/05 10:32:56 | 000,000,398 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT ]
O32 - AutoRun File - [2004/05/20 17:05:22 | 000,001,858 | ---- | M] () - F:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2010/04/16 18:07:22 | 000,000,090 | ---- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\F\Shell\AutoRun\command - "" = setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: cscrokup - (C:\WINDOWS\system32\chkdmsg.dll) - C:\WINDOWS\system32\chkdmsg.dll ()
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/21 16:17:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucero\My Documents\Heroes of Newerth
[2010/04/21 16:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\Heroes of Newerth
[2010/04/19 19:15:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucero\Local Settings\Application Data\Temp
[2010/04/19 19:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucero\Local Settings\Application Data\Google
[2010/04/19 18:55:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lucero\Recent
[2010/04/16 18:09:28 | 000,362,944 | ---- | C] (NETGEAR, Inc.) -- C:\WINDOWS\System32\drivers\WPN111.sys
[2010/04/16 18:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2010/04/14 22:07:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/04/14 21:27:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/06 12:43:23 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys.bak
[2010/04/06 12:43:23 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010/04/06 12:43:23 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010/04/06 12:43:22 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010/04/06 12:43:20 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Changer.sys
[2010/04/06 12:43:20 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2009/12/10 17:12:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/10 17:12:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/10 17:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/10 17:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/09/16 13:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\HP
[2007/10/18 15:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2005/05/11 23:36:48 | 000,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/22 21:35:28 | 000,000,562 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/22 21:33:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/22 21:33:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/22 21:32:17 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\Lucero\NTUSER.DAT
[2010/04/22 21:32:11 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\ashttpstats.csv
[2010/04/22 21:32:03 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Lucero\ntuser.ini
[2010/04/22 21:20:03 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-507921405-682003330-1004UA.job
[2010/04/22 19:20:11 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-507921405-682003330-1004Core.job
[2010/04/22 18:12:40 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/22 16:04:28 | 000,235,955 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/04/22 16:01:48 | 005,336,530 | -H-- | M] () -- C:\Documents and Settings\Lucero\Local Settings\Application Data\IconCache.db
[2010/04/22 15:53:21 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\Lucero\Application Dataprivacy.xml
[2010/04/21 19:03:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/21 16:17:44 | 000,001,588 | ---- | M] () -- C:\Documents and Settings\Lucero\Desktop\Heroes of Newerth.lnk
[2010/04/20 23:19:35 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/04/19 19:16:28 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Lucero\Desktop\Google Chrome.lnk
[2010/04/18 12:33:52 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Lucero\Desktop\Microsoft Office Word 2007.lnk
[2010/04/16 18:09:26 | 000,001,463 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk
[2010/04/16 18:09:26 | 000,001,451 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WPN111 Smart Wizard.lnk
[2010/04/16 01:06:17 | 000,017,211 | ---- | M] () -- C:\Documents and Settings\Lucero\My Documents\Intrigued by Evil.docx
[2010/04/13 19:41:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/07 22:03:37 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\Lucero\Application DataProductTweaks.xml
[2010/04/06 12:41:35 | 000,044,032 | -H-- | M] () -- C:\WINDOWS\System32\chkdmsg.dll
[2010/04/03 13:17:48 | 000,110,984 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys
[2010/04/03 13:17:34 | 000,291,352 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys

========== Files Created - No Company Name ==========

[2010/04/21 16:17:44 | 000,001,588 | ---- | C] () -- C:\Documents and Settings\Lucero\Desktop\Heroes of Newerth.lnk
[2010/04/19 19:16:28 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\Lucero\Desktop\Google Chrome.lnk
[2010/04/19 19:15:35 | 000,000,982 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-507921405-682003330-1004UA.job
[2010/04/19 19:15:35 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-507921405-682003330-1004Core.job
[2010/04/16 18:09:28 | 000,149,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2010/04/16 18:09:28 | 000,015,819 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwpn11.inf
[2010/04/16 18:09:28 | 000,008,263 | ---- | C] () -- C:\WINDOWS\System32\drivers\WPN111.cat
[2010/04/16 18:09:26 | 000,001,463 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk
[2010/04/16 18:09:26 | 000,001,451 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WPN111 Smart Wizard.lnk
[2010/04/16 01:06:17 | 000,017,211 | ---- | C] () -- C:\Documents and Settings\Lucero\My Documents\Intrigued by Evil.docx
[2010/04/06 12:41:35 | 000,044,032 | -H-- | C] () -- C:\WINDOWS\System32\chkdmsg.dll
[2010/04/06 12:41:23 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\jasltw.dat
[2010/01/22 23:59:41 | 000,094,864 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/12/24 11:02:16 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Lucero\Application Data\bdfvconp.ini
[2009/12/20 10:52:49 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\Lucero\Application Dataprivacy.xml
[2009/12/16 13:51:41 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\Lucero\Application DataProductTweaks.xml
[2009/12/16 13:51:41 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Lucero\Application Datauser_gensett.xml
[2009/12/08 16:45:56 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Lucero\Local Settings\Application Data\housecall.guid.cache
[2009/09/01 22:20:45 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\Lucero\Application Data\setup.log
[2009/09/01 22:20:41 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Lucero\Application Data\setup_ldm.iss
[2009/06/10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/06/10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/06/10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/06/10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/01/15 13:45:34 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/11/15 20:33:08 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/09/17 14:13:14 | 003,012,068 | ---- | C] () -- C:\Documents and Settings\Lucero\ProductContext5600.log
[2008/09/16 13:05:28 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Lucero\Local Settings\Application Data\fusioncache.dat
[2008/01/21 12:11:33 | 000,000,283 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/01/21 12:10:48 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/01/21 12:10:42 | 000,000,457 | ---- | C] () -- C:\WINDOWS\CTDEL.INI
[2008/01/21 12:08:18 | 000,017,408 | ---- | C] () -- C:\WINDOWS\UnInstall.dll
[2008/01/21 12:08:18 | 000,000,028 | ---- | C] () -- C:\WINDOWS\CTDelLau.INI
[2008/01/01 17:49:05 | 000,063,730 | ---- | C] () -- C:\Program Files\viewsonicinstruct_xp.pdf
[2008/01/01 17:48:24 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2007/12/19 23:58:51 | 000,008,849 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/11/24 16:06:30 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/22 19:04:02 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Lucero\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/23 10:46:55 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2007/09/23 10:46:55 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2007/09/23 10:42:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/09/06 21:26:30 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2007/09/06 19:05:40 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/09/06 19:05:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/09/04 16:58:44 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys.bak
[2007/09/04 16:53:32 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/09/04 16:48:11 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2007/09/04 16:48:11 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2007/09/04 16:45:14 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Lucero\ntuser.ini
[2007/09/04 16:45:13 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\Lucero\ntuser.dat.LOG
[2007/09/04 16:45:12 | 007,340,032 | -H-- | C] () -- C:\Documents and Settings\Lucero\NTUSER.DAT
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
< End of report >

#19 Conspire

Conspire

    Advanced Member

  • Trusted Malware Techs
  • 695 posts
  • Gender:Male


Posted 23 April 2010 - 03:46 AM

AyJ21, I almost forgot that you did not manage to run GMER. So once again, would you please run GMER under Safe Mode? If GMER still doesn't run under Safe Mode, try rename it randomly and see what happens. If it still doesn't do the trick, come back to me. Sorry about that.

Reboot your computer in Safe Mode
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
===================================================

Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Proud Graduate of the WTT Classroom
Member of ASAP and UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Donate

#20 AyJ21

AyJ21

    Member

  • Members
  • 16 posts

Posted 24 April 2010 - 02:12 PM

Ran GMER, here's the log.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-24 11:31:33
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Lucero\LOCALS~1\Temp\awtdrkod.sys


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Cdfs \Cdfs B870B400

---- EOF - GMER 1.0.15 ----




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users