Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WinXP Pro, Dialog Box Errors, Logon.exe and RUNDLL kofipulo.dll


  • This topic is locked This topic is locked
2 replies to this topic

#1 14WFRd

14WFRd

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 01 December 2009 - 07:05 PM

Hello,
I receive two Dialog Box Errors upon booting up my computer.

Error #01: Windows cannot find 'logon.exe'. Make sure you typed the name correctly, and then try again. To Search for a file, click the Start Button, and then click Search.

Error #02: Error Loading d:\windows\system32\kofipulo.dll The specified module cannot be found.

[EDIT-12-02-09: The specified dll has now been renamed, yakiyetu.dll]
[EDIT-12-02-09: dll name change again, "guyuzera" & " WIJUTOPA". Norton has named the virus, "Trojan.Vundo!gen1". I cannot use Outlook Express. I cannot use Internet Explorer. I cannot boot in Safe Mode. I am currently posting this message with a broken, spare laptop....... I need help.]

My operating system is Window XP Professional - Service Pack 3

Norton Systemworks 2005 with all updates current.

Ad-aware, (free version), with updates complete.

Windows Firewall is Enabled. [12-01-09: Under "Exceptions" tab, I have unchecked logonui. I did that as a guess.........]

Security settings are default "Medium-High".

Microsoft Internet Explorer 8.

Outlook Express 6.

DSL Internet connection.


I can be at my computer from 4:00pm EST - 10:00pm EST. The machine is turned off otherwise until this issue is rectified.

I have read and executed the tutorial for making this post. I tried to run RootRepeal twice and my computer froze twice, (Scripting was set to "allowed" in Norton.)

Thank you.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Barry Buchanan at 18:14:22.96 on Tue 12/01/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.2080 [GMT -5:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

============== Running Processes ===============

D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\WINDOWS\Explorer.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
D:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
D:\WINDOWS\system32\IoctlSvc.exe
D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
D:\WINDOWS\System32\svchost.exe -k imgsvc
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
D:\Program Files\QuickTime\QTTask.exe
D:\Program Files\ClocX\ClocX.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\Windows Desktop Search\WindowsSearch.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Windows Live\Toolbar\wltuser.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Internet Explorer\iexplore.exe
L:\WIN XP SETUP 11-14-2009\System Backup Software\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msnbc.com/
mWinlogon: Shell=Explorer.exe logon.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - d:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - d:\program files\norton systemworks\norton antivirus\NavShExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - d:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - d:\program files\norton systemworks\norton antivirus\NavShExt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - d:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Norton SystemWorks] "d:\program files\norton systemworks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "d:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [ccApp] "d:\program files\common files\symantec shared\ccApp.exe"
mRun: [Symantec NetDriver Monitor] d:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
