Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

cryptnet.dll "bad image" pop up will not go away


  • This topic is locked This topic is locked

#1
BillAyres

BillAyres

    New Member

  • Member
  • Pip
  • 3 posts
I have been getting this popup for years and just let it lay in the background as I continue my tasks. Upon restart the popup goes away but usually comes back later on in the session. I am not sure what triggers it but it always has a ".exe" extension at the end. Everytime I remove that program that is listed I get a another popup with a different file.

The Popup reads:(the .exe changes)attached is a jpeg of popup
GoogleUpdate.exe - Bad Image
The application or DLL C:\WINDOWS\system32\cryptnet.dll is not a valid Windows image. Please check this against your installation.

Things I have tried to remove:
1. added 500 MB of Ram
2. Defraged C Drive
3. Ran Rkill
4. Ran Malaware (found 9/cleaned 5 Free)
5. Ran Ccleaner(file cleaning only)
6. Ran PureRa 1.7 System
7. Ran Temp File Cleaner By OldTimer
8. Ran Clean After Me
9. Ran DiskMax
10. Ran JavaRa


OTL LOG:
OTL logfile created on: 9/30/2011 10:33:43 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Mr. Ayres\Desktop\Jovon Fix
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 243.33 Mb Available Physical Memory | 31.72% Memory free
1.08 Gb Paging File | 0.63 Gb Available in Paging File | 58.57% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.89 Gb Total Space | 19.18 Gb Free Space | 68.76% Space Free | Partition Type: NTFS

Computer Name: UCONN-E2ACDE6D7 | User Name: Mr. Ayres | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/30 22:33:12 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr. Ayres\Desktop\Jovon Fix\OTL.exe
PRC - [2009/12/02 22:23:52 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/12/02 22:23:46 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe


========== Modules (No Company Name) ==========

MOD - [2008/04/13 23:09:30 | 000,438,784 | ---- | M] () -- C:\WINDOWS\system32\xpob2res.dll
MOD - [2006/10/22 12:22:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2006/10/22 12:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2009/12/02 22:23:52 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 22:23:46 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2009/12/02 22:23:52 | 000,020,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)
DRV - [2009/12/02 22:23:52 | 000,018,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftvolxp.sys -- (Sftvol)
DRV - [2009/12/02 22:23:50 | 000,211,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftplayxp.sys -- (Sftplay)
DRV - [2009/12/02 22:23:46 | 000,554,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftfsxp.sys -- (Sftfs)
DRV - [2008/08/30 20:59:26 | 000,241,280 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2008/08/30 20:59:26 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2008/08/30 20:59:26 | 000,144,250 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2008/08/30 20:59:26 | 000,030,662 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2008/08/30 20:59:26 | 000,025,930 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2008/08/30 20:59:24 | 000,062,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/08/30 20:59:24 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/07/19 11:57:46 | 001,329,920 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/09/22 07:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 07:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/03/05 12:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT)
DRV - [2001/08/17 09:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)



O1 HOSTS File: ([2010/08/03 09:35:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.5; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.shockwave...at-the-zoo.jsp" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} http://games.bigfish...eb.1.0.0.21.cab (CPlayFirstFashionDasControl Object)
O16 - DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} http://games.bigfish...eb.1.0.0.15.cab (CPlayFirstDairyDashWControl Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} http://games.bigfish...Web.1.0.0.9.cab (CPlayFirstCookingDasControl Object)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} http://games.bigfish...Web.1.0.0.9.cab (CPlayFirstNightshiftControl Object)
O16 - DPF: {6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} http://games.bigfish...eb.1.0.0.12.cab (CPlayFirstGreatChocoControl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://games.bigfish...esPlayer_v4.cab (GoBit Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {F135A813-7152-4532-AC8D-28AC2136DFC7} http://games.bigfish...sh.1.0.0.10.cab (CPlayFirstParkingDasControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A7F2B8B-F7E1-4AE8-AE05-AA47EFFA9F2A}: DhcpNameServer = 68.87.71.230 68.87.73.246
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll ()
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/30 10:03:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/30 22:14:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/09/30 21:50:40 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/09/30 21:50:28 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/09/30 21:50:24 | 000,000,000 | ---D | C] -- C:\Program Files\IncrediMail_MediaBar_4
[2011/09/30 21:49:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr. Ayres\Local Settings\Application Data\IM
[2011/09/30 21:49:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2011/09/30 21:49:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IM
[2011/09/30 21:48:50 | 001,030,950 | ---- | C] (KoshyJohn.com) -- C:\Documents and Settings\Mr. Ayres\My Documents\DiskMax.exe
[2011/09/30 21:23:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mr. Ayres\Recent
[2011/09/30 20:52:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mr. Ayres\Start Menu\Programs\Administrative Tools
[2011/09/20 15:27:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/09/20 15:27:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr. Ayres\My Documents\Registry Cleaner Bak
[2011/09/20 15:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/09/20 14:45:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr. Ayres\Desktop\Jovon Fix
[2011/09/19 21:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr. Ayres\Application Data\AVG2012
[2011/09/19 21:31:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/09/19 21:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2002/04/11 00:41:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 30 Days ==========

[2011/11/19 14:17:35 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EB4C12FD-4D4E-4BED-993A-6B003D2463A7}.job
[2011/09/30 22:03:00 | 000,441,996 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/30 22:03:00 | 000,071,674 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/30 21:48:44 | 001,030,950 | ---- | M] (KoshyJohn.com) -- C:\Documents and Settings\Mr. Ayres\My Documents\DiskMax.exe
[2011/09/30 21:38:52 | 000,046,409 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/09/30 21:38:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/30 21:38:35 | 804,331,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/30 21:38:35 | 000,123,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/30 19:05:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/20 17:19:47 | 000,083,360 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011/09/20 15:21:50 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/05 18:05:37 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\Mr. Ayres\My Documents\spider.sav

