Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Nasty Virus!


(!)

danielstern96's Avatar
danielstern96 danielstern96 is offline
Member with 44 posts.
THREAD STARTER
 
Join Date: Aug 2011
09-Sep-2011, 08:16 PM #46
great! thank you sooo much for everything. your help was greatly appreciated.

i have sooo many questions now. i was wondering if maybe you could answer a few of them.
1) do you like helping out like this? what got you involved?
2) is it difficult? do you think a 15 year old would be able to go through a course like you did?
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
10-Sep-2011, 06:28 AM #47
Hi danielstern,

Glad to hear the system is running better!!

Quote:
do you like helping out like this? what got you involved?
Personally I love helping people with their computer problems. I actually got involved doing this about a year ago now after I had a similar problem on my system. I was helped with my system and I asked how someone goes about learning this and I was guided to where to learn.

Quote:
is it difficult? do you think a 15 year old would be able to go through a course like you did?
The course to go through like I have said takes time and commitment. I have been in it almost a year. Day in day out. It IS challenging, but I had very little background in anything more than what an average user might have so I would wager the more experience with computers going in the more familiar you might be with what is shown. In relation to age...I am not sure that matters but I don't know for sure.
----------

I see from your last OTL log that we still have some work to do. That was a really nasty piece of malware that we have been removing so this may take a little bit longer than normal, but we are definitely looking better.
----------

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code:
    :Services
    
    :OTL
    O4 - Startup: C:\Documents and Settings\dan\Start Menu\Programs\Startup\fliptoast.lnk = File not found
    O4 - Startup: C:\Documents and Settings\dan\Start Menu\Programs\Startup\KeyPad.lnk = File not found
    O4 - Startup: C:\Documents and Settings\dan\Start Menu\Programs\Startup\PdaNet Desktop.lnk = File not found
    O4 - Startup: C:\Documents and Settings\dan\Start Menu\Programs\Startup\Xfire.lnk = File not found
    [2011/08/13 17:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ooVoo
    [2011/09/09 17:14:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
    [2011/08/13 22:49:42 | 000,517,328 | ---- | M] () -- C:\Documents and Settings\dan\My Documents\cc_20110813_224934.reg
    [2011/08/13 17:44:48 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ooVoo.lnk
    [2011/08/13 22:49:37 | 000,517,328 | ---- | C] () -- C:\Documents and Settings\dan\My Documents\cc_20110813_224934.reg
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • There will be a log created and then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
danielstern96's Avatar
danielstern96 danielstern96 is offline
Member with 44 posts.
THREAD STARTER
 
Join Date: Aug 2011
10-Sep-2011, 09:12 AM #48
after fix:


All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
C:\Documents and Settings\dan\Start Menu\Programs\Startup\fliptoast.lnk moved successfully.
C:\Documents and Settings\dan\Start Menu\Programs\Startup\KeyPad.lnk moved successfully.
C:\Documents and Settings\dan\Start Menu\Programs\Startup\PdaNet Desktop.lnk moved successfully.
C:\Documents and Settings\dan\Start Menu\Programs\Startup\Xfire.lnk moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\ooVoo folder moved successfully.
C:\WINDOWS\system32\drivers\logiflt.iad moved successfully.
C:\Documents and Settings\dan\My Documents\cc_20110813_224934.reg moved successfully.
C:\Documents and Settings\All Users\Desktop\ooVoo.lnk moved successfully.
File C:\Documents and Settings\dan\My Documents\cc_20110813_224934.reg not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Application Data

User: cs

User: dan
->Temp folder emptied: 11630428 bytes
->Temporary Internet Files folder emptied: 892380 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 352251265 bytes
->Flash cache emptied: 2586 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 627675 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 349.00 mb


OTL by OldTimer - Version 3.2.26.5 log created on 09102011_100858

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
danielstern96's Avatar
danielstern96 danielstern96 is offline
Member with 44 posts.
THREAD STARTER
 
Join Date: Aug 2011
10-Sep-2011, 09:17 AM #49
after new scan:


OTL logfile created on: 9/10/2011 10:13:09 AM - Run 3
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\dan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.89% Memory free
3.84 Gb Paging File | 2.92 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.80 Gb Total Space | 44.32 Gb Free Space | 31.25% Space Free | Partition Type: NTFS

Computer Name: COMPUTER1 | User Name: dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Documents and Settings\dan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files\AIM\aim.exe (AOL Inc.)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
PRC - C:\Documents and Settings\dan\Desktop\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
PRC - C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\SurfSecret PrivacyVaults\PriVault.exe (SurfSecret, LLC)
PRC - C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\lxdncoms.exe ( )
PRC - C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
PRC - C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
PRC - C:\WINDOWS\system32\dlcxcoms.exe ( )
PRC - C:\Program Files\PDF-XChange 3 Pro\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Program Files\Steam\bin\libcef.dll ()
MOD - C:\Program Files\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files\Steam\bin\avutil-50.dll ()
MOD - C:\Program Files\Steam\bin\avcodec-52.dll ()
MOD - C:\Program Files\Steam\bin\avformat-52.dll ()
MOD - C:\Program Files\Google\Chrome\Application\13.0.782.220\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\13.0.782.220\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\13.0.782.220\Locales\en-US.dll ()
MOD - C:\Program Files\Google\Chrome\Application\13.0.782.220\avutil-50.dll ()
MOD - C:\Program Files\Google\Chrome\Application\13.0.782.220\avformat-52.dll ()
MOD - C:\Program Files\Google\Chrome\Application\13.0.782.220\avcodec-52.dll ()
MOD - C:\Program Files\Google\Chrome\Application\13.0.782.220\gcswf32.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Program Files\AIM\nssckbi.dll ()
MOD - C:\Documents and Settings\dan\Desktop\Unlocker\UnlockerHook.dll ()
MOD - C:\Documents and Settings\dan\Desktop\Unlocker\UnlockerAssistant.exe ()
MOD - C:\Program Files\LogMeIn\x86\ICSAgent32.dll ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdndrpp.dll ()
MOD - C:\WINDOWS\system32\lxdndrs.dll ()
MOD - C:\WINDOWS\system32\lxdncaps.dll ()
MOD - C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll ()
MOD - C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll ()
MOD - C:\Program Files\Logitech\QuickCam\LAppRes.DLL ()
MOD - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
MOD - C:\Program Files\Common Files\logishrd\LComMgr\LogiVOIPDevicePlugin.dll ()
MOD - C:\Program Files\Common Files\logishrd\LComMgr\LogiCordless4001.dll ()
MOD - C:\Program Files\Common Files\logishrd\LComMgr\LogiCordless.dll ()
MOD - C:\Program Files\Logitech\QuickCam\EFVal.dll ()
MOD - C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe ()
MOD - C:\Program Files\Common Files\logishrd\LComMgr\DevMngr.dll ()
MOD - C:\Program Files\Common Files\logishrd\LVCOMSER\LVCSPS.dll ()
MOD - C:\WINDOWS\system32\lxdncnv4.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
MOD - C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\dlcxdrpp.dll ()
MOD - C:\Program Files\Dell PC Fax\dlctrstr.dll ()
MOD - C:\WINDOWS\system32\DLPRMON.DLL ()
MOD - C:\Program Files\Dell PC Fax\ipcmt.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 926\DLCXcfg.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 926\dlcxscw.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 926\dlcxdrec.dll ()
MOD - C:\Program Files\PDF-XChange 3 Pro\pdfSaver\fm30xmf.dll ()


========== Win32 Services (SafeList) ==========

SRV - (McComponentHostService) -- File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe ()
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (lxdn_device) -- C:\WINDOWS\System32\lxdncoms.exe ( )
SRV - (dlcx_device) -- C:\WINDOWS\System32\dlcxcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (pneteth) -- C:\WINDOWS\system32\drivers\pneteth.sys (June Fabrics Technology Inc.)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Cisco Systems, Inc.)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV - (WUSB54GCv3) -- C:\WINDOWS\system32\drivers\WUSB54GCv3.sys (Ralink Technology, Corp.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech QuickCam E3500(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (shwMirror) -- C:\WINDOWS\system32\drivers\shwMirror.sys (Windows (R) Server 2003 DDK provider)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 62 0F A5 3D A0 B6 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)


[2011/02/06 19:13:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dan\Application Data\Mozilla\Extensions
[2011/09/04 22:54:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/09/09 15:56:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Documents and Settings\dan\Desktop\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [pdfSaver3] C:\Program Files\PDF-XChange 3 Pro\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [SurfSecret Privacy Vaults] C:\Program Files\SurfSecret PrivacyVaults\PriVault.exe (SurfSecret, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.0.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsof...?1243980282796 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1243980267452 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.130 167.206.245.129
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\dan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\dan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Security Packages - (Lsa) - File not found
O30 - LSA: Security Packages - (ity Packages settings...) - File not found
O30 - LSA: Security Packages - (or) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/02 17:44:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/09 15:56:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/09 15:52:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader 5.0
[2011/09/09 15:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011/09/06 19:03:46 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/06 19:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/06 19:03:42 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/06 16:25:01 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/06 16:07:34 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/05 23:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/04 22:39:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/09/04 22:34:02 | 004,194,092 | R--- | C] (Swearware) -- C:\Documents and Settings\dan\Desktop\ComboFix.exe
[2011/08/31 13:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dan\My Documents\YouTube Downloader
[2011/08/31 13:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\YoutubeDownloader.org
[2011/08/24 03:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/08/19 15:27:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/18 15:16:30 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\dan\Desktop\OTL.exe
[2011/08/13 23:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/13 22:50:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\dan\Recent
[2011/08/13 16:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dan\Local Settings\Application Data\antiphishing-webblog1_1dn
[2011/08/13 16:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
[2011/08/13 16:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Client
[2011/08/13 16:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dan\Application Data\FileHunter
[2011/08/12 18:36:52 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/08/11 18:20:34 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/11 18:19:18 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/05/11 23:01:13 | 003,325,832 | ---- | C] (Ask) -- C:\Program Files\Common Files\APNToolbarInstaller.exe
[2011/05/11 23:01:13 | 000,108,424 | ---- | C] (Ask.com) -- C:\Program Files\Common Files\APNStub.exe
[2009/10/20 18:59:04 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncoin.dll
[2009/06/02 18:14:53 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2009/06/02 18:14:53 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2009/06/02 18:14:53 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll
[2009/06/02 18:14:53 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2009/06/02 18:14:53 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2009/06/02 18:14:53 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxlmpm.dll
[2009/06/02 18:14:53 | 000,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcoms.exe
[2009/06/02 18:14:53 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[2009/06/02 18:14:53 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxinpa.dll
[2009/06/02 18:14:53 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxiesc.dll
[2009/06/02 18:14:53 | 000,381,832 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcfg.exe
[2009/06/02 18:14:53 | 000,380,928 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxih.exe
[2009/06/02 18:14:53 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhcp.dll
[2009/06/02 18:14:53 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2009/06/02 18:14:53 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll
[2007/11/28 16:19:08 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnpmui.dll
[2007/11/28 16:16:04 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnserv.dll
[2007/11/28 16:13:38 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnlmpm.dll
[2007/11/28 16:13:30 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdniesc.dll
[2007/11/28 16:13:22 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomm.dll
[2007/11/28 16:13:08 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncfg.exe
[2007/11/28 16:12:54 | 000,315,392 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnih.exe
[2007/11/28 16:12:40 | 000,589,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncoms.exe
[2007/11/28 16:12:26 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnhbn3.dll
[2007/11/28 16:12:08 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnusb1.dll
[2007/11/28 16:11:48 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomc.dll
[2007/11/28 16:10:52 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnprox.dll
[2007/11/28 16:09:18 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdninpa.dll

========== Files - Modified Within 30 Days ==========

[2011/09/10 10:12:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/10 10:11:03 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/10 10:10:09 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/10 10:09:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/10 09:26:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/09 23:34:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/09 17:13:12 | 000,001,514 | ---- | M] () -- C:\Documents and Settings\dan\Application Data\Microsoft\Internet Explorer\Quick Launch\COWON Media Center - jetAudio.lnk
[2011/09/09 17:13:11 | 000,001,496 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COWON Media Center - jetAudio.lnk
[2011/09/09 17:04:53 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\Shortcut to JetAudio.exe.lnk
[2011/09/09 15:56:02 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/09/09 15:52:17 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader 5.0.lnk
[2011/09/09 15:52:17 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader 5.0.lnk
[2011/09/09 13:40:31 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\Microsoft Office Word 2003.lnk
[2011/09/06 19:03:46 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/05 23:15:22 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/04 22:59:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/09/04 22:39:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/09/04 22:34:02 | 004,194,092 | R--- | M] (Swearware) -- C:\Documents and Settings\dan\Desktop\ComboFix.exe
[2011/09/03 16:23:42 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/09/03 06:17:37 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/02 16:26:37 | 000,000,631 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\clipbrd.lnk
[2011/08/22 08:28:23 | 008,273,920 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\XPRC.iso
[2011/08/20 18:09:57 | 000,444,818 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/20 18:09:57 | 000,072,568 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/19 17:49:00 | 001,405,744 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\TDSSKiller.exe
[2011/08/18 15:16:31 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dan\Desktop\OTL.exe
[2011/08/16 00:49:51 | 000,006,096 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/08/13 22:52:44 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/08/12 18:36:08 | 000,000,568 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\Shortcut to Unlocker.lnk
[2011/08/12 01:06:08 | 000,000,211 | ---- | M] () -- C:\Boot.bak

========== Files Created - No Company Name ==========

[2011/09/09 17:04:53 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\dan\Desktop\Shortcut to JetAudio.exe.lnk
[2011/09/09 15:52:17 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader 5.0.lnk
[2011/09/09 15:52:17 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader 5.0.lnk
[2011/09/06 19:03:46 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/05 23:15:22 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/04 22:39:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/09/04 22:39:24 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/09/04 22:35:54 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/02 16:26:37 | 000,000,631 | ---- | C] () -- C:\Documents and Settings\dan\Desktop\clipbrd.lnk
[2011/08/22 08:28:23 | 008,273,920 | ---- | C] () -- C:\Documents and Settings\dan\Desktop\XPRC.iso
[2011/08/20 20:58:07 | 001,405,744 | ---- | C] () -- C:\Documents and Settings\dan\Desktop\TDSSKiller.exe
[2011/08/17 19:15:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/16 00:49:51 | 000,006,096 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/08/12 18:36:08 | 000,000,568 | ---- | C] () -- C:\Documents and Settings\dan\Desktop\Shortcut to Unlocker.lnk
[2011/06/19 16:19:08 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2011/05/17 21:21:34 | 000,192,752 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/14 19:00:54 | 000,038,543 | ---- | C] () -- C:\WINDOWS\System32\wbers.dat.dmp
[2011/02/14 19:00:54 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\wbers.dat
[2011/01/29 13:11:14 | 000,000,056 | ---- | C] () -- C:\WINDOWS\SpeederXP.INI
[2010/10/28 02:03:35 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/02/04 18:41:04 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/02/04 18:37:25 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2009/11/30 15:33:46 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/11/10 23:31:43 | 000,941,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\CAMTHWDM.sys
[2009/10/02 20:58:49 | 000,015,312 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2009/09/10 16:02:34 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/09/10 16:02:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/09/10 16:02:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/09/10 16:02:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/07/23 20:49:04 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdndrs.dll
[2009/07/14 10:02:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdngrd.dll
[2009/06/26 20:24:26 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/02 20:37:57 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/06/02 18:40:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/02 18:39:35 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/06/02 18:15:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcxvs.dll
[2009/06/02 18:15:15 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlcxcoin.dll
[2009/06/02 18:15:08 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\dlcxdrs.dll
[2009/06/02 18:15:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcxcaps.dll
[2009/06/02 18:15:08 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcxcnv4.dll
[2009/06/02 18:14:53 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
[2009/06/02 18:14:53 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\dlcxinst.dll
[2009/06/02 18:14:53 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2009/06/02 18:14:53 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
[2009/06/02 18:14:53 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll
[2009/06/02 18:14:53 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
[2009/06/02 18:14:53 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
[2009/06/02 18:14:53 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
[2009/06/02 18:14:53 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
[2009/06/02 18:14:53 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DLCXcfg.dll
[2009/06/02 18:14:53 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
[2009/06/02 18:11:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL
[2009/06/02 18:11:50 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL
[2009/06/02 17:58:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/06/02 17:46:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/06/02 17:41:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/06/02 13:35:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/02 13:33:37 | 000,362,528 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/14 14:46:40 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdncaps.dll
[2008/07/26 14:42:52 | 000,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/03/31 20:47:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdnvs.dll
[2007/10/02 15:51:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdncnv4.dll
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,444,818 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,072,568 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/18 01:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2002/04/04 21:00:50 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\kbdhebz.dll

< End of report >
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
10-Sep-2011, 09:58 AM #50
Hi danielstern96,

IT APPEARS THAT YOUR LOGS ARE NOW CLEAN SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!!

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
----------

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following text into the Run box as shown and click OK.
(Note: There is a space between the ..X and the /U that needs to be there.)


----------

Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

----------

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
  • Open Internet Explorer
  • Click on Tools > Internet Options
  • Press Security tab
  • Select Internet zone then place check next to Enable Protected Mode if not already done
  • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
  • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.

3. Use and Update an Anti-Virus Software - I can not overemphasize the need for you to use and update your Anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here.
**Do not install more than one firewall program because they will conflict with each other**

5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

6. Filehippo's Update Checker. It is free utilitiy that scan your computer for installed software, checks the versions and then sends this information to see if there are any newer releases. Available software updates are displayed and you can decide which ones to download and install. Among many other types of programs, they includes a number of the Anti-Spyware, Firewall/Security and Anti-Virus programs that have been recommended (though not all of them). Note: Definition files should be updated from within the programs themselves. The Update Checker look for newer versions of the software program, not definition files.

7. Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

8. WOT , Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

9. Install Spybot - Search and Destroy - Download and install Spybot - Search and Destroy with its TeaTimer option. This will provide real time spyware and hijacker protection on your computer alongside your virus protection. You should scan your computer with the program on a regular basis just as you would with your anti-virus software. A tutorial on installing and using this product can be found here:
Instructions for - Spybot S & D and Ad-aware

10. Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?


Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
danielstern96's Avatar
danielstern96 danielstern96 is offline
Member with 44 posts.
THREAD STARTER
 
Join Date: Aug 2011
10-Sep-2011, 10:33 AM #51
i am more than satisfied. THANK YOU!
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
10-Sep-2011, 10:40 AM #52
You are quite welcome!!
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
10-Sep-2011, 12:42 PM #53
Since this topic seems to be resolved I will be unsubscribing from this thread. Glad that we could be of help.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
computer, malware, trojan, virus, worm

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