1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Nasty Virus!

Discussion in 'Virus & Other Malware Removal' started by danielstern96, Aug 16, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. danielstern96

    danielstern96 Thread Starter

    Joined:
    Aug 16, 2011
    Messages:
    44
    great! thank you sooo much for everything. your help was greatly appreciated. :)

    i have sooo many questions now. i was wondering if maybe you could answer a few of them.
    1) do you like helping out like this? what got you involved?
    2) is it difficult? do you think a 15 year old would be able to go through a course like you did?
     
  2. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi danielstern,

    Glad to hear the system is running better!! :)

    Personally I love helping people with their computer problems. I actually got involved doing this about a year ago now after I had a similar problem on my system. I was helped with my system and I asked how someone goes about learning this and I was guided to where to learn. :)

    The course to go through like I have said takes time and commitment. I have been in it almost a year. Day in day out. It IS challenging, but I had very little background in anything more than what an average user might have so I would wager the more experience with computers going in the more familiar you might be with what is shown. In relation to age...I am not sure that matters but I don't know for sure.
    ----------

    I see from your last OTL log that we still have some work to do. That was a really nasty piece of malware that we have been removing so this may take a little bit longer than normal, but we are definitely looking better. [​IMG]
    ----------

    Run OTL.exe

    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :Services
      
      :OTL
      O4 - Startup: C:\Documents and Settings\dan\Start Menu\Programs\Startup\fliptoast.lnk = File not found
      O4 - Startup: C:\Documents and Settings\dan\Start Menu\Programs\Startup\KeyPad.lnk = File not found
      O4 - Startup: C:\Documents and Settings\dan\Start Menu\Programs\Startup\PdaNet Desktop.lnk = File not found
      O4 - Startup: C:\Documents and Settings\dan\Start Menu\Programs\Startup\Xfire.lnk = File not found
      [2011/08/13 17:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ooVoo
      [2011/09/09 17:14:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
      [2011/08/13 22:49:42 | 000,517,328 | ---- | M] () -- C:\Documents and Settings\dan\My Documents\cc_20110813_224934.reg
      [2011/08/13 17:44:48 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ooVoo.lnk
      [2011/08/13 22:49:37 | 000,517,328 | ---- | C] () -- C:\Documents and Settings\dan\My Documents\cc_20110813_224934.reg
      
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    • There will be a log created and then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
     
  3. danielstern96

    danielstern96 Thread Starter

    Joined:
    Aug 16, 2011
    Messages:
    44
    after fix:


    All processes killed
    ========== SERVICES/DRIVERS ==========
    ========== OTL ==========
    C:\Documents and Settings\dan\Start Menu\Programs\Startup\fliptoast.lnk moved successfully.
    C:\Documents and Settings\dan\Start Menu\Programs\Startup\KeyPad.lnk moved successfully.
    C:\Documents and Settings\dan\Start Menu\Programs\Startup\PdaNet Desktop.lnk moved successfully.
    C:\Documents and Settings\dan\Start Menu\Programs\Startup\Xfire.lnk moved successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\ooVoo folder moved successfully.
    C:\WINDOWS\system32\drivers\logiflt.iad moved successfully.
    C:\Documents and Settings\dan\My Documents\cc_20110813_224934.reg moved successfully.
    C:\Documents and Settings\All Users\Desktop\ooVoo.lnk moved successfully.
    File C:\Documents and Settings\dan\My Documents\cc_20110813_224934.reg not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Application Data

    User: cs

    User: dan
    ->Temp folder emptied: 11630428 bytes
    ->Temporary Internet Files folder emptied: 892380 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 352251265 bytes
    ->Flash cache emptied: 2586 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 627675 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 349.00 mb


    OTL by OldTimer - Version 3.2.26.5 log created on 09102011_100858

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  4. danielstern96

    danielstern96 Thread Starter

    Joined:
    Aug 16, 2011
    Messages:
    44
    after new scan:


    OTL logfile created on: 9/10/2011 10:13:09 AM - Run 3
    OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\dan\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.89% Memory free
    3.84 Gb Paging File | 2.92 Gb Available in Paging File | 76.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 141.80 Gb Total Space | 44.32 Gb Free Space | 31.25% Space Free | Partition Type: NTFS

    Computer Name: COMPUTER1 | User Name: dan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    PRC - C:\Documents and Settings\dan\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
    PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
    PRC - C:\Program Files\AIM\aim.exe (AOL Inc.)
    PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    PRC - C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
    PRC - C:\Documents and Settings\dan\Desktop\Unlocker\UnlockerAssistant.exe ()
    PRC - C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
    PRC - C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
    PRC - C:\Program Files\SurfSecret PrivacyVaults\PriVault.exe (SurfSecret, LLC)
    PRC - C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
    PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
    PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
    PRC - C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe ()
    PRC - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe (Logitech Inc.)
    PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
    PRC - C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\lxdncoms.exe ( )
    PRC - C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
    PRC - C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
    PRC - C:\WINDOWS\system32\dlcxcoms.exe ( )
    PRC - C:\Program Files\PDF-XChange 3 Pro\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
    MOD - C:\Program Files\Steam\bin\libcef.dll ()
    MOD - C:\Program Files\Steam\bin\chromehtml.dll ()
    MOD - C:\Program Files\Steam\bin\avutil-50.dll ()
    MOD - C:\Program Files\Steam\bin\avcodec-52.dll ()
    MOD - C:\Program Files\Steam\bin\avformat-52.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\13.0.782.220\ppgooglenaclpluginchrome.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\13.0.782.220\pdf.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\13.0.782.220\Locales\en-US.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\13.0.782.220\avutil-50.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\13.0.782.220\avformat-52.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\13.0.782.220\avcodec-52.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\13.0.782.220\gcswf32.dll ()
    MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
    MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
    MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
    MOD - C:\Program Files\AIM\nssckbi.dll ()
    MOD - C:\Documents and Settings\dan\Desktop\Unlocker\UnlockerHook.dll ()
    MOD - C:\Documents and Settings\dan\Desktop\Unlocker\UnlockerAssistant.exe ()
    MOD - C:\Program Files\LogMeIn\x86\ICSAgent32.dll ()
    MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdndrpp.dll ()
    MOD - C:\WINDOWS\system32\lxdndrs.dll ()
    MOD - C:\WINDOWS\system32\lxdncaps.dll ()
    MOD - C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll ()
    MOD - C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll ()
    MOD - C:\Program Files\Logitech\QuickCam\LAppRes.DLL ()
    MOD - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
    MOD - C:\Program Files\Common Files\logishrd\LComMgr\LogiVOIPDevicePlugin.dll ()
    MOD - C:\Program Files\Common Files\logishrd\LComMgr\LogiCordless4001.dll ()
    MOD - C:\Program Files\Common Files\logishrd\LComMgr\LogiCordless.dll ()
    MOD - C:\Program Files\Logitech\QuickCam\EFVal.dll ()
    MOD - C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe ()
    MOD - C:\Program Files\Common Files\logishrd\LComMgr\DevMngr.dll ()
    MOD - C:\Program Files\Common Files\logishrd\LVCOMSER\LVCSPS.dll ()
    MOD - C:\WINDOWS\system32\lxdncnv4.dll ()
    MOD - C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
    MOD - C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
    MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\dlcxdrpp.dll ()
    MOD - C:\Program Files\Dell PC Fax\dlctrstr.dll ()
    MOD - C:\WINDOWS\system32\DLPRMON.DLL ()
    MOD - C:\Program Files\Dell PC Fax\ipcmt.dll ()
    MOD - C:\Program Files\Dell Photo AIO Printer 926\DLCXcfg.dll ()
    MOD - C:\Program Files\Dell Photo AIO Printer 926\dlcxscw.dll ()
    MOD - C:\Program Files\Dell Photo AIO Printer 926\dlcxdrec.dll ()
    MOD - C:\Program Files\PDF-XChange 3 Pro\pdfSaver\fm30xmf.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (McComponentHostService) -- File not found
    SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
    SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
    SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
    SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
    SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
    SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
    SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
    SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe ()
    SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
    SRV - (lxdn_device) -- C:\WINDOWS\System32\lxdncoms.exe ( )
    SRV - (dlcx_device) -- C:\WINDOWS\System32\dlcxcoms.exe ( )


    ========== Driver Services (SafeList) ==========

    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (pneteth) -- C:\WINDOWS\system32\drivers\pneteth.sys (June Fabrics Technology Inc.)
    DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
    DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
    DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Cisco Systems, Inc.)
    DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Cisco Systems, Inc.)
    DRV - (WUSB54GCv3) -- C:\WINDOWS\system32\drivers\WUSB54GCv3.sys (Ralink Technology, Corp.)
    DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
    DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
    DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
    DRV - (LVUVC) Logitech QuickCam E3500(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
    DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
    DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
    DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
    DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
    DRV - (shwMirror) -- C:\WINDOWS\system32\drivers\shwMirror.sys (Windows (R) Server 2003 DDK provider)
    DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 62 0F A5 3D A0 B6 CB 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.aol.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)


    [2011/02/06 19:13:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dan\Application Data\Mozilla\Extensions
    [2011/09/04 22:54:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2011/09/09 15:56:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
    O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
    O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
    O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
    O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
    O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
    O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
    O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
    O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [UnlockerAssistant] C:\Documents and Settings\dan\Desktop\Unlocker\UnlockerAssistant.exe ()
    O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
    O4 - HKCU..\Run: [pdfSaver3] C:\Program Files\PDF-XChange 3 Pro\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.)
    O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKCU..\Run: [SurfSecret Privacy Vaults] C:\Program Files\SurfSecret PrivacyVaults\PriVault.exe (SurfSecret, LLC)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243980282796 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243980267452 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.130 167.206.245.129
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\dan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\dan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O30 - LSA: Security Packages - (Lsa) - File not found
    O30 - LSA: Security Packages - (ity Packages settings...) - File not found
    O30 - LSA: Security Packages - (or) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/02 17:44:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/09/09 15:56:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/09/09 15:52:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader 5.0
    [2011/09/09 15:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
    [2011/09/06 19:03:46 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/09/06 19:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/09/06 19:03:42 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/09/06 16:25:01 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/09/06 16:07:34 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
    [2011/09/05 23:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011/09/04 22:39:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/09/04 22:34:02 | 004,194,092 | R--- | C] (Swearware) -- C:\Documents and Settings\dan\Desktop\ComboFix.exe
    [2011/08/31 13:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dan\My Documents\YouTube Downloader
    [2011/08/31 13:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\YoutubeDownloader.org
    [2011/08/24 03:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
    [2011/08/19 15:27:53 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/08/18 15:16:30 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\dan\Desktop\OTL.exe
    [2011/08/13 23:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/08/13 22:50:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\dan\Recent
    [2011/08/13 16:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dan\Local Settings\Application Data\antiphishing-webblog1_1dn
    [2011/08/13 16:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
    [2011/08/13 16:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Client
    [2011/08/13 16:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dan\Application Data\FileHunter
    [2011/08/12 18:36:52 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/08/11 18:20:34 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
    [2011/08/11 18:19:18 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
    [2011/05/11 23:01:13 | 003,325,832 | ---- | C] (Ask) -- C:\Program Files\Common Files\APNToolbarInstaller.exe
    [2011/05/11 23:01:13 | 000,108,424 | ---- | C] (Ask.com) -- C:\Program Files\Common Files\APNStub.exe
    [2009/10/20 18:59:04 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncoin.dll
    [2009/06/02 18:14:53 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
    [2009/06/02 18:14:53 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
    [2009/06/02 18:14:53 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll
    [2009/06/02 18:14:53 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
    [2009/06/02 18:14:53 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
    [2009/06/02 18:14:53 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxlmpm.dll
    [2009/06/02 18:14:53 | 000,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcoms.exe
    [2009/06/02 18:14:53 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
    [2009/06/02 18:14:53 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxinpa.dll
    [2009/06/02 18:14:53 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxiesc.dll
    [2009/06/02 18:14:53 | 000,381,832 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcfg.exe
    [2009/06/02 18:14:53 | 000,380,928 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxih.exe
    [2009/06/02 18:14:53 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhcp.dll
    [2009/06/02 18:14:53 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
    [2009/06/02 18:14:53 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll
    [2007/11/28 16:19:08 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnpmui.dll
    [2007/11/28 16:16:04 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnserv.dll
    [2007/11/28 16:13:38 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnlmpm.dll
    [2007/11/28 16:13:30 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdniesc.dll
    [2007/11/28 16:13:22 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomm.dll
    [2007/11/28 16:13:08 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncfg.exe
    [2007/11/28 16:12:54 | 000,315,392 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnih.exe
    [2007/11/28 16:12:40 | 000,589,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncoms.exe
    [2007/11/28 16:12:26 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnhbn3.dll
    [2007/11/28 16:12:08 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnusb1.dll
    [2007/11/28 16:11:48 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomc.dll
    [2007/11/28 16:10:52 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnprox.dll
    [2007/11/28 16:09:18 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdninpa.dll

    ========== Files - Modified Within 30 Days ==========

    [2011/09/10 10:12:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/09/10 10:11:03 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/09/10 10:10:09 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/09/10 10:09:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/09/10 09:26:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/09/09 23:34:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/09/09 17:13:12 | 000,001,514 | ---- | M] () -- C:\Documents and Settings\dan\Application Data\Microsoft\Internet Explorer\Quick Launch\COWON Media Center - jetAudio.lnk
    [2011/09/09 17:13:11 | 000,001,496 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COWON Media Center - jetAudio.lnk
    [2011/09/09 17:04:53 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\Shortcut to JetAudio.exe.lnk
    [2011/09/09 15:56:02 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2011/09/09 15:52:17 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader 5.0.lnk
    [2011/09/09 15:52:17 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader 5.0.lnk
    [2011/09/09 13:40:31 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\Microsoft Office Word 2003.lnk
    [2011/09/06 19:03:46 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/09/05 23:15:22 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/09/04 22:59:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
    [2011/09/04 22:39:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/09/04 22:34:02 | 004,194,092 | R--- | M] (Swearware) -- C:\Documents and Settings\dan\Desktop\ComboFix.exe
    [2011/09/03 16:23:42 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2011/09/03 06:17:37 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
    [2011/09/02 16:26:37 | 000,000,631 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\clipbrd.lnk
    [2011/08/22 08:28:23 | 008,273,920 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\XPRC.iso
    [2011/08/20 18:09:57 | 000,444,818 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/08/20 18:09:57 | 000,072,568 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/08/19 17:49:00 | 001,405,744 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\TDSSKiller.exe
    [2011/08/18 15:16:31 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dan\Desktop\OTL.exe
    [2011/08/16 00:49:51 | 000,006,096 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
    [2011/08/13 22:52:44 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2011/08/12 18:36:08 | 000,000,568 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\Shortcut to Unlocker.lnk
    [2011/08/12 01:06:08 | 000,000,211 | ---- | M] () -- C:\Boot.bak

    ========== Files Created - No Company Name ==========

    [2011/09/09 17:04:53 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\dan\Desktop\Shortcut to JetAudio.exe.lnk
    [2011/09/09 15:52:17 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader 5.0.lnk
    [2011/09/09 15:52:17 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader 5.0.lnk
    [2011/09/06 19:03:46 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/09/05 23:15:22 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/09/04 22:39:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011/09/04 22:39:24 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/09/04 22:35:54 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/09/02 16:26:37 | 000,000,631 | ---- | C] () -- C:\Documents and Settings\dan\Desktop\clipbrd.lnk
    [2011/08/22 08:28:23 | 008,273,920 | ---- | C] () -- C:\Documents and Settings\dan\Desktop\XPRC.iso
    [2011/08/20 20:58:07 | 001,405,744 | ---- | C] () -- C:\Documents and Settings\dan\Desktop\TDSSKiller.exe
    [2011/08/17 19:15:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/08/16 00:49:51 | 000,006,096 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
    [2011/08/12 18:36:08 | 000,000,568 | ---- | C] () -- C:\Documents and Settings\dan\Desktop\Shortcut to Unlocker.lnk
    [2011/06/19 16:19:08 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
    [2011/05/17 21:21:34 | 000,192,752 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2011/02/14 19:00:54 | 000,038,543 | ---- | C] () -- C:\WINDOWS\System32\wbers.dat.dmp
    [2011/02/14 19:00:54 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\wbers.dat
    [2011/01/29 13:11:14 | 000,000,056 | ---- | C] () -- C:\WINDOWS\SpeederXP.INI
    [2010/10/28 02:03:35 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
    [2010/02/04 18:41:04 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/02/04 18:37:25 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2009/11/30 15:33:46 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
    [2009/11/10 23:31:43 | 000,941,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\CAMTHWDM.sys
    [2009/10/02 20:58:49 | 000,015,312 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
    [2009/09/10 16:02:34 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2009/09/10 16:02:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2009/09/10 16:02:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2009/09/10 16:02:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2009/07/23 20:49:04 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdndrs.dll
    [2009/07/14 10:02:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdngrd.dll
    [2009/06/26 20:24:26 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/06/02 20:37:57 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2009/06/02 18:40:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/06/02 18:39:35 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
    [2009/06/02 18:15:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcxvs.dll
    [2009/06/02 18:15:15 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlcxcoin.dll
    [2009/06/02 18:15:08 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\dlcxdrs.dll
    [2009/06/02 18:15:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcxcaps.dll
    [2009/06/02 18:15:08 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcxcnv4.dll
    [2009/06/02 18:14:53 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
    [2009/06/02 18:14:53 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\dlcxinst.dll
    [2009/06/02 18:14:53 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
    [2009/06/02 18:14:53 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
    [2009/06/02 18:14:53 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll
    [2009/06/02 18:14:53 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
    [2009/06/02 18:14:53 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
    [2009/06/02 18:14:53 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
    [2009/06/02 18:14:53 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
    [2009/06/02 18:14:53 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DLCXcfg.dll
    [2009/06/02 18:14:53 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
    [2009/06/02 18:11:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL
    [2009/06/02 18:11:50 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL
    [2009/06/02 17:58:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2009/06/02 17:46:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2009/06/02 17:41:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2009/06/02 13:35:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2009/06/02 13:33:37 | 000,362,528 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2009/05/14 14:46:40 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdncaps.dll
    [2008/07/26 14:42:52 | 000,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
    [2008/03/31 20:47:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdnvs.dll
    [2007/10/02 15:51:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdncnv4.dll
    [2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/04 08:00:00 | 000,444,818 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/04 08:00:00 | 000,072,568 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/04 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/09/18 01:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
    [2002/04/04 21:00:50 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\kbdhebz.dll

    < End of report >
     
  5. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi danielstern96,

    IT APPEARS THAT YOUR LOGS ARE NOW CLEAN [​IMG] SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! [​IMG]

    This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
    ----------

    The following will implement some cleanup procedures as well as reset System Restore points:

    Click Start > Run and copy/paste the following text into the Run box as shown and click OK.
    (Note: There is a space between the ..X and the /U that needs to be there.)

    [​IMG]
    ----------

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    ----------

    Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

    Here are some tips to reduce the potential for spyware infection in the future:

    1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.

    2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
    • Open Internet Explorer
    • Click on Tools > Internet Options
    • Press Security tab
    • Select Internet zone then place check next to Enable Protected Mode if not already done
    • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
    • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.

    3. Use and Update an Anti-Virus Software - I can not overemphasize the need for you to use and update your Anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

    4. Firewall
    Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here.
    **Do not install more than one firewall program because they will conflict with each other**

    5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

    6. Filehippo's Update Checker. It is free utilitiy that scan your computer for installed software, checks the versions and then sends this information to see if there are any newer releases. Available software updates are displayed and you can decide which ones to download and install. Among many other types of programs, they includes a number of the Anti-Spyware, Firewall/Security and Anti-Virus programs that have been recommended (though not all of them). Note: Definition files should be updated from within the programs themselves. The Update Checker look for newer versions of the software program, not definition files.

    7. Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    For information on how to download and install, please read this tutorial by WinHelp2002
    Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

    8. WOT , Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

    9. Install Spybot - Search and Destroy - Download and install Spybot - Search and Destroy with its TeaTimer option. This will provide real time spyware and hijacker protection on your computer alongside your virus protection. You should scan your computer with the program on a regular basis just as you would with your anti-virus software. A tutorial on installing and using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware

    10. Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?


    Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
     
  6. danielstern96

    danielstern96 Thread Starter

    Joined:
    Aug 16, 2011
    Messages:
    44
    i am more than satisfied. THANK YOU! :)
     
  7. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    You are quite welcome!! :)
     
  8. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Since this topic seems to be resolved I will be unsubscribing from this thread. Glad that we could be of help.
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1012740