========== Files Created - No Company Name ==========

[2011/10/23 16:07:17 | 000,282,904 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/09/30 21:38:35 | 000,123,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/20 16:50:03 | 000,083,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011/09/20 15:21:50 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/08/03 12:06:32 | 000,002,894 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2010/08/03 09:20:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/03 09:20:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/03 09:20:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/03 09:20:56 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/03 09:20:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/02/07 22:55:36 | 000,010,480 | ---- | C] () -- C:\WINDOWS\System32\sbnetkey.sys
[2009/02/07 22:48:18 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\sllr.dat
[2009/01/01 20:42:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/09/09 13:20:37 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Mr. Ayres\Local Settings\Application Data\fusioncache.dat
[2008/09/08 15:01:26 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/09/08 14:52:21 | 000,109,169 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
[2008/09/08 14:52:21 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
[2008/08/30 17:15:18 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2008/08/30 17:15:18 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/08/30 10:06:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/08/30 10:00:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/30 05:39:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/10/22 12:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/10/18 21:47:22 | 000,133,632 | ---- | C] () -- C:\WINDOWS\System32\WPDShServiceObj.dll
[2006/10/18 21:47:18 | 000,166,912 | ---- | C] () -- C:\WINDOWS\System32\PortableDeviceTypes.dll
[2005/03/22 16:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 16:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,441,996 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,438,784 | ---- | C] () -- C:\WINDOWS\System32\xpob2res.dll
[2004/08/04 08:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 08:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 08:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/04 08:00:00 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\win32spl.dll
[2004/08/04 08:00:00 | 000,071,674 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\ssdpapi.dll
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/04 08:00:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cryptnet.dll
[2003/10/06 14:16:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2003/10/06 14:16:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2003/10/06 14:16:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2003/10/06 14:16:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2003/10/06 14:16:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2003/10/06 14:16:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2003/10/06 14:16:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003/07/08 13:41:48 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/09/20 15:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/11/19 18:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/15 08:09:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/03/13 21:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivoGames
[2009/03/06 19:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2008/12/28 18:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
[2009/01/20 18:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2009/03/14 21:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2011/09/30 21:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2011/09/30 21:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2011/07/11 19:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2008/10/25 21:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2011/09/20 15:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/01/02 20:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2009/01/01 17:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
[2009/02/11 21:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon
[2009/03/16 19:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2009/01/04 21:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/03/19 20:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/11 19:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\White Sky, Inc
[2008/10/06 18:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/01/01 19:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Ayres\Application Data\AlterLab
[2009/01/01 20:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Ayres\Application Data\Amaranth Games
[2011/09/19 21:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Ayres\Application Data\AVG2012
[2009/03/19 19:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Ayres\Application Data\BFG_JanesRealty
[2009/03/13 22:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Ayres\Application Data\Boolat Games
[2009/03/06 21:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Ayres\Application Data\EleFun Games
[2008/12/28 20:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Ayres\Application Data\funkitron
[2009/03/07 21:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Ayres\Application Data\Gaijin Ent
[2011/11/19 19:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Ayres\Application Data\ID Vault
[2008/12/25 00:57:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Ayres\Application Data\iWin
[2008/10/25 21:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Ayres\Application Data\Ludia
[2008/10/25 20:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Ayres\Application Data\Oberon Games
[2009/01/04 21:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Ayres\Application Data\PlayFirst
[2009/03/16 19:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Ayres\Application Data\Teggo
[2011/03/13 15:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Ayres\Application Data\TP
[2009/03/13 23:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Ayres\Application Data\ViquaSoft
[2009/03/07 23:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Ayres\Application Data\YoudaGames
[2011/11/19 14:17:35 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EB4C12FD-4D4E-4BED-993A-6B003D2463A7}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDEB08FD
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:059167AF
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FF4577A
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05816AFA
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551E1CB4
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81F83028
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AF9CAEB
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EBA4934
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9E46E4C
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DD623B3
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CCCFE57E
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7DFDF9DF
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A94968B5
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A23D24E7
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00C31200
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:615435BE
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C49306C
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDF08FAF
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FBE0E9C
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0BC727
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A42A9F39
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5466F106
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0762150
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6677D85A
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1D818F7
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:957E9765
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45FE2B4E
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DA9DB01
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89123481
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99762419
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3A4217C
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:883EDFB5
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71FA8B7F
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D98D98
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FECEF728
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67BA17B9
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FB7A2BD

< End of report >



ANY HELP WILL BE GREATLY APPRECIATED!!!!

Attached Thumbnails

  • Problem 1.JPG

  • 0

Advertisements


#2
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Geeks to Go. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Next:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
cryptnet.dll 
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Scan with RSIT:

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
Make sure that RSIT.exe is on the your Desktop before running the application!
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.
Note: Both logs can also be located within this folder rsit at the root of your installed Hard-Drive. EG: C:\rsit

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • SystemLook Log.
  • Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#3
BillAyres

BillAyres

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thank you Dakeyras,

I will be performing the actions listed when I get back in town on Thursday Evening. I hope this will not inconvenience you. Thank you for your help and you will hear from me as soon as I complete the tasks.

Bill

Edited by BillAyres, 09 October 2011 - 06:40 PM.

  • 0

#4
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Not a problem and thank you for the courtesy of informing myself...you are most welcome also! :)

Note: Do leave OTL on the Desktop, as we will be using it at some point. If you have deleted it merely inform myself, thank you.
  • 0

#5
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP