Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Themida error when opening Fraps [Solved]

Started by erikc4l , Mar 23 2010 07:26 PM

  • This topic is locked This topic is locked

#31
ali.B
Posted 14 April 2010 - 12:09 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
The files that are going to be deleted are the infected and bad files only, so if your game files are ok you shouldn't be worrying.

SalityKiller done some restoring for your registry but all your programs should work fine, let me know if you are having problems running any.

proceed with DrWeb Cureit!
  • 0

Advertisements

#32
erikc4l
Posted 14 April 2010 - 03:34 PM

erikc4l

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
I have already posted he drweb cureit but it was on a mediafire link because I don't have microsoft excel installed if that's fine with you. I also have a question, how can I turn off user account control (uac) since I think sality turned it back on because if I go to the control panel it tells me that it's already turned off?
  • 0

#33
ali.B
Posted 16 April 2010 - 01:03 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
From control panel try turning it on as it states it's "off" then turn it back off.

Though you'd be better by keeping it working.
  • 0

#34
erikc4l
Posted 16 April 2010 - 05:00 PM

erikc4l

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Okay but have you seen the drweb cureit log yet? It's found here cause I couldn't open it since I don't have microsoft excel. http://www.mediafire.com/?ntzyyoktuye
  • 0

#35
ali.B
Posted 16 April 2010 - 11:30 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
yes i have seen the log.

How is your computer running.
  • 0

#36
erikc4l
Posted 17 April 2010 - 12:57 AM

erikc4l

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
It is fine but whenever I log on to my computer it always says that something similar to this "HPHC_Scheduler.exe is not working" and I think that file is still infected because when I did drweb cureit it was listed in the infected files and drweb said it was cured but it still shows the message. Also it stands for HP Health Check. My computer is running just like any other computer since when I got the virus nothing was really changed. Thanks for replying.
  • 0

#37
ali.B
Posted 17 April 2010 - 01:19 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
I would recommend you to uninstall all HP components and reinstall them back to make sure all files are working properly.
  • 0

#38
erikc4l
Posted 17 April 2010 - 01:43 PM

erikc4l

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
How would I do that as I can't even do a system reformat because of a virus I had before? Could you please help me out as soon as possible? I'm trying to play a game and I can't play because of the virus.
  • 0

#39
ali.B
Posted 17 April 2010 - 02:09 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Don't you have the HP installation CD?

Which Game is not working for you ? Was it working before?
  • 0

#40
erikc4l
Posted 17 April 2010 - 02:34 PM

erikc4l

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
No, I don't have any of the installation CDs as I bought it from a store and they didn't give me any CDs. The game that isn't working is Sudden Attack (http://suddenattack.gamehi.com/). The game works but it gives a certain error in the game about the files being modified or something in which I have not modified the files as I just installed it yesterday. But as I went and looked at the FAQ, one of the options said that the game's analysis might detect a virus on my computer so it closes the game.
  • 0

Advertisements

#41
ali.B
Posted 18 April 2010 - 01:18 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • 0

#42
erikc4l
Posted 18 April 2010 - 01:34 AM

erikc4l

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
OTL logfile created on: 4/18/2010 12:30:06 AM - Run 10
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Erik Tran\Desktop\GeekstoGo
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.01 Gb Total Space | 155.14 Gb Free Space | 69.88% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.76 Gb Free Space | 16.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERIKTRAN-PC
Current User Name: Erik Tran
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/08 20:19:28 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/24 15:58:27 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Erik Tran\Desktop\GeekstoGo\OTL.exe
PRC - [2010/03/08 14:04:49 | 003,972,440 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2009/11/20 16:46:32 | 000,175,888 | ---- | M] () -- C:\Program Files\IObit\Game Booster\gbtray.exe
PRC - [2009/11/12 17:33:04 | 010,358,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2009/09/30 20:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/08/05 11:19:41 | 000,455,336 | ---- | M] () -- C:\Program Files\Lexmark X5400 Series\lxdvmon.exe
PRC - [2008/08/05 11:19:40 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark X5400 Series\lxdvamon.exe
PRC - [2008/07/24 06:33:53 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdvcoms.exe
PRC - [2008/01/20 19:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/03/24 15:58:27 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Erik Tran\Desktop\GeekstoGo\OTL.exe
MOD - [2008/01/20 19:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - [2010/01/06 09:13:00 | 003,478,288 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/07/24 06:33:53 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdvcoms.exe -- (lxdv_device)
SRV - [2008/07/24 06:33:43 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdvserv.exe -- (lxdvCATSCustConnectService)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.allkpop.c...category/music"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: [email protected]:0.1.4


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/08 20:19:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/15 18:08:29 | 000,000,000 | ---D | M]

[2009/12/13 09:41:06 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Extensions
[2010/04/17 16:15:30 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions
[2010/01/16 14:54:42 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/01/16 12:09:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\{6ad56361-628f-471b-8f9d-4c338973a87d}
[2010/01/12 17:59:02 | 000,000,000 | ---D | M] (AOL Radio Toolbar) -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\{6ad56361-628f-471b-8f9d-4c338973a87d}(97)
[2010/02/03 17:45:23 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/01/08 16:58:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/14 21:08:39 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\[email protected]
[2009/12/13 12:23:24 | 000,002,283 | ---- | M] () -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\searchplugins\aol-search.xml
[2010/04/17 16:15:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/03 00:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll

O1 HOSTS File: ([2010/03/27 13:08:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [lxdvamon] C:\Program Files\Lexmark X5400 Series\lxdvamon.exe ()
O4 - HKLM..\Run: [lxdvmon.exe] C:\Program Files\Lexmark X5400 Series\lxdvmon.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Erik Tran\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Erik Tran\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/04/17 16:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\GameHi_USA
[2010/04/16 16:31:16 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\AppData\Local\Kamuse
[2010/04/16 15:02:39 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\AppData\Local\Topblast
[2010/04/15 23:07:17 | 000,000,000 | ---D | C] -- C:\pb
[2010/04/15 22:43:51 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\Documents\³Ø½¼ Ç÷¯±×
[2010/04/15 22:43:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2010/04/12 17:26:38 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\DoctorWeb
[2010/04/12 17:14:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/04/12 17:14:53 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\AppData\Local\temp
[2010/04/12 17:13:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/04/12 16:57:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/04/12 13:54:16 | 000,157,520 | ---- | C] (Kaspersky Lab) -- C:\SalityKiller.exe
[2010/04/10 11:31:25 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\Desktop\rBot_4
[2010/04/10 10:32:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/04/10 10:32:50 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/04/10 10:32:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/02/01 22:49:04 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxdvserv.dll
[2010/02/01 22:49:04 | 000,954,368 | ---- | C] ( ) -- C:\Windows\System32\lxdvusb1.dll
[2010/02/01 22:49:04 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdvpmui.dll
[2010/02/01 22:49:04 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDVhcp.dll
[2010/02/01 22:49:04 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdvinpa.dll
[2010/02/01 22:49:04 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdviesc.dll
[2010/02/01 22:49:04 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdvprox.dll
[2010/02/01 22:49:03 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdvlmpm.dll
[2010/02/01 22:49:02 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdvhbn3.dll
[2010/02/01 22:49:01 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdvcomc.dll
[2010/02/01 22:49:01 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdvcomm.dll
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/04/18 00:31:12 | 002,621,440 | -HS- | M] () -- C:\Users\Erik Tran\NTUSER.DAT
[2010/04/18 00:23:42 | 000,053,307 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/04/18 00:23:41 | 000,053,307 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/04/17 23:27:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/17 23:27:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/17 16:03:20 | 000,000,775 | ---- | M] () -- C:\Users\Public\Desktop\SuddenAttackNA.lnk
[2010/04/17 12:55:43 | 000,001,895 | ---- | M] () -- C:\Windows\System32\msexcr.ini
[2010/04/17 11:33:26 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/17 11:33:26 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/17 11:33:26 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/17 11:27:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/17 11:27:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/17 11:26:57 | 2951,061,504 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/17 11:26:19 | 000,524,288 | -HS- | M] () -- C:\Users\Erik Tran\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/04/17 11:26:19 | 000,065,536 | -HS- | M] () -- C:\Users\Erik Tran\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/04/17 11:26:05 | 002,207,858 | -H-- | M] () -- C:\Users\Erik Tran\AppData\Local\IconCache.db
[2010/04/16 22:44:43 | 000,032,774 | ---- | M] () -- C:\Users\Erik Tran\Desktop\1219285336101.jpeg
[2010/04/16 15:04:45 | 000,001,662 | ---- | M] () -- C:\Users\Erik Tran\Desktop\Defraggler.lnk
[2010/04/15 21:55:50 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/04/12 17:10:45 | 000,000,229 | ---- | M] () -- C:\Windows\system.ini
[2010/04/11 22:40:30 | 000,000,770 | ---- | M] () -- C:\Users\Erik Tran\Desktop\AkaiMS - Shortcut.lnk
[2010/04/09 22:39:11 | 000,000,792 | ---- | M] () -- C:\Users\Erik Tran\Desktop\NudieStory - Shortcut.lnk
[2010/04/08 09:06:50 | 000,157,520 | ---- | M] (Kaspersky Lab) -- C:\SalityKiller.exe
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/17 16:03:20 | 000,000,775 | ---- | C] () -- C:\Users\Public\Desktop\SuddenAttackNA.lnk
[2010/04/17 12:55:43 | 000,001,895 | ---- | C] () -- C:\Windows\System32\msexcr.ini
[2010/04/16 22:44:42 | 000,032,774 | ---- | C] () -- C:\Users\Erik Tran\Desktop\1219285336101.jpeg
[2010/04/11 22:40:30 | 000,000,770 | ---- | C] () -- C:\Users\Erik Tran\Desktop\AkaiMS - Shortcut.lnk
[2010/04/10 10:32:50 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/04/10 10:32:50 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/04/10 10:32:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/04/10 10:32:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/04/10 10:32:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/04/09 22:39:11 | 000,000,792 | ---- | C] () -- C:\Users\Erik Tran\Desktop\NudieStory - Shortcut.lnk
[2010/03/13 21:25:31 | 000,000,680 | ---- | C] () -- C:\Users\Erik Tran\AppData\Local\d3d9caps.dat
[2010/03/07 09:22:30 | 000,003,584 | ---- | C] () -- C:\Users\Erik Tran\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/01 22:52:04 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdvcoin.dll
[2010/02/01 22:49:17 | 000,000,060 | ---- | C] () -- C:\Windows\System32\lxdvrwrd.ini
[2010/02/01 22:49:05 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDVinst.dll
[2010/02/01 22:49:02 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdvgrd.dll
[2009/12/13 11:54:20 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/12/13 09:11:12 | 000,053,307 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/12/13 09:11:07 | 000,053,307 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/12/13 09:08:08 | 000,000,000 | ---- | C] () -- C:\Users\Erik Tran\AppData\Local\QSwitch.txt
[2009/12/13 09:08:08 | 000,000,000 | ---- | C] () -- C:\Users\Erik Tran\AppData\Local\DSwitch.txt
[2009/12/13 09:08:08 | 000,000,000 | ---- | C] () -- C:\Users\Erik Tran\AppData\Local\AtStart.txt
[2009/12/13 06:25:22 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/12/13 06:25:10 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/12/13 06:24:44 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/12/13 06:24:05 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/12/13 06:22:45 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/12/13 06:22:00 | 000,000,246 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/10/25 17:10:11 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/25 17:03:58 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/25 17:01:59 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/25 17:00:34 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/10/08 16:05:06 | 000,010,752 | ---- | C] () -- C:\Windows\System32\rcmirror.dll
[2008/07/15 23:49:37 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdvvs.dll
[2008/01/14 18:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2007/09/06 13:40:36 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdvdrs.dll
[2007/08/10 12:49:54 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxdvcaps.dll
[2007/07/16 10:53:09 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdvcnv4.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 02:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2009/12/13 09:57:44 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\acccore
[2010/01/13 00:05:36 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Datarescue
[2010/01/03 10:12:37 | 000,000,000 | -H-D | M] -- C:\Users\Erik Tran\AppData\Roaming\ijjigame
[2010/02/01 22:54:37 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Lexmark Productivity Studio
[2010/02/01 15:30:39 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Mael
[2010/03/21 20:24:25 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\ManyCam
[2010/03/18 18:06:27 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\MySQL
[2010/02/03 17:52:31 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Nexon
[2010/03/17 21:14:57 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\nHancer
[2010/03/04 19:33:51 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Subversion
[2010/01/23 11:37:30 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\SystemRequirementsLab
[2010/01/19 22:43:08 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\TeamViewer
[2010/03/07 09:28:10 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\VSO
[2010/04/17 11:26:13 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D06A4C76
< End of report >
  • 0

#43
ali.B
Posted 18 April 2010 - 04:44 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

We will use Dr.Web CureIt again, delete your previous copy.

Download Dr.Web CureIt to the desktop.
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow Posted Image at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new OTL log.
NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.
  • 0

#44
erikc4l
Posted 19 April 2010 - 03:21 PM

erikc4l

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
I did the first quick/short scan and it detected nothing but I don't think I will have the time for the full scan as for the last time it took awhile.. But is there anyway I can uninstall/delete the HP Health Checker?
  • 0

#45
ali.B
Posted 22 April 2010 - 04:31 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
could you give me updates on your current problems
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP