Jump to content
Sign in to follow this  
AyJ21

Trojan infected

Recommended Posts

AyJ21   

My computer began to run very slow a few days ago, and my Bitdefender blocked a trojan and removed an infection. My computer is still very slow though, and upon start up i get some popups that says programs are bugged. I also ran Malwarebytes and it didn't catch anything, i can post the log if needed. Thanks in advance.

Share this post


Link to post
Share on other sites
Conspire   

Hello there, AyJ21

 

:wp:

 

I'm Conspire, I'll be glad to help you with your computer problems.

 

Please observe these rules while we work:

  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise.

This may cause a delay, but I will do my best to keep it as short as possible.

 

Please bear with me, I will post back to you as soon as I can.

 

IMPORTANT NOTE : Please do not delete anything unless instructed to.

 

**In any case where you happen to be busy or unable to give us a reply, we would be more than grateful if you keep us informed in advance and we will be more than happy to wait. :)

Edited by Conspire

Share this post


Link to post
Share on other sites
Conspire   

Hi,

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

    netsvcs

    %SYSTEMDRIVE%\*.exe

    /md5start

    eventlog.dll

    scecli.dll

    netlogon.dll

    cngaudit.dll

    sceclt.dll

    ntelogon.dll

    logevent.dll

    iaStor.sys

    nvstor.sys

    atapi.sys

    IdeChnDr.sys

    viasraid.sys

    AGP440.sys

    vaxscsi.sys

    nvatabus.sys

    viamraid.sys

    nvata.sys

    nvgts.sys

    iastorv.sys

    ViPrt.sys

    eNetHook.dll

    ahcix86.sys

    KR10N.sys

    nvstor32.sys

    ahcix86s.sys

    nvrd32.sys

    symmpi.sys

    adp3132.sys

    mv61xx.sys

    /md5stop

    %systemroot%\*. /mp /s

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\system32\drivers\*.sys /lockedfiles

    %systemroot%\System32\config\*.sav

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.
===================================================

 

Posted Image

Download GMER Rootkit Scanner from here or here.

  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

     

    Posted Image

    Click the image to enlarge it

  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

  • Save it where you can easily find it, such as your desktop, and attach it in your reply.
**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

===================================================

 

On your next reply please post :

OTL log

GMER log

MBAM log

Good Day!

Share this post


Link to post
Share on other sites
AyJ21   

Apologies for the delayed response, i successfully ran OTL but when i ran GMER my computer began to run extremely slow. So much that i've had the scan running for over two days now. I'm not sure if i should keep letting it run or stop it. An idea on how slow my computer is going:took about half an hour for this page to load.

Share this post


Link to post
Share on other sites
AyJ21   

Alrighty, here they are.

 

OTL.Txt log:

 

OTL logfile created on: 4/10/2010 12:49:58 PM - Run 1

OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Lucero\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free

Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 34.44 Gb Total Space | 0.83 Gb Free Space | 2.41% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 54.75 Mb Total Space | 47.51 Mb Free Space | 86.77% Space Free | Partition Type: FAT

Drive F: | 2.74 Gb Total Space | 0.25 Gb Free Space | 9.17% Space Free | Partition Type: FAT32

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: FAMILYCOMPUTER

Current User Name: Lucero

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Lucero\My Documents\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)

PRC - C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)

PRC - C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe (BitDefender S.R.L.)

PRC - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)

PRC - C:\Documents and Settings\Lucero\Local Settings\Apps\2.0\Q2T3Z6QP.KPA\CL7917ZQ.BWB\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe (Curse)

PRC - C:\Documents and Settings\Lucero\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

PRC - C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe (Logitech Inc.)

PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)

PRC - C:\Documents and Settings\Lucero\Start Menu\Programs\Startup\syspck32.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Co.)

PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)

PRC - C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR)

PRC - C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE (Creative Technology Ltd.)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\Lucero\My Documents\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\chkdmsg.dll ()

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)

MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)

MOD - C:\Program Files\Logitech\SetPoint\GameHook.dll (Logitech, Inc.)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)

SRV - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)

SRV - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)

SRV - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. http://www.bitdefender.com)

SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (Bdfndisf) -- C:\WINDOWS\system32\drivers\bdfndisf.sys (BitDefender LLC)

DRV - (BDSelfPr) -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender)

DRV - (bdfsfltr) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys (BitDefender)

DRV - (bdftdif) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)

DRV - (bdfm) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)

DRV - (BDVEDISK) -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys (BitDefender)

DRV - (Profos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys (BitDefender S.R.L.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (Trufos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)

DRV - (Changer) -- C:\WINDOWS\system32\drivers\Changer.sys (Microsoft Corporation)

DRV - (lbrtfdc) -- C:\WINDOWS\system32\drivers\lbrtfdc.sys (Toshiba Corp.)

DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (WudfRd) -- C:\WINDOWS\system32\drivers\wudfrd.sys.bak (Microsoft Corporation)

DRV - (WudfPf) -- C:\WINDOWS\system32\drivers\wudfpf.sys.bak (Microsoft Corporation)

DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)

DRV - (WPN111) -- C:\WINDOWS\system32\drivers\WPN111.cat ()

DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)

DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)

DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)

DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)

DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)

DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)

DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)

DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)

DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)

DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)

DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)

DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)

DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)

DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)

DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)

DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)

DRV - (bvrp_pci) -- C:\WINDOWS\system32\drivers\bvrp_pci.sys.bak ()

DRV - (DNINDIS5) -- C:\WINDOWS\system32\dnindis5.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)

DRV - (EMU10K1) -- C:\WINDOWS\system32\drivers\emu10k1.sys.bak (Creative Technology Ltd.)

DRV - (CTSYN) -- C:\WINDOWS\System32\drivers\CTSYN.SYS (Creative Technology Ltd.)

DRV - (SFMAN) -- C:\WINDOWS\System32\drivers\SFMAN.SYS (Creative Technology Ltd.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s

 

 

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/04/03 13:21:44 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 14:20:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 14:20:10 | 000,000,000 | ---D | M]

 

[2009/12/10 15:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\Mozilla\Extensions

[2010/04/09 19:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\Mozilla\Firefox\Profiles\vjeoup07.default\extensions

[2009/12/10 17:19:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Lucero\Application Data\Mozilla\Firefox\Profiles\vjeoup07.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/04/09 19:36:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

 

O1 HOSTS File: ([2009/08/21 20:10:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)

O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKLM..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE (Creative Technology Ltd.)

O4 - HKLM..\Run: [bDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)

O4 - HKLM..\Run: [bitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe (HP)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)

O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)

O4 - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)

O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found

O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Documents and Settings\Lucero\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Lucero\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

O4 - Startup: C:\Documents and Settings\Lucero\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Lucero\Start Menu\Programs\Startup\syspck32.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)

O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (yucsetreg Class)

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)

O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} http://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB (DyynoX Class)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.116.46.115 71.9.127.107 24.205.192.61

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Lucero\Application Data\Mozilla\Firefox\Desktop Background.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lucero\Application Data\Mozilla\Firefox\Desktop Background.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/09/04 16:40:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2004/10/05 10:32:56 | 000,000,398 | ---- | M] () - E:\AUTOEXEC.UP -- [ FAT ]

O32 - AutoRun File - [2004/10/05 10:32:56 | 000,000,398 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT ]

O32 - AutoRun File - [2004/05/20 17:05:22 | 000,001,858 | ---- | M] () - F:\AUTOEXEC.BAT -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O36 - AppCertDlls: cscrokup - (C:\WINDOWS\system32\chkdmsg.dll) - C:\WINDOWS\system32\chkdmsg.dll ()

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/09/04 16:39:41 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/04/07 01:56:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lucero\Recent

[2010/04/06 12:43:23 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys.bak

[2010/04/06 12:43:23 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys

[2010/04/06 12:43:23 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys

[2010/04/06 12:43:22 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys

[2010/04/06 12:43:20 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Changer.sys

[2010/04/06 12:43:20 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys

[2010/03/16 14:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2009/12/10 17:12:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2009/12/10 17:12:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2009/12/10 17:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2009/12/10 17:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2008/09/16 13:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\HP

[2007/10/18 15:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

[2005/05/11 23:36:48 | 000,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll

[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010/04/10 12:29:07 | 000,000,562 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/04/10 12:23:23 | 000,235,955 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010/04/10 12:22:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/04/10 12:21:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/04/10 02:18:46 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\ashttpstats.csv

[2010/04/10 02:18:27 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\Lucero\NTUSER.DAT

[2010/04/10 02:18:27 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Lucero\ntuser.ini

[2010/04/09 19:17:16 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\Lucero\Application Dataprivacy.xml

[2010/04/09 01:23:35 | 003,735,452 | -H-- | M] () -- C:\Documents and Settings\Lucero\Local Settings\Application Data\IconCache.db

[2010/04/07 22:03:37 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\Lucero\Application DataProductTweaks.xml

[2010/04/07 19:03:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/04/06 12:41:35 | 000,044,032 | -H-- | M] () -- C:\WINDOWS\System32\chkdmsg.dll

[2010/04/03 13:17:48 | 000,110,984 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys

[2010/04/03 13:17:34 | 000,291,352 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys

[2010/03/26 15:52:21 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk

[2010/03/25 23:40:55 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Lucero\Desktop\Microsoft Office Word 2007.lnk

[2010/03/16 14:40:59 | 000,031,840 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/03/14 11:56:33 | 000,461,728 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/03/14 11:56:32 | 000,078,056 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/03/14 11:56:30 | 000,550,666 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

 

========== Files Created - No Company Name ==========

 

[2010/04/06 12:41:35 | 000,044,032 | -H-- | C] () -- C:\WINDOWS\System32\chkdmsg.dll

[2010/04/06 12:41:23 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\jasltw.dat

[2010/03/16 14:40:59 | 000,031,840 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/01/22 23:59:41 | 000,094,864 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2009/12/24 11:02:16 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Lucero\Application Data\bdfvconp.ini

[2009/12/20 10:52:49 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\Lucero\Application Dataprivacy.xml

[2009/12/16 13:51:41 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\Lucero\Application DataProductTweaks.xml

[2009/12/16 13:51:41 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Lucero\Application Datauser_gensett.xml

[2009/12/08 16:45:56 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Lucero\Local Settings\Application Data\housecall.guid.cache

[2009/09/01 22:20:45 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\Lucero\Application Data\setup.log

[2009/09/01 22:20:41 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Lucero\Application Data\setup_ldm.iss

[2009/06/10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2009/06/10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2009/06/10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2009/06/10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2009/01/15 13:45:34 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll

[2008/11/15 20:33:08 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2008/09/17 14:13:14 | 003,012,080 | ---- | C] () -- C:\Documents and Settings\Lucero\ProductContext5600.log

[2008/09/16 13:05:28 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Lucero\Local Settings\Application Data\fusioncache.dat

[2008/01/21 12:11:33 | 000,000,283 | ---- | C] () -- C:\WINDOWS\SBWIN.INI

[2008/01/21 12:10:48 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI

[2008/01/21 12:10:42 | 000,000,457 | ---- | C] () -- C:\WINDOWS\CTDEL.INI

[2008/01/21 12:08:18 | 000,017,408 | ---- | C] () -- C:\WINDOWS\UnInstall.dll

[2008/01/21 12:08:18 | 000,000,028 | ---- | C] () -- C:\WINDOWS\CTDelLau.INI

[2008/01/01 17:49:05 | 000,063,730 | ---- | C] () -- C:\Program Files\viewsonicinstruct_xp.pdf

[2008/01/01 17:48:24 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini

[2007/12/19 23:58:51 | 000,008,849 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2007/11/24 16:06:30 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2007/10/22 19:04:02 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Lucero\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2007/09/23 10:46:55 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat

[2007/09/23 10:46:55 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG

[2007/09/23 10:42:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll

[2007/09/06 21:26:30 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

[2007/09/06 19:05:40 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2007/09/06 19:05:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2007/09/04 16:58:44 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys.bak

[2007/09/04 16:53:32 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2007/09/04 16:48:11 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll

[2007/09/04 16:48:11 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll

[2007/09/04 16:45:14 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Lucero\ntuser.ini

[2007/09/04 16:45:13 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Lucero\ntuser.dat.LOG

[2007/09/04 16:45:12 | 007,340,032 | -H-- | C] () -- C:\Documents and Settings\Lucero\NTUSER.DAT

[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll

[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

 

========== LOP Check ==========

 

[2008/11/30 13:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore

[2009/12/10 19:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender

[2008/09/29 22:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes

[2009/09/03 21:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

[2009/09/19 17:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan

[2008/11/30 13:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2007/09/30 10:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO

[2009/12/25 15:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2007/09/21 15:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\acccore

[2008/09/14 00:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\Acreon

[2009/12/10 19:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\BitDefender

[2009/04/27 16:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\Image Zone Express

[2008/01/01 17:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\Leadertech

[2009/11/07 10:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\MSNInstaller

[2010/01/09 10:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\Octoshape

[2008/09/17 14:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\Windows Desktop Search

[2008/09/20 12:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\Windows Search

[2010/04/07 19:03:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

 

 

< MD5 for: AGP440.SYS >

[2004/08/12 07:06:15 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2008/09/12 11:34:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2008/09/12 11:34:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 

< MD5 for: ATAPI.SYS >

[2004/08/12 07:06:15 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008/09/12 11:34:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008/09/12 11:34:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/12 06:55:51 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

 

< MD5 for: EVENTLOG.DLL >

[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\cache\eventlog.dll

[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

[2004/08/12 06:57:17 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[2009/06/25 16:04:32 | 000,001,536 | ---- | M] () MD5=8D4CD834292293F4055BAC313268E2DE -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll

 

< MD5 for: IASTOR.SYS >

[2004/08/12 07:11:50 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\WINDOWS\dell\iastor\iastor.sys

 

< MD5 for: NETLOGON.DLL >

[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\cache\netlogon.dll

[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll

[2004/08/12 07:02:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 

< MD5 for: SCECLI.DLL >

[2004/08/12 07:04:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\cache\scecli.dll

[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

[2010/02/22 15:20:02 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bdfm.sys

[2010/04/03 13:17:48 | 000,110,984 | ---- | M] (BitDefender LLC) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bdfndisf.sys

[2010/04/03 13:17:34 | 000,291,352 | ---- | M] (BitDefender) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bdfsfltr.sys

 

< %systemroot%\System32\config\*.sav >

[2007/09/04 09:27:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2007/09/04 09:27:16 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2007/09/04 09:27:16 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< End of report >

 

Extras.Txt log:

 

OTL Extras logfile created on: 4/10/2010 12:49:58 PM - Run 1

OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Lucero\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free

Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 34.44 Gb Total Space | 0.83 Gb Free Space | 2.41% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 54.75 Mb Total Space | 47.51 Mb Free Space | 86.77% Space Free | Partition Type: FAT

Drive F: | 2.74 Gb Total Space | 0.25 Gb Free Space | 9.17% Space Free | Partition Type: FAT32

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: FAMILYCOMPUTER

Current User Name: Lucero

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = YBrowser.HTML] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe %1 File not found

http [open] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe %1 File not found

https [open] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe %1 File not found

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\Program Files\VentSrv\ventrilo_srv.exe" = C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv -- ()

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\Program Files\Yahoo!\browser\ycommon.exe" = C:\Program Files\Yahoo!\browser\ycommon.exe:*:Disabled:YCommon Exe Module -- File not found

"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()

"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)

"C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"C:\Program Files\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"C:\Program Files\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"C:\Documents and Settings\Lucero\Local Settings\Application Data\Dyyno Receiver\DPPM.exe" = C:\Documents and Settings\Lucero\Local Settings\Application Data\Dyyno Receiver\DPPM.exe:*:Enabled:Dyyno Plugin Receiver -- ()

"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"C:\Program Files\Curse\CurseClient.exe" = C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client -- ()

"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found

"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found

"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found

"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe" = C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe:*:Enabled:LogitechUpdate -- (Logitech, Inc.)

"C:\Program Files\NETGEAR\WPN111\WPN111.exe" = C:\Program Files\NETGEAR\WPN111\WPN111.exe:*:Enabled:wpn111 -- (NETGEAR)

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Disabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Disabled:hpqcopy.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Disabled:hpqdia.exe -- ( )

"C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe:*:Disabled:hpqimzone -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Disabled:hpqphunl.exe -- ()

"C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe" = C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe:*:Disabled:KHALMNPR -- (Logitech, Inc.)

"C:\WINDOWS\system32\logon.scr" = C:\WINDOWS\system32\logon.scr:*:Disabled:logon -- (Microsoft Corporation)

"C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe" = C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe:*:Disabled:LULnchr -- (Logitech, Inc.)

"C:\Documents and Settings\Lucero\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Lucero\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Disabled:Main program for Octoshape client -- (Octoshape ApS)

"C:\Program Files\Starcraft\StarCraft.exe" = C:\Program Files\Starcraft\StarCraft.exe:*:Disabled:Starcraft -- (Blizzard Entertainment)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery

"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1

"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager

"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer

"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3

"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server

"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK

"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 18

"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload

"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper

"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0

"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold

"{4664D722-33D1-4B4A-A317-1E64178B7A97}" = BitDefender Internet Security 2010

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder

"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy

"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap

"{582E9125-32B6-4CBA-AB48-3E33CE3DB389}" = NETGEAR RangeMax Wireless USB 2.0 Adapter WPN111

"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1

"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B

"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder

"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext

"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1

"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor

"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder

"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext

"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config

"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper

"{837b34e3-7c30-493c-

Share this post


Link to post
Share on other sites
Conspire   

Hi,

 

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

     

    :OTL
    PRC - C:\Documents and Settings\Lucero\Start Menu\Programs\Startup\syspck32.exe ()
    MOD - C:\WINDOWS\system32\chkdmsg.dll ()
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - Startup: C:\Documents and Settings\Lucero\Start Menu\Programs\Startup\syspck32.exe ()
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
===================================================

 

Eset online scannner

 

You can use either Internet Explorer or Mozilla FireFox for this scan.

 

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish.
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
===================================================

 

On your next reply please post :

OTL log

ESET log

Good Day!

Share this post


Link to post
Share on other sites
AyJ21   

I can't seem to get the ESET scanner to download, it gets to computer scan settings then does nothing else. I'm set to administrator so i think it's another problem. Sorry, anyway here's the second OTL log.

 

OTL logfile created on: 4/14/2010 9:43:36 PM - Run 2

OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Lucero\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free

Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 34.44 Gb Total Space | 0.44 Gb Free Space | 1.28% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 54.75 Mb Total Space | 47.51 Mb Free Space | 86.77% Space Free | Partition Type: FAT

Drive F: | 2.74 Gb Total Space | 0.25 Gb Free Space | 9.17% Space Free | Partition Type: FAT32

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: FAMILYCOMPUTER

Current User Name: Lucero

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Lucero\My Documents\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)

PRC - C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)

PRC - C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe (BitDefender S.R.L.)

PRC - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)

PRC - C:\Documents and Settings\Lucero\Local Settings\Apps\2.0\Q2T3Z6QP.KPA\CL7917ZQ.BWB\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe (Curse)

PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

PRC - C:\Documents and Settings\Lucero\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

PRC - C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe (Logitech Inc.)

PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Co.)

PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)

PRC - C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR)

PRC - C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE (Creative Technology Ltd.)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\Lucero\My Documents\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\chkdmsg.dll ()

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)

MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)

MOD - C:\Program Files\Logitech\SetPoint\GameHook.dll (Logitech, Inc.)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)

SRV - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)

SRV - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)

SRV - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. http://www.bitdefender.com)

SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (Bdfndisf) -- C:\WINDOWS\system32\drivers\bdfndisf.sys (BitDefender LLC)

DRV - (BDSelfPr) -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender)

DRV - (bdfsfltr) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys (BitDefender)

DRV - (bdftdif) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)

DRV - (bdfm) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)

DRV - (BDVEDISK) -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys (BitDefender)

DRV - (Profos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys (BitDefender S.R.L.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (Trufos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)

DRV - (Changer) -- C:\WINDOWS\system32\drivers\Changer.sys (Microsoft Corporation)

DRV - (lbrtfdc) -- C:\WINDOWS\system32\drivers\lbrtfdc.sys (Toshiba Corp.)

DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (WudfRd) -- C:\WINDOWS\system32\drivers\wudfrd.sys.bak (Microsoft Corporation)

DRV - (WudfPf) -- C:\WINDOWS\system32\drivers\wudfpf.sys.bak (Microsoft Corporation)

DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)

DRV - (WPN111) -- C:\WINDOWS\system32\drivers\WPN111.cat ()

DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)

DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)

DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)

DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)

DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)

DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)

DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)

DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)

DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)

DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)

DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)

DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)

DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)

DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)

DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)

DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)

DRV - (bvrp_pci) -- C:\WINDOWS\system32\drivers\bvrp_pci.sys.bak ()

DRV - (DNINDIS5) -- C:\WINDOWS\system32\dnindis5.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)

DRV - (EMU10K1) -- C:\WINDOWS\system32\drivers\emu10k1.sys.bak (Creative Technology Ltd.)

DRV - (CTSYN) -- C:\WINDOWS\System32\drivers\CTSYN.SYS (Creative Technology Ltd.)

DRV - (SFMAN) -- C:\WINDOWS\System32\drivers\SFMAN.SYS (Creative Technology Ltd.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s

 

 

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/04/03 13:21:44 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 14:20:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 14:20:10 | 000,000,000 | ---D | M]

 

[2009/12/10 15:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\Mozilla\Extensions

[2010/04/13 20:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\Mozilla\Firefox\Profiles\vjeoup07.default\extensions

[2009/12/10 17:19:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Lucero\Application Data\Mozilla\Firefox\Profiles\vjeoup07.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/04/13 20:44:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

 

O1 HOSTS File: ([2009/08/21 20:10:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)

O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)

O4 - HKLM..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE (Creative Technology Ltd.)

O4 - HKLM..\Run: [bDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)

O4 - HKLM..\Run: [bitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe (HP)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)

O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)

O4 - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)

O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found

O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Documents and Settings\Lucero\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Lucero\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

O4 - Startup: C:\Documents and Settings\Lucero\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)

O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (yucsetreg Class)

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)

O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} http://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB (DyynoX Class)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.116.46.115 71.9.127.107 24.205.192.61

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Lucero\Application Data\Mozilla\Firefox\Desktop Background.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lucero\Application Data\Mozilla\Firefox\Desktop Background.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/09/04 16:40:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2004/10/05 10:32:56 | 000,000,398 | ---- | M] () - E:\AUTOEXEC.UP -- [ FAT ]

O32 - AutoRun File - [2004/10/05 10:32:56 | 000,000,398 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT ]

O32 - AutoRun File - [2004/05/20 17:05:22 | 000,001,858 | ---- | M] () - F:\AUTOEXEC.BAT -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O36 - AppCertDlls: cscrokup - (C:\WINDOWS\system32\chkdmsg.dll) - C:\WINDOWS\system32\chkdmsg.dll ()

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/09/04 16:39:41 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/04/14 21:27:52 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/04/07 01:56:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lucero\Recent

[2010/04/06 12:43:23 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys.bak

[2010/04/06 12:43:23 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys

[2010/04/06 12:43:23 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys

[2010/04/06 12:43:22 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys

[2010/04/06 12:43:20 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Changer.sys

[2010/04/06 12:43:20 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys

[2010/03/16 14:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2009/12/10 17:12:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2009/12/10 17:12:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2009/12/10 17:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2009/12/10 17:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2008/09/16 13:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\HP

[2007/10/18 15:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

[2005/05/11 23:36:48 | 000,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll

[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010/04/14 21:38:40 | 000,000,562 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/04/14 21:37:09 | 000,235,955 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010/04/14 21:35:54 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\Lucero\Application Dataprivacy.xml

[2010/04/14 21:35:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/04/14 21:35:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/04/14 21:34:29 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\Lucero\NTUSER.DAT

[2010/04/14 21:34:11 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\ashttpstats.csv

[2010/04/14 21:34:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Lucero\ntuser.ini

[2010/04/14 00:31:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/04/13 23:24:54 | 003,739,136 | -H-- | M] () -- C:\Documents and Settings\Lucero\Local Settings\Application Data\IconCache.db

[2010/04/13 22:43:01 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Lucero\Desktop\Microsoft Office Word 2007.lnk

[2010/04/13 19:41:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/04/10 19:03:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/04/07 22:03:37 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\Lucero\Application DataProductTweaks.xml

[2010/04/06 12:41:35 | 000,044,032 | -H-- | M] () -- C:\WINDOWS\System32\chkdmsg.dll

[2010/04/03 13:17:48 | 000,110,984 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys

[2010/04/03 13:17:34 | 000,291,352 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys

[2010/03/26 15:52:21 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk

[2010/03/16 14:40:59 | 000,031,840 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat

 

========== Files Created - No Company Name ==========

 

[2010/04/13 23:37:06 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2010/04/06 12:41:35 | 000,044,032 | -H-- | C] () -- C:\WINDOWS\System32\chkdmsg.dll

[2010/04/06 12:41:23 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\jasltw.dat

[2010/03/16 14:40:59 | 000,031,840 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/01/22 23:59:41 | 000,094,864 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2009/12/24 11:02:16 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Lucero\Application Data\bdfvconp.ini

[2009/12/20 10:52:49 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\Lucero\Application Dataprivacy.xml

[2009/12/16 13:51:41 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\Lucero\Application DataProductTweaks.xml

[2009/12/16 13:51:41 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Lucero\Application Datauser_gensett.xml

[2009/12/08 16:45:56 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Lucero\Local Settings\Application Data\housecall.guid.cache

[2009/09/01 22:20:45 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\Lucero\Application Data\setup.log

[2009/09/01 22:20:41 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Lucero\Application Data\setup_ldm.iss

[2009/06/10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2009/06/10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2009/06/10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2009/06/10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2009/01/15 13:45:34 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll

[2008/11/15 20:33:08 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2008/09/17 14:13:14 | 003,012,070 | ---- | C] () -- C:\Documents and Settings\Lucero\ProductContext5600.log

[2008/09/16 13:05:28 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Lucero\Local Settings\Application Data\fusioncache.dat

[2008/01/21 12:11:33 | 000,000,283 | ---- | C] () -- C:\WINDOWS\SBWIN.INI

[2008/01/21 12:10:48 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI

[2008/01/21 12:10:42 | 000,000,457 | ---- | C] () -- C:\WINDOWS\CTDEL.INI

[2008/01/21 12:08:18 | 000,017,408 | ---- | C] () -- C:\WINDOWS\UnInstall.dll

[2008/01/21 12:08:18 | 000,000,028 | ---- | C] () -- C:\WINDOWS\CTDelLau.INI

[2008/01/01 17:49:05 | 000,063,730 | ---- | C] () -- C:\Program Files\viewsonicinstruct_xp.pdf

[2008/01/01 17:48:24 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini

[2007/12/19 23:58:51 | 000,008,849 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2007/11/24 16:06:30 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2007/10/22 19:04:02 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Lucero\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2007/09/23 10:46:55 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat

[2007/09/23 10:46:55 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG

[2007/09/23 10:42:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll

[2007/09/06 21:26:30 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

[2007/09/06 19:05:40 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2007/09/06 19:05:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2007/09/04 16:58:44 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys.bak

[2007/09/04 16:53:32 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2007/09/04 16:48:11 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll

[2007/09/04 16:48:11 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll

[2007/09/04 16:45:14 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Lucero\ntuser.ini

[2007/09/04 16:45:13 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Lucero\ntuser.dat.LOG

[2007/09/04 16:45:12 | 007,340,032 | -H-- | C] () -- C:\Documents and Settings\Lucero\NTUSER.DAT

[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll

[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

 

 

< MD5 for: AGP440.SYS >

[2004/08/12 07:06:15 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2008/09/12 11:34:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2008/09/12 11:34:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 

< MD5 for: ATAPI.SYS >

[2004/08/12 07:06:15 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008/09/12 11:34:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008/09/12 11:34:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/12 06:55:51 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

 

< MD5 for: EVENTLOG.DLL >

[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\cache\eventlog.dll

[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

[2004/08/12 06:57:17 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[2009/06/25 16:04:32 | 000,001,536 | ---- | M] () MD5=8D4CD834292293F4055BAC313268E2DE -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll

 

< MD5 for: IASTOR.SYS >

[2004/08/12 07:11:50 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\WINDOWS\dell\iastor\iastor.sys

 

< MD5 for: NETLOGON.DLL >

[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\cache\netlogon.dll

[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll

[2004/08/12 07:02:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 

< MD5 for: SCECLI.DLL >

[2004/08/12 07:04:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\cache\scecli.dll

[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

[2010/02/22 15:20:02 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bdfm.sys

[2010/04/03 13:17:48 | 000,110,984 | ---- | M] (BitDefender LLC) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bdfndisf.sys

[2010/04/03 13:17:34 | 000,291,352 | ---- | M] (BitDefender) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bdfsfltr.sys

 

< %systemroot%\System32\config\*.sav >

[2007/09/04 09:27:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2007/09/04 09:27:16 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2007/09/04 09:27:16 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< End of report >

Share this post


Link to post
Share on other sites
Conspire   

Hi,

 

Apologize for the delay. Can you please post the OTL fix log as I need to have a look at it? Aside from that, do you experience any other abnormal symptoms of your computer?

 

Go to My Computer-> Tools-> Folder Options-> View tab:

  • Under the Hidden files and folders heading:
  • Select - Show hidden files and folders.
  • Uncheck- Hide protected operating system files (recommended) option.
  • Also, make sure there is no checkmark beside Hide file extensions for known file types.
  • Click OK. (Remember to Hide files and folders once done)
Please go to one of the below sites to scan the following files:

jotti.org

Kaspersky Virus File Scanner

Virus Total

 

click on Browse, and upload the following file for analysis:

C:\WINDOWS\system32\chkdmsg.dll

 

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If it says already scanned -- click "reanalyze now"

Please post the results in your next reply.

 

===================================================

 

On your next reply please post :

OTL fix log

File scanner report

Good Day!

Share this post


Link to post
Share on other sites
AyJ21   

No worries, computer feels back to normal again, although there still are the debug popups that started when it began to run slow. I've looked everywhere for the OTL fix log but i can't find it. I thought i saved it but i think i got your directions wrong and thought you only needed a new OTL log, very sorry. Here's the scan report atleast.

 

Jotti's malware scan

Filename: chkdmsg.dll

Status: Scan finished. 6 out of 20 scanners reported malware.

Scan taken on: Sun 18 Apr 2010 21:05:31 (CET) Permalink

 

 

Additional info

File size: 44032 bytes

Filetype: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

MD5: b52cb036cc2379222149bd5db403eaae

SHA1: 42e30513a356ba4cbea0bf5d9b7fcff4d4ef84b1

 

 

Scanners

2010-04-18 Found nothing 2010-04-16 Trojan-Spy:W32/Papras.EL

2010-04-18 Found nothing 2010-04-18 Win32:Malware-gen

2010-04-18 Win32:Malware-gen 2010-04-18 Found nothing

2010-04-18 Found nothing 2010-04-18 Found nothing

2010-04-18 Found nothing 2010-04-18 Win32/PSW.Papras.AW

2010-04-18 Found nothing 2010-04-18 Found nothing

2010-04-18 Found nothing 2010-04-16 Found nothing

2010-04-18 Found nothing 2010-04-18 Troj/Spyurs-B

2010-04-18 Found nothing 2010-04-16 Found nothing

2010-04-18 Found nothing 2010-04-18 Trojan.PWS.Papras.RC

Share this post


Link to post
Share on other sites
Conspire   

Can you tell me was there any message when the debug popped up? What apps you were running or what were you doing when it started to slowdown?

Share this post


Link to post
Share on other sites
AyJ21   

The debug popups begin upon start up, its usually only two. They give the option to debug or cancel the program. I didn't have any apps running because i had just turned the computer on, and then i tried to use it and it everything began to run very slow. Also, my internet browser(firefox) wont run unless i use run program. I double clicked it and nothing came up, and i checked in task manager process tab and firefox was on there, but not on the applications tab. I tried to see if another browser would work so i tried google chrome and i got windows application error 0xc00000022, and it would basically disable the page. Not sure if any of that matters, but hope it helped.

 

*edit: firefox now runs when i click it after i restarted.

Edited by AyJ21

Share this post


Link to post
Share on other sites
AyJ21   

I'm not sure what an OTL attach log is, I have the first run OTL log and extras, and the second run OTL log. I didn't save the fix log. Not sure if i should have gotten an attach log somewhere in there.

Share this post


Link to post
Share on other sites
Conspire   

Sorry, it's the extras log I was talking about which can be found in C:\Documents and Settings\Lucero\My Documents\Downloads\OTL folder.

Share this post


Link to post
Share on other sites
AyJ21   

Oh ha, found the fix log in there.

 

OTL extras(didn't get a log from run 2):

 

OTL Extras logfile created on: 4/10/2010 12:49:58 PM - Run 1

OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Lucero\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free

Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 34.44 Gb Total Space | 0.83 Gb Free Space | 2.41% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 54.75 Mb Total Space | 47.51 Mb Free Space | 86.77% Space Free | Partition Type: FAT

Drive F: | 2.74 Gb Total Space | 0.25 Gb Free Space | 9.17% Space Free | Partition Type: FAT32

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: FAMILYCOMPUTER

Current User Name: Lucero

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = YBrowser.HTML] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe %1 File not found

http [open] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe %1 File not found

https [open] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe %1 File not found

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\Program Files\VentSrv\ventrilo_srv.exe" = C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv -- ()

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\Program Files\Yahoo!\browser\ycommon.exe" = C:\Program Files\Yahoo!\browser\ycommon.exe:*:Disabled:YCommon Exe Module -- File not found

"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()

"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)

"C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"C:\Program Files\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"C:\Program Files\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"C:\Documents and Settings\Lucero\Local Settings\Application Data\Dyyno Receiver\DPPM.exe" = C:\Documents and Settings\Lucero\Local Settings\Application Data\Dyyno Receiver\DPPM.exe:*:Enabled:Dyyno Plugin Receiver -- ()

"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"C:\Program Files\Curse\CurseClient.exe" = C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client -- ()

"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found

"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found

"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found

"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe" = C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe:*:Enabled:LogitechUpdate -- (Logitech, Inc.)

"C:\Program Files\NETGEAR\WPN111\WPN111.exe" = C:\Program Files\NETGEAR\WPN111\WPN111.exe:*:Enabled:wpn111 -- (NETGEAR)

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Disabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Disabled:hpqcopy.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Disabled:hpqdia.exe -- ( )

"C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe:*:Disabled:hpqimzone -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Disabled:hpqphunl.exe -- ()

"C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe" = C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe:*:Disabled:KHALMNPR -- (Logitech, Inc.)

"C:\WINDOWS\system32\logon.scr" = C:\WINDOWS\system32\logon.scr:*:Disabled:logon -- (Microsoft Corporation)

"C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe" = C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe:*:Disabled:LULnchr -- (Logitech, Inc.)

"C:\Documents and Settings\Lucero\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Lucero\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Disabled:Main program for Octoshape client -- (Octoshape ApS)

"C:\Program Files\Starcraft\StarCraft.exe" = C:\Program Files\Starcraft\StarCraft.exe:*:Disabled:Starcraft -- (Blizzard Entertainment)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery

"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1

"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager

"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer

"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3

"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server

"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK

"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 18

"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload

"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper

"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0

"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold

"{4664D722-33D1-4B4A-A317-1E64178B7A97}" = BitDefender Internet Security 2010

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder

"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy

"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap

"{582E9125-32B6-4CBA-AB48-3E33CE3DB389}" = NETGEAR RangeMax Wireless USB 2.0 Adapter WPN111

"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1

"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B

"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder

"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext

"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1

"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor

"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder

"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext

"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config

"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch

"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations

"{9B5B156B-9A4B-48FB-AA59-47B221495A7B}" = Logitech GamePanel Software 3.01

"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter

"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy

"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour

"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AC76BA86-7AD7-1033-7646-A00000000001}" = Adobe Reader 6.0.1

"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone

"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers

"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2

"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support

"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express

"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"CCleaner" = CCleaner

"HijackThis" = HijackThis 2.0.2

"Hijackthis_is1" = Hijackthis 1.99.1

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Document Viewer" = HP Document Viewer 5.3

"HP Imaging Device Functions" = HP Imaging Device Functions 8.0

"HP Photo & Imaging" = HP Image Zone 5.3

"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0

"HPExtendedCapabilities" = HP Customer Participation Program 8.0

"ie8" = Windows Internet Explorer 8

"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NVIDIA Drivers" = NVIDIA Drivers

"PROSet" = Intel® PRO Network Adapters and Drivers

"Security Task Manager" = Security Task Manager 1.7h

"Sound Blaster Live! Value" = Sound Blaster Live! Value

"Starcraft" = Starcraft

"ViewpointMediaPlayer" = Viewpoint Media Player

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"World of Warcraft" = World of Warcraft

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"090215de958f1060" = Curse Client

"Move Media Player" = Move Media Player

"Octoshape Streaming Services" = Octoshape Streaming Services

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 3/23/2010 6:25:24 PM | Computer Name = FAMILYCOMPUTER | Source = Bonjour Service | ID = 100

Description = Client application bug: DNSServiceResolve(BZDN1538721867-QkxaMDAwMmpEQkZEYShEQUNFMVs5QzE4RUFENE8wMw==._bzdn._tcp.local.)

active for over two minutes. This places considerable burden on the network.

 

Error - 3/26/2010 6:56:14 PM | Computer Name = FAMILYCOMPUTER | Source = Bonjour Service | ID = 100

Description = Client application bug: DNSServiceResolve(BZDN2020084331-QkxaMDAwMmpEQkZEYShEQUNFMVs5Q0VBODUhOThFMQ==._bzdn._tcp.local.)

active for over two minutes. This places considerable burden on the network.

 

Error - 4/5/2010 3:16:29 PM | Computer Name = FAMILYCOMPUTER | Source = Application Error | ID = 1000

Description = Faulting application javaw.exe, version 6.0.180.7, faulting module

java.dll, version 6.0.180.7, fault address 0x00005875.

 

Error - 4/7/2010 2:09:32 PM | Computer Name = FAMILYCOMPUTER | Source = Application Error | ID = 1000

Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting

module unknown, version 0.0.0.0, fault address 0x1000134b.

 

Error - 4/7/2010 4:26:49 PM | Computer Name = FAMILYCOMPUTER | Source = Application Error | ID = 1004

Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting

module unknown, version 0.0.0.0, fault address 0x1000134b.

 

Error - 4/8/2010 1:01:05 AM | Computer Name = FAMILYCOMPUTER | Source = Application Error | ID = 1000

Description = Faulting application curseclient.exe, version 4.0.0.10, faulting module

mscorwks.dll, version 2.0.50727.3603, fault address 0x00097d9a.

 

Error - 4/8/2010 1:03:46 AM | Computer Name = FAMILYCOMPUTER | Source = Application Error | ID = 1000

Description = Faulting application hpqimzone.exe, version 53.0.13.0, faulting module

kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

 

Error - 4/8/2010 1:51:51 AM | Computer Name = FAMILYCOMPUTER | Source = .NET Runtime 2.0 Error Reporting | ID = 1000

Description = Faulting application curseclient.exe, version 4.0.0.10, stamp 4b7b180f,

faulting module mscorwks.dll, version 2.0.50727.3603, stamp 4a7cd88e, debug? 0,

fault address 0x00097d9a.

 

Error - 4/8/2010 1:42:54 PM | Computer Name = FAMILYCOMPUTER | Source = .NET Runtime 2.0 Error Reporting | ID = 1000

Description = Faulting application curseclient.exe, version 4.0.0.10, stamp 4b7b180f,

faulting module mscorwks.dll, version 2.0.50727.3603, stamp 4a7cd88e, debug? 0,

fault address 0x00097d9a.

 

Error - 4/9/2010 10:16:17 PM | Computer Name = FAMILYCOMPUTER | Source = .NET Runtime 2.0 Error Reporting | ID = 1000

Description = Faulting application curseclient.exe, version 4.0.0.10, stamp 4b7b180f,

faulting module mscorwks.dll, version 2.0.50727.3603, stamp 4a7cd88e, debug? 0,

fault address 0x00097d9a.

 

[ System Events ]

Error - 4/7/2010 11:26:55 PM | Computer Name = FAMILYCOMPUTER | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the WSearch service.

 

Error - 4/8/2010 1:00:32 AM | Computer Name = FAMILYCOMPUTER | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service

to connect.

 

Error - 4/8/2010 1:00:32 AM | Computer Name = FAMILYCOMPUTER | Source = Service Control Manager | ID = 7000

Description = The Pml Driver HPZ12 service failed to start due to the following

error: %%1053

 

Error - 4/8/2010 1:00:32 AM | Computer Name = FAMILYCOMPUTER | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Windows Image Acquisition

(WIA) service to connect.

 

Error - 4/8/2010 1:00:32 AM | Computer Name = FAMILYCOMPUTER | Source = Service Control Manager | ID = 7000

Description = The Windows Image Acquisition (WIA) service failed to start due to

the following error: %%1053

 

Error - 4/8/2010 1:00:33 AM | Computer Name = FAMILYCOMPUTER | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the nvsvc service.

 

Error - 4/8/2010 1:02:14 AM | Computer Name = FAMILYCOMPUTER | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway

Service service to connect.

 

Error - 4/8/2010 1:02:17 AM | Computer Name = FAMILYCOMPUTER | Source = Service Control Manager | ID = 7000

Description = The Application Layer Gateway Service service failed to start due

to the following error: %%1053

 

Error - 4/8/2010 1:40:59 PM | Computer Name = FAMILYCOMPUTER | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the nvsvc service.

 

Error - 4/10/2010 4:41:26 AM | Computer Name = FAMILYCOMPUTER | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the WSearch service.

 

 

< End of report >

 

OTL fix log:

 

All processes killed

========== OTL ==========

No active process named syspck32.exe was found!

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.

File move failed. C:\Documents and Settings\Lucero\Start Menu\Programs\Startup\syspck32.exe scheduled to be moved on reboot.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Lucero

->Temp folder emptied: 5534180 bytes

->Temporary Internet Files folder emptied: 32768 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 328523 bytes

->Apple Safari cache emptied: 32585937 bytes

->Flash cache emptied: 0 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 381007 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 37.00 mb

 

 

OTL by OldTimer - Version 3.2.1.1 log created on 04142010_212752

 

Files\Folders moved on Reboot...

C:\Documents and Settings\Lucero\Start Menu\Programs\Startup\syspck32.exe moved successfully.

 

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites
Conspire   

Hi,

 

I'm leaning towards the possibility that it is not malware related case and I might have to redirect you to the tech support in this forum. But nevertheless, let's get rid of this file first before we move along.

 

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

     

    :OTL
    C:\WINDOWS\system32\chkdmsg.dll
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Share this post


Link to post
Share on other sites
AyJ21   

Hmn well that doesn't sound good.

 

OTL Fix log:

 

All processes killed

========== OTL ==========

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Lucero

->Temp folder emptied: 5667289 bytes

->Temporary Internet Files folder emptied: 32768 bytes

->Java cache emptied: 156034 bytes

->FireFox cache emptied: 14954145 bytes

->Google Chrome cache emptied: 11732573 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 10 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 41026231 bytes

 

Total Files Cleaned = 70.00 mb

 

 

OTL by OldTimer - Version 3.2.1.1 log created on 04222010_213133

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

 

OTL.txt log:

 

OTL logfile created on: 4/22/2010 9:37:45 PM - Run 3

OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Lucero\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 89.00% Paging File free

Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 34.44 Gb Total Space | 0.64 Gb Free Space | 1.86% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 54.75 Mb Total Space | 47.51 Mb Free Space | 86.77% Space Free | Partition Type: FAT

Drive F: | 2.74 Gb Total Space | 0.25 Gb Free Space | 9.18% Space Free | Partition Type: FAT32

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: FAMILYCOMPUTER

Current User Name: Lucero

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Lucero\My Documents\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)

PRC - C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)

PRC - C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe (BitDefender S.R.L.)

PRC - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)

PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

PRC - C:\Documents and Settings\Lucero\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

PRC - C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe (Logitech Inc.)

PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Co.)

PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)

PRC - C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR)

PRC - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)

PRC - C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE (Creative Technology Ltd.)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\Lucero\My Documents\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\chkdmsg.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)

SRV - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)

SRV - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)

SRV - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. http://www.bitdefender.com)

SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (Bdfndisf) -- C:\WINDOWS\system32\drivers\bdfndisf.sys (BitDefender LLC)

DRV - (BDSelfPr) -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender)

DRV - (bdfsfltr) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys (BitDefender)

DRV - (bdftdif) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)

DRV - (bdfm) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)

DRV - (BDVEDISK) -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys (BitDefender)

DRV - (Profos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys (BitDefender S.R.L.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (Trufos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)

DRV - (Changer) -- C:\WINDOWS\system32\drivers\Changer.sys (Microsoft Corporation)

DRV - (lbrtfdc) -- C:\WINDOWS\system32\drivers\lbrtfdc.sys (Toshiba Corp.)

DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (WudfRd) -- C:\WINDOWS\system32\drivers\wudfrd.sys.bak (Microsoft Corporation)

DRV - (WudfPf) -- C:\WINDOWS\system32\drivers\wudfpf.sys.bak (Microsoft Corporation)

DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)

DRV - (WPN111) -- C:\WINDOWS\system32\drivers\WPN111.sys (NETGEAR, Inc.)

DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)

DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)

DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)

DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)

DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)

DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)

DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)

DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)

DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)

DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)

DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)

DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)

DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)

DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)

DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)

DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)

DRV - (bvrp_pci) -- C:\WINDOWS\system32\drivers\bvrp_pci.sys.bak ()

DRV - (DNINDIS5) -- C:\WINDOWS\system32\dnindis5.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)

DRV - (EMU10K1) -- C:\WINDOWS\system32\drivers\emu10k1.sys.bak (Creative Technology Ltd.)

DRV - (CTSYN) -- C:\WINDOWS\System32\drivers\CTSYN.SYS (Creative Technology Ltd.)

DRV - (SFMAN) -- C:\WINDOWS\System32\drivers\SFMAN.SYS (Creative Technology Ltd.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s

 

 

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/04/03 13:21:44 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 14:20:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 14:20:10 | 000,000,000 | ---D | M]

 

[2009/12/10 15:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\Mozilla\Extensions

[2010/04/22 17:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\Mozilla\Firefox\Profiles\vjeoup07.default\extensions

[2009/12/10 17:19:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Lucero\Application Data\Mozilla\Firefox\Profiles\vjeoup07.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/04/22 17:21:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

 

O1 HOSTS File: ([2009/08/21 20:10:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)

O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)

O4 - HKLM..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE (Creative Technology Ltd.)

O4 - HKLM..\Run: [bDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)

O4 - HKLM..\Run: [bitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe (HP)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)

O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)

O4 - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)

O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found

O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Documents and Settings\Lucero\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Lucero\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

O4 - Startup: C:\Documents and Settings\Lucero\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)

O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (yucsetreg Class)

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)

O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} http://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB (DyynoX Class)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.9.127.107 68.190.192.35 68.116.46.115

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Lucero\Application Data\Mozilla\Firefox\Desktop Background.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lucero\Application Data\Mozilla\Firefox\Desktop Background.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/09/04 16:40:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2004/10/05 10:32:56 | 000,000,398 | ---- | M] () - E:\AUTOEXEC.UP -- [ FAT ]

O32 - AutoRun File - [2004/10/05 10:32:56 | 000,000,398 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT ]

O32 - AutoRun File - [2004/05/20 17:05:22 | 000,001,858 | ---- | M] () - F:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2010/04/16 18:07:22 | 000,000,090 | ---- | M] () - F:\AUTORUN.INF -- [ FAT32 ]

O33 - MountPoints2\F\Shell\AutoRun\command - "" = setupSNK.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O36 - AppCertDlls: cscrokup - (C:\WINDOWS\system32\chkdmsg.dll) - C:\WINDOWS\system32\chkdmsg.dll ()

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/04/21 16:17:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucero\My Documents\Heroes of Newerth

[2010/04/21 16:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\Heroes of Newerth

[2010/04/19 19:15:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucero\Local Settings\Application Data\Temp

[2010/04/19 19:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucero\Local Settings\Application Data\Google

[2010/04/19 18:55:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lucero\Recent

[2010/04/16 18:09:28 | 000,362,944 | ---- | C] (NETGEAR, Inc.) -- C:\WINDOWS\System32\drivers\WPN111.sys

[2010/04/16 18:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR

[2010/04/14 22:07:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/04/14 21:27:52 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/04/06 12:43:23 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys.bak

[2010/04/06 12:43:23 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys

[2010/04/06 12:43:23 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys

[2010/04/06 12:43:22 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys

[2010/04/06 12:43:20 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Changer.sys

[2010/04/06 12:43:20 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys

[2009/12/10 17:12:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2009/12/10 17:12:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2009/12/10 17:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2009/12/10 17:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2008/09/16 13:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\HP

[2007/10/18 15:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

[2005/05/11 23:36:48 | 000,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll

[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010/04/22 21:35:28 | 000,000,562 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/04/22 21:33:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/04/22 21:33:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/04/22 21:32:17 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\Lucero\NTUSER.DAT

[2010/04/22 21:32:11 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\ashttpstats.csv

[2010/04/22 21:32:03 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Lucero\ntuser.ini

[2010/04/22 21:20:03 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-507921405-682003330-1004UA.job

[2010/04/22 19:20:11 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-507921405-682003330-1004Core.job

[2010/04/22 18:12:40 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/04/22 16:04:28 | 000,235,955 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010/04/22 16:01:48 | 005,336,530 | -H-- | M] () -- C:\Documents and Settings\Lucero\Local Settings\Application Data\IconCache.db

[2010/04/22 15:53:21 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\Lucero\Application Dataprivacy.xml

[2010/04/21 19:03:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/04/21 16:17:44 | 000,001,588 | ---- | M] () -- C:\Documents and Settings\Lucero\Desktop\Heroes of Newerth.lnk

[2010/04/20 23:19:35 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk

[2010/04/19 19:16:28 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Lucero\Desktop\Google Chrome.lnk

[2010/04/18 12:33:52 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Lucero\Desktop\Microsoft Office Word 2007.lnk

[2010/04/16 18:09:26 | 000,001,463 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk

[2010/04/16 18:09:26 | 000,001,451 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WPN111 Smart Wizard.lnk

[2010/04/16 01:06:17 | 000,017,211 | ---- | M] () -- C:\Documents and Settings\Lucero\My Documents\Intrigued by Evil.docx

[2010/04/13 19:41:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/04/07 22:03:37 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\Lucero\Application DataProductTweaks.xml

[2010/04/06 12:41:35 | 000,044,032 | -H-- | M] () -- C:\WINDOWS\System32\chkdmsg.dll

[2010/04/03 13:17:48 | 000,110,984 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys

[2010/04/03 13:17:34 | 000,291,352 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys

 

========== Files Created - No Company Name ==========

 

[2010/04/21 16:17:44 | 000,001,588 | ---- | C] () -- C:\Documents and Settings\Lucero\Desktop\Heroes of Newerth.lnk

[2010/04/19 19:16:28 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\Lucero\Desktop\Google Chrome.lnk

[2010/04/19 19:15:35 | 000,000,982 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-507921405-682003330-1004UA.job

[2010/04/19 19:15:35 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-507921405-682003330-1004Core.job

[2010/04/16 18:09:28 | 000,149,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin

[2010/04/16 18:09:28 | 000,015,819 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwpn11.inf

[2010/04/16 18:09:28 | 000,008,263 | ---- | C] () -- C:\WINDOWS\System32\drivers\WPN111.cat

[2010/04/16 18:09:26 | 000,001,463 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk

[2010/04/16 18:09:26 | 000,001,451 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WPN111 Smart Wizard.lnk

[2010/04/16 01:06:17 | 000,017,211 | ---- | C] () -- C:\Documents and Settings\Lucero\My Documents\Intrigued by Evil.docx

[2010/04/06 12:41:35 | 000,044,032 | -H-- | C] () -- C:\WINDOWS\System32\chkdmsg.dll

[2010/04/06 12:41:23 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\jasltw.dat

[2010/01/22 23:59:41 | 000,094,864 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2009/12/24 11:02:16 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Lucero\Application Data\bdfvconp.ini

[2009/12/20 10:52:49 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\Lucero\Application Dataprivacy.xml

[2009/12/16 13:51:41 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\Lucero\Application DataProductTweaks.xml

[2009/12/16 13:51:41 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Lucero\Application Datauser_gensett.xml

[2009/12/08 16:45:56 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Lucero\Local Settings\Application Data\housecall.guid.cache

[2009/09/01 22:20:45 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\Lucero\Application Data\setup.log

[2009/09/01 22:20:41 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Lucero\Application Data\setup_ldm.iss

[2009/06/10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2009/06/10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2009/06/10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2009/06/10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2009/01/15 13:45:34 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll

[2008/11/15 20:33:08 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2008/09/17 14:13:14 | 003,012,068 | ---- | C] () -- C:\Documents and Settings\Lucero\ProductContext5600.log

[2008/09/16 13:05:28 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Lucero\Local Settings\Application Data\fusioncache.dat

[2008/01/21 12:11:33 | 000,000,283 | ---- | C] () -- C:\WINDOWS\SBWIN.INI

[2008/01/21 12:10:48 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI

[2008/01/21 12:10:42 | 000,000,457 | ---- | C] () -- C:\WINDOWS\CTDEL.INI

[2008/01/21 12:08:18 | 000,017,408 | ---- | C] () -- C:\WINDOWS\UnInstall.dll

[2008/01/21 12:08:18 | 000,000,028 | ---- | C] () -- C:\WINDOWS\CTDelLau.INI

[2008/01/01 17:49:05 | 000,063,730 | ---- | C] () -- C:\Program Files\viewsonicinstruct_xp.pdf

[2008/01/01 17:48:24 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini

[2007/12/19 23:58:51 | 000,008,849 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2007/11/24 16:06:30 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2007/10/22 19:04:02 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Lucero\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2007/09/23 10:46:55 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat

[2007/09/23 10:46:55 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG

[2007/09/23 10:42:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll

[2007/09/06 21:26:30 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

[2007/09/06 19:05:40 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2007/09/06 19:05:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2007/09/04 16:58:44 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys.bak

[2007/09/04 16:53:32 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2007/09/04 16:48:11 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll

[2007/09/04 16:48:11 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll

[2007/09/04 16:45:14 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Lucero\ntuser.ini

[2007/09/04 16:45:13 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\Lucero\ntuser.dat.LOG

[2007/09/04 16:45:12 | 007,340,032 | -H-- | C] () -- C:\Documents and Settings\Lucero\NTUSER.DAT

[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll

[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

< End of report >

Share this post


Link to post
Share on other sites
Conspire   

AyJ21, I almost forgot that you did not manage to run GMER. So once again, would you please run GMER under Safe Mode? If GMER still doesn't run under Safe Mode, try rename it randomly and see what happens. If it still doesn't do the trick, come back to me. Sorry about that.

 

Reboot your computer in Safe Mode

  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
===================================================

 

Posted Image

Download GMER Rootkit Scanner from here or here.

  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

     

    Posted Image

    Click the image to enlarge it

  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

  • Save it where you can easily find it, such as your desktop, and attach it in your reply.
**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Share this post


Link to post
Share on other sites
AyJ21   

Ran GMER, here's the log.

 

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-04-24 11:31:33

Windows 5.1.2600 Service Pack 3

Running: gmer.exe; Driver: C:\DOCUME~1\Lucero\LOCALS~1\Temp\awtdrkod.sys

 

 

---- Devices - GMER 1.0.15 ----

 

Device \FileSystem\Cdfs \Cdfs B870B400

 

---- EOF - GMER 1.0.15 ----

Share this post


Link to post
Share on other sites
Conspire   

Hi,

 

Apologize for the delay.

 

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

     

    :OTL
    O36 - AppCertDlls: cscrokup - (C:\WINDOWS\system32\chkdmsg.dll) - C:\WINDOWS\system32\chkdmsg.dll ()
    
    :Files
    C:\WINDOWS\System32\chkdmsg.dll
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Share this post


Link to post
Share on other sites
AyJ21   

No worries, here they are.

 

OTL fix log:

 

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\cscrokup:C:\WINDOWS\system32\chkdmsg.dll deleted successfully.

C:\WINDOWS\system32\chkdmsg.dll moved successfully.

========== FILES ==========

File\Folder C:\WINDOWS\System32\chkdmsg.dll not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Lucero

->Temp folder emptied: 16164840 bytes

->Temporary Internet Files folder emptied: 32768 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 434 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 32778 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 104 bytes

 

OTL.Txt log:

 

OTL logfile created on: 4/29/2010 4:41:53 PM - Run 4

OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Lucero\My Documents

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 89.00% Paging File free

Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 34.44 Gb Total Space | 0.60 Gb Free Space | 1.75% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 54.75 Mb Total Space | 47.51 Mb Free Space | 86.77% Space Free | Partition Type: FAT

Drive F: | 2.74 Gb Total Space | 0.25 Gb Free Space | 9.18% Space Free | Partition Type: FAT32

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: FAMILYCOMPUTER

Current User Name: Lucero

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Lucero\My Documents\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Opera\opera.exe (Opera Software)

PRC - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)

PRC - C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)

PRC - C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe (BitDefender S.R.L.)

PRC - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)

PRC - C:\Documents and Settings\Lucero\Local Settings\Apps\2.0\Q2T3Z6QP.KPA\CL7917ZQ.BWB\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe (Curse)

PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

PRC - C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe (Logitech Inc.)

PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\dxdiag.exe (Microsoft Corporation)

PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Co.)

PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)

PRC - C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR)

PRC - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)

PRC - C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE (Creative Technology Ltd.)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\Lucero\My Documents\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)

MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)

MOD - C:\Program Files\Logitech\SetPoint\GameHook.dll (Logitech, Inc.)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)

SRV - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)

SRV - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)

SRV - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. http://www.bitdefender.com)

SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (Bdfndisf) -- C:\WINDOWS\system32\drivers\bdfndisf.sys (BitDefender LLC)

DRV - (BDSelfPr) -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender)

DRV - (bdfsfltr) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys (BitDefender)

DRV - (bdftdif) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)

DRV - (bdfm) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)

DRV - (BDVEDISK) -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys (BitDefender)

DRV - (Profos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys (BitDefender S.R.L.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (Trufos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)

DRV - (Changer) -- C:\WINDOWS\system32\drivers\Changer.sys (Microsoft Corporation)

DRV - (lbrtfdc) -- C:\WINDOWS\system32\drivers\lbrtfdc.sys (Toshiba Corp.)

DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (WudfRd) -- C:\WINDOWS\system32\drivers\wudfrd.sys.bak (Microsoft Corporation)

DRV - (WudfPf) -- C:\WINDOWS\system32\drivers\wudfpf.sys.bak (Microsoft Corporation)

DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)

DRV - (WPN111) -- C:\WINDOWS\system32\drivers\WPN111.sys (NETGEAR, Inc.)

DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)

DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)

DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)

DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)

DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)

DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)

DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)

DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)

DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)

DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)

DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)

DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)

DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)

DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)

DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)

DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)

DRV - (bvrp_pci) -- C:\WINDOWS\system32\drivers\bvrp_pci.sys.bak ()

DRV - (DNINDIS5) -- C:\WINDOWS\system32\dnindis5.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)

DRV - (EMU10K1) -- C:\WINDOWS\system32\drivers\emu10k1.sys.bak (Creative Technology Ltd.)

DRV - (CTSYN) -- C:\WINDOWS\System32\drivers\CTSYN.SYS (Creative Technology Ltd.)

DRV - (SFMAN) -- C:\WINDOWS\System32\drivers\SFMAN.SYS (Creative Technology Ltd.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s

 

 

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/04/03 13:21:44 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 14:20:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 14:20:10 | 000,000,000 | ---D | M]

 

[2009/12/10 15:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\Mozilla\Extensions

[2010/04/26 23:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucero\Application Data\Mozilla\Firefox\Profiles\vjeoup07.default\extensions

[2009/12/10 17:19:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Lucero\Application Data\Mozilla\Firefox\Profiles\vjeoup07.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/04/26 22:03:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

 

O1 HOSTS File: ([2009/08/21 20:10:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)

O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)

O4 - HKLM..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE (Creative Technology Ltd.)

O4 - HKLM..\Run: [bDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)

O4 - HKLM..\Run: [bitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe (HP)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)

O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)

O4 - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)

O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Lucero\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

O4 - Startup: C:\Documents and Settings\Lucero\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)

O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (yucsetreg Class)

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)

O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} http://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB (DyynoX Class)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.9.127.107 68.190.192.35 68.116.46.115

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Lucero\Application Data\Mozilla\Firefox\Desktop Background.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lucero\Application Data\Mozilla\Firefox\Desktop Background.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/09/04 16:40:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2004/10/05 10:32:56 | 000,000,398 | ---- | M] () - E:\AUTOEXEC.UP -- [ FAT ]

O32 - AutoRun File - [2004/10/05 10:32:56 | 000,000,398 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT ]

O32 - AutoRun File - [2004/05/20 17:05:22 | 000,001,858 | ---- | M] () - F:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2010/04/16 18:07:22 | 000,000,090 | ---- | M] () - F:\AUTORUN.INF -- [ FAT32 ]

O33 - MountPoints2\F\Shell\AutoRun\command - "" = setupSNK.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/04/29 16:36:34 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lucero\My Documents\OTL.exe

[2010/04/27 16:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucero\Local Settings\Application Data\Opera

[2010/04/27 16:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucero\Application Data\Opera

[2010/04/27 16:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\Opera

[2010/04/21 16:17:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucero\My Documents\Heroes of Newerth

[2010/04/21 16:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\Heroes of Newerth

[2010/04/19 19:15:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucero\Local Settings\Application Data\Temp

[2010/04/19 19:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucero\Local Settings\Application Data\Google

[2010/04/19 18:55:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lucero\Recent

[2010/04/16 18:09:28 | 000,362,944 | ---- | C] (NETGEAR, Inc.) -- C:\WINDOWS\System32\drivers\WPN111.sys

[2010/04/16 18:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR

[2010/04/14 22:07:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/04/14 21:27:52 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/04/06 12:43:23 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys.bak

[2010/04/06 12:43:23 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys

[2010/04/06 12:43:23 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys

[2010/04/06 12:43:22 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys

[2010/04/06 12:43:20 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Changer.sys

[2010/04/06 12:43:20 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys

[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010/04/29 16:40:57 | 000,000,562 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/04/29 16:39:25 | 000,235,955 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010/04/29 16:39:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/04/29 16:39:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/04/29 16:38:17 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\Lucero\NTUSER.DAT

[2010/04/29 16:38:07 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\ashttpstats.csv

[2010/04/29 16:38:05 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Lucero\ntuser.ini

[2010/04/29 16:36:34 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lucero\My Documents\OTL.exe

[2010/04/29 14:15:31 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\Lucero\Application Dataprivacy.xml

[2010/04/29 01:17:34 | 003,772,424 | -H-- | M] () -- C:\Documents and Settings\Lucero\Local Settings\Application Data\IconCache.db

[2010/04/28 23:46:58 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/04/28 19:03:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/04/27 16:21:14 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk

[2010/04/24 12:02:42 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010/04/24 12:02:42 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/04/21 16:17:44 | 000,001,588 | ---- | M] () -- C:\Documents and Settings\Lucero\Desktop\Heroes of Newerth.lnk

[2010/04/20 23:19:35 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk

[2010/04/18 12:33:52 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Lucero\Desktop\Microsoft Office Word 2007.lnk

[2010/04/16 18:09:26 | 000,001,463 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk

[2010/04/16 18:09:26 | 000,001,451 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WPN111 Smart Wizard.lnk

[2010/04/16 01:06:17 | 000,017,211 | ---- | M] () -- C:\Documents and Settings\Lucero\My Documents\Intrigued by Evil.docx

[2010/04/13 19:41:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/04/07 22:03:37 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\Lucero\Application DataProductTweaks.xml

[2010/04/03 13:17:48 | 000,110,984 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys

[2010/04/03 13:17:34 | 000,291,352 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys

 

========== Files Created - No Company Name ==========

 

[2010/04/27 16:21:13 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk

[2010/04/24 10:53:31 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Lucero\Desktop\gmer.exe

[2010/04/21 16:17:44 | 000,001,588 | ---- | C] () -- C:\Documents and Settings\Lucero\Desktop\Heroes of Newerth.lnk

[2010/04/16 18:09:28 | 000,149,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin

[2010/04/16 18:09:28 | 000,015,819 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwpn11.inf

[2010/04/16 18:09:28 | 000,008,263 | ---- | C] () -- C:\WINDOWS\System32\drivers\WPN111.cat

[2010/04/16 18:09:26 | 000,001,463 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk

[2010/04/16 18:09:26 | 000,001,451 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WPN111 Smart Wizard.lnk

[2010/04/16 01:06:17 | 000,017,211 | ---- | C] () -- C:\Documents and Settings\Lucero\My Documents\Intrigued by Evil.docx

[2010/04/06 12:41:23 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\jasltw.dat

[2009/06/10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2009/06/10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2009/06/10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2009/06/10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2009/01/15 13:45:34 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll

[2008/11/15 20:33:08 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2008/01/21 12:11:33 | 000,000,283 | ---- | C] () -- C:\WINDOWS\SBWIN.INI

[2008/01/21 12:10:48 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI

[2008/01/21 12:10:42 | 000,000,457 | ---- | C] () -- C:\WINDOWS\CTDEL.INI

[2008/01/21 12:08:18 | 000,017,408 | ---- | C] () -- C:\WINDOWS\UnInstall.dll

[2008/01/21 12:08:18 | 000,000,028 | ---- | C] () -- C:\WINDOWS\CTDelLau.INI

[2008/01/01 17:48:24 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini

[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2007/09/23 10:42:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll

[2007/09/06 21:26:30 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

[2007/09/06 19:05:40 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2007/09/06 19:05:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2007/09/04 16:58:44 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys.bak

[2007/09/04 16:53:32 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2007/09/04 16:48:11 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll

[2007/09/04 16:48:11 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll

[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll

[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

< End of report >

 

 

Total Files Cleaned = 16.00 mb

Share this post


Link to post
Share on other sites
Conspire   

Great to hear that :tup:

 

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
===================================================

 

Your log appears to be clean. :)

 

Do you have any questions or problems to ask? Please do not hesitate to do so. :)

 

 

Here are some tips to reduce the potential for spyware infection in the future:

  • Make your Internet Explorer More Secure
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab.
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.

      • Change the Download signed ActiveX controls to Prompt.
      • Change the Download unsigned ActiveX controls to Disable.
      • Change the Initialise and script ActiveX controls not marked as safe to Disable.
      • Change the Installation of desktop items to Prompt.
      • Change the Launching programs and files in an IFRAME to Prompt.
      • Change the Navigate sub-frames across different domains to Prompt.
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

     

    See this link for a listing of some online & their stand-alone antivirus programs:

     

    Virus, Spyware, and Malware Protection and Removal Resources

     

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

     

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

     

    For a tutorial on Firewalls and a listing of some available ones see the link below:

     

    Understanding and Using Firewalls

     

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

     

  • Install Malwarebytes' Anti-Malware - This is another good tool to be used on a regular basis to minimize the risk of getting infected badly, and always be sure to remember to update the file definitions prior to scanning.

     

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

     

    A tutorial on installing & using this product can be found here:

     

    Using SpywareBlaster to protect your computer from Spyware and Malware

     

  • Consider a custom hosts file such as MVPS HOSTS - This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.

    For information on how to download and install, please read this tutorial by WinHelp2002

    Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

     

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Please also read Tony Klein's excellent article:

How I got Infected in the First Place

 

Follow this list and your potential for being infected again will reduce dramatically.

 

Hopefully this should take care of your problems! Good luck.

 

**Please respond this one more time to ensure it is resolved.

Share this post


Link to post
Share on other sites
Sign in to follow this  

×