mRun: [Acrobat Assistant 7.0] "d:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [NeroFilterCheck] d:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ClocX] d:\program files\clocx\ClocX.exe
mRun: [nwiz] d:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE d:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [mozohomuh] Rundll32.exe "d:\windows\system32\kofipulo.dll",a
dRun: [CTFMON.EXE] d:\windows\system32\CTFMON.EXE
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - d:\windows\installer\{ac76ba86-1033-f400-7760-000000000002}\SC_Acrobat.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - d:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - d:\program files\microsoft office\office10\OSA.EXE
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - d:\program files\windows desktop search\WindowsSearch.exe
IE: Convert link target to Adobe PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - d:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - d:\program files\windows live\writer\WriterBrowserExtension.dll
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://d:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://d:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258181285234
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
AppInit_DLLs: gokegaze.dll d:\windows\system32\dijovesa.dll d:\windows\system32\kofipulo.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SSODL: jelewapay - {52d33681-dc38-45f8-a79a-ef54caaf6465} - No File
SSODL: gikenigom - {48a0c97a-4616-479e-b338-8678a6d64734} - d:\windows\system32\kofipulo.dll
STS: {52d33681-dc38-45f8-a79a-ef54caaf6465} - No File
STS: gahurihor: {48a0c97a-4616-479e-b338-8678a6d64734} - d:\windows\system32\kofipulo.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - d:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli mazuhojo.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [2009-11-19 64288]
R1 SAVRTPEL;SAVRTPEL;d:\program files\norton systemworks\norton antivirus\SAVRTPEL.SYS [2004-7-23 50312]
R2 ccEvtMgr;Symantec Event Manager;d:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-8-27 197992]
R2 ccSetMgr;Symantec Settings Manager;d:\program files\common files\symantec shared\CCSETMGR.EXE [2004-8-27 181608]
R2 fssfltr;FssFltr;d:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-14 54752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;d:\program files\norton systemworks\norton antivirus\NAVAPSVC.EXE [2004-8-30 177264]
R2 NProtectService;Norton Unerase Protection;d:\progra~1\norton~1\norton~1\NPROTECT.EXE [2004-8-30 95328]
R2 Symantec Core LC;Symantec Core LC;d:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2009-11-14 819352]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;d:\windows\system32\drivers\HCW85BDA.sys [2007-6-11 968064]
R3 NAVENG;NAVENG;d:\progra~1\common~1\symant~1\virusd~1\20091125.004\NAVENG.Sys [2009-11-26 84912]
R3 NAVEX15;NAVEX15;d:\progra~1\common~1\symant~1\virusd~1\20091125.004\NavEx15.Sys [2009-11-26 1323568]
R3 SAVRT;SAVRT;d:\program files\norton systemworks\norton antivirus\SAVRT.SYS [2004-7-23 338056]
R3 scsiscan;SCSI Scanner Driver;d:\windows\system32\drivers\scsiscan.sys [2009-11-15 11520]
S2 gupdate;Google Update Service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2009-11-27 135664]
S2 SBService;ScriptBlocking Service;d:\progra~1\common~1\symant~1\script~1\SBServ.exe [2004-8-30 67184]
S3 ccPwdSvc;Symantec Password Validation;d:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-8-27 79208]
S3 fsssvc;Windows Live Family Safety Service;d:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 SAVScan;SAVScan;d:\program files\norton systemworks\norton antivirus\SAVSCAN.EXE [2004-7-23 198368]
S4 Vgapicescme;Vgapicescme; [x]

=============== Created Last 30 ================

2009-11-23 02:13:06 1601 ----a-w- d:\windows\BorisRED3.0.ini
2009-11-20 12:15:19 0 d-----w- d:\program files\ClocX
2009-11-20 07:04:57 15880 ----a-w- d:\windows\system32\lsdelete.exe
2009-11-19 22:30:43 64288 ----a-w- d:\windows\system32\drivers\Lbd.sys
2009-11-19 22:30:36 93360 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
2009-11-19 22:25:52 0 dc-h--w- d:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-19 00:51:51 8743 ----a-w- d:\windows\system32\nvinfo.pb
2009-11-19 00:51:51 69632 ----a-w- d:\windows\system32\OpenCL.dll
2009-11-19 00:51:51 2259560 ----a-w- d:\windows\system32\nvcuvid.dll
2009-11-19 00:51:51 1989224 ----a-w- d:\windows\system32\nvcuvenc.dll
2009-11-19 00:51:49 2293286 ----a-w- d:\windows\system32\nvdata.bin
2009-11-19 00:51:49 11374592 ----a-w- d:\windows\system32\nvcompiler.dll
2009-11-19 00:51:47 0 d-----w- D:\NVIDIA
2009-11-18 23:59:22 25699 ----a-w- d:\windows\system32\nvdisp.nvu
2009-11-18 23:59:22 0 d-----w- d:\windows\nview
2009-11-18 23:47:55 22 ----a-w- d:\windows\FileName
2009-11-18 23:45:23 446464 ----a-w- d:\windows\system32\CapabilityTable.exe
2009-11-18 23:45:17 208896 ------w- d:\windows\system32\nvuide.exe
2009-11-18 23:45:17 1570 ------w- d:\windows\system32\nvide.nvu
2009-11-18 23:45:08 3903 ----a-w- d:\windows\system32\nvnrm.nvu
2009-11-18 23:45:08 208896 ----a-w- d:\windows\system32\nvunrm.exe
2009-11-18 23:45:08 110592 ----a-w- d:\windows\system32\drivers\nvtcp.sys
2009-11-18 01:29:33 0 d-----w- d:\program files\Lavasoft
2009-11-17 01:42:57 0 d-----w- d:\program files\NVIDIA Corporation
2009-11-17 01:42:54 0 d-----w- d:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2009-11-16 09:36:56 0 d-----w- d:\program files\MSXML 4.0
2009-11-16 09:35:07 0 d-----w- d:\program files\Pro Imaging Powertoys
2009-11-15 23:55:22 0 d-----w- d:\program files\DVDMenu
2009-11-15 23:53:16 0 d-----w- d:\program files\DVDlab
2009-11-15 23:43:43 0 d-----w- d:\program files\PhotoBrush
2009-11-15 23:32:24 0 d-----w- d:\program files\ItsDeductible2006
2009-11-15 23:32:13 0 d-----w- d:\program files\common files\AnswerWorks 4.0
2009-11-15 23:28:14 0 d-----w- d:\program files\TurboTax
2009-11-15 23:28:06 4651 ----a-w- d:\windows\Instlog.lyt
2009-11-15 23:22:07 0 d-----w- d:\program files\Quicken WillMaker Plus 2008
2009-11-15 23:08:54 0 d-----w- d:\program files\common files\AnswerWorks 5.0
2009-11-15 23:08:46 3518464 ----a-w- d:\windows\system32\cdintf300.dll
2009-11-15 23:08:46 1843200 ----a-w- d:\windows\system32\acXMLParser.dll
2009-11-15 23:08:33 0 d-----w- d:\docume~1\barryb~1\applic~1\Intuit
2009-11-15 23:08:27 0 d-----w- d:\program files\common files\Palo Alto Software
2009-11-15 23:08:19 0 d-----w- d:\program files\common files\Intuit
2009-11-15 23:08:12 0 d-----w- d:\program files\Quicken
2009-11-15 23:08:07 165 ----a-w- d:\windows\QUICKEN.INI
2009-11-15 23:07:51 0 d-----w- d:\docume~1\alluse~1\applic~1\Intuit
2009-11-15 22:46:49 0 d-----w- d:\docume~1\barryb~1\applic~1\DeLorme
2009-11-15 22:43:33 0 d-s---w- d:\windows\Cookies
2009-11-15 22:43:33 0 d-s---w- d:\documents and settings\barry buchanan\Temporary Internet Files
2009-11-15 22:43:19 0 d-----w- d:\program files\Earthmate.com
2009-11-15 22:40:58 0 d-----w- d:\program files\common files\DeLorme
2009-11-15 22:40:38 262328 ------w- d:\windows\system32\MSDatGrd.ocx
2009-11-15 22:40:38 118976 ------w- d:\windows\system32\msadodc.ocx
2009-11-15 22:40:38 103744 ------w- d:\windows\system32\MSCOMM32.OCX
2009-11-15 22:40:37 54784 ----a-w- d:\windows\system32\INETWH32.DLL
2009-11-15 22:29:32 0 d-----w- d:\program files\DeLorme
2009-11-15 22:29:32 0 d-----w- d:\docume~1\alluse~1\applic~1\DeLorme
2009-11-15 22:29:32 0 d-----w- D:\DeLorme Docs
2009-11-15 21:56:40 0 d-----w- d:\docume~1\alluse~1\applic~1\SmartSound Software Inc
2009-11-15 21:56:32 0 d-----w- d:\program files\SmartSound Software
2009-11-15 21:45:55 0 d-----w- d:\program files\Intelligent Assistant
2009-11-15 21:43:17 69632 ------w- d:\windows\system32\MtxPreview.dll
2009-11-15 21:43:17 49152 ------w- d:\windows\system32\MtxParhBFXPreview.dll
2009-11-15 21:43:17 49152 ------w- d:\windows\system32\CvoAPI.dll
2009-11-15 21:43:17 45056 ----a-w- d:\windows\system32\BFXSrcFilter.ax
2009-11-15 21:43:17 0 d-----w- d:\program files\Boris FX, Inc
2009-11-15 21:08:00 16384 ----a-w- d:\windows\system32\drivers\aksusb.sys
2009-11-15 21:07:59 2577 ----a-w- d:\windows\system32\config.hsp
2009-11-15 20:25:21 0 d-----w- d:\docume~1\barryb~1\applic~1\Canopus
2009-11-15 20:16:55 90112 ----a-w- d:\windows\unvise32.exe
2009-11-15 20:16:16 0 d-----w- d:\program files\DivX
2009-11-15 20:13:16 0 d-----w- d:\program files\common files\Canopus Shared
2009-11-15 19:42:21 33 ----a-w- d:\windows\system32\cnpsedufet20.EXT
2009-11-15 19:36:10 1890 --sha-w- d:\windows\system32\KGyGaAvL.sys
2009-11-15 19:33:31 0 d-----w- d:\program files\directx
2009-11-15 19:32:24 212992 ----a-w- d:\windows\system32\foxnsox.dll
2009-11-15 19:32:24 139264 ----a-w- d:\windows\system32\intsrc.dll
2009-11-15 19:31:43 344 ----a-w- d:\windows\CANOPUS.INI
2009-11-15 19:31:39 49152 ----a-w- d:\windows\system32\cvpcdvc.dll
2009-11-15 19:31:39 4096 ----a-r- d:\windows\system32\paveno.dll
2009-11-15 19:31:39 385108 ----a-w- d:\windows\system32\csedv.dll
2009-11-15 19:31:39 331776 ----a-r- d:\windows\system32\pavapi.dll
2009-11-15 19:31:39 159832 ----a-w- d:\windows\system32\csccdvc.dll
2009-11-15 19:31:39 147456 ----a-w- d:\windows\system32\csccdvcx.dll
2009-11-15 19:31:27 0 d-----w- d:\program files\Canopus
2009-11-15 14:27:52 20016 ------w- d:\windows\system32\drivers\pxhelp20.sys
2009-11-15 14:01:15 11520 -c--a-w- d:\windows\system32\dllcache\scsiscan.sys
2009-11-15 14:01:15 11520 ----a-w- d:\windows\system32\drivers\scsiscan.sys
2009-11-15 14:00:54 43904 -c--a-w- d:\windows\system32\dllcache\sbp2port.sys
2009-11-15 14:00:54 43904 ----a-w- d:\windows\system32\drivers\sbp2port.sys
2009-11-15 14:00:23 29 ----a-w- d:\windows\DEBUGSM.INI
2009-11-15 14:00:15 0 d-----w- d:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-15 13:56:09 5600 ----a-w- d:\windows\system\winaspi.dll
2009-11-15 13:56:09 4672 ----a-w- d:\windows\system\wowpost.exe
2009-11-15 13:56:09 45056 ----a-w- d:\windows\system32\wnaspi32.dll
2009-11-15 13:56:09 25244 ----a-w- d:\windows\system32\drivers\aspi32.sys
2009-11-15 13:56:08 25600 ----a-w- d:\windows\system32\Cbndll.dll
2009-11-15 13:56:07 0 d-----w- d:\windows\Twain
2009-11-15 13:52:37 96768 ----a-w- d:\windows\SlantAdj.dll
2009-11-15 13:52:37 73216 ----a-w- d:\windows\ADE.DLL
2009-11-15 13:52:37 72 ----a-w- d:\windows\system32\epDPE.ini
2009-11-15 13:52:37 422 ----a-w- d:\windows\Faxcpp.ini
2009-11-15 13:52:37 3136 ----a-w- d:\windows\Ade001.bin
2009-11-15 13:52:37 1571 ----a-w- d:\windows\Faxcpp1.ini
2009-11-15 13:52:33 0 d-----w- d:\program files\EPSON
2009-11-15 13:51:55 86016 ------w- d:\windows\system32\Epfb5cpl.dll
2009-11-15 13:51:55 57344 ------w- d:\windows\system32\essiscsi.dll
2009-11-15 13:51:55 53760 ------w- d:\windows\system32\essisc1.dll
2009-11-15 13:51:53 65536 ------w- d:\windows\system32\epcomdd.dll
2009-11-15 13:51:53 53248 ------w- d:\windows\system32\ESICM.dll
2009-11-15 13:51:52 77824 ------w- d:\windows\system32\Esintpl.dll
2009-11-15 13:51:52 172032 ----a-w- d:\windows\system32\ESDTR.dll
2009-11-15 13:50:04 185 ----a-w- d:\windows\EPSON 2450 Installer.ini
2009-11-15 13:42:17 0 d-----w- d:\docume~1\alluse~1\applic~1\Nero
2009-11-15 13:04:07 69 ----a-w- d:\windows\NeroDigital.ini
2009-11-15 12:44:06 0 d-----w- d:\program files\Nero
2009-11-15 12:31:23 0 d-----w- d:\program files\common files\Adobe Systems Shared
2009-11-15 12:24:31 376 ----a-w- d:\windows\ODBC.INI
2009-11-15 12:24:02 0 d-----w- d:\program files\Microsoft ActiveSync
2009-11-15 12:23:03 0 d-----w- d:\windows\ShellNew
2009-11-15 12:23:01 0 d-----w- d:\program files\common files\L&H
2009-11-15 02:51:24 274288 ----a-w- d:\windows\system32\mucltui.dll
2009-11-15 02:51:24 215920 ----a-w- d:\windows\system32\muweb.dll
2009-11-15 02:51:24 16736 ----a-w- d:\windows\system32\mucltui.dll.mui
2009-11-14 23:50:52 0 d-----w- d:\windows\Downloaded Installations
2009-11-14 21:51:27 0 d-----w- d:\docume~1\barryb~1\applic~1\DisplayTune
2009-11-14 21:48:39 17136 ----a-w- d:\windows\system32\drivers\PdiPorts.sys
2009-11-14 21:48:33 487424 ------w- d:\windows\msvcp70.dll
2009-11-14 21:48:33 344064 ------w- d:\windows\msvcr70.dll
2009-11-14 21:48:33 1392671 ----a-w- d:\windows\msvbvm60.dll
2009-11-14 21:48:32 0 d-----w- d:\program files\common files\Portrait Displays
2009-11-14 15:34:14 0 d-----w- d:\windows\system32\Adobe
2009-11-14 14:59:22 73728 ----a-w- d:\windows\system32\javacpl.cpl
2009-11-14 14:59:22 411368 ----a-w- d:\windows\system32\deploytk.dll
2009-11-14 13:50:30 0 d-----w- d:\docume~1\barryb~1\applic~1\Windows Search
2009-11-14 13:42:01 0 d--h--w- d:\windows\msdownld.tmp
2009-11-14 13:41:50 0 d-----w- d:\windows\Logs
2009-11-14 13:41:28 0 d-----w- d:\documents and settings\barry buchanan\Tracing
2009-11-14 13:40:53 54752 ----a-w- d:\windows\system32\drivers\fssfltr_tdi.sys
2009-11-14 13:40:08 3426072 ----a-w- d:\windows\system32\d3dx9_32.dll
2009-11-14 13:40:04 0 d-----w- d:\program files\Microsoft SQL Server Compact Edition
2009-11-14 13:39:16 0 d-----w- d:\program files\Microsoft
2009-11-14 13:39:03 0 d-----w- d:\program files\Windows Live SkyDrive
2009-11-14 13:31:48 0 d-----w- d:\program files\common files\Windows Live
2009-11-14 13:08:57 1089593 -c----w- d:\windows\system32\dllcache\ntprint.cat
2009-11-14 13:01:03 0 d-----w- d:\windows\system32\XPSViewer
2009-11-14 13:00:45 89088 -c----w- d:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-14 13:00:45 597504 -c----w- d:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-14 13:00:45 575488 -c----w- d:\windows\system32\dllcache\xpsshhdr.dll
2009-11-14 13:00:45 575488 ------w- d:\windows\system32\xpsshhdr.dll
2009-11-14 13:00:45 1676288 -c----w- d:\windows\system32\dllcache\xpssvcs.dll
2009-11-14 13:00:45 1676288 ------w- d:\windows\system32\xpssvcs.dll
2009-11-14 13:00:45 117760 ------w- d:\windows\system32\prntvpt.dll
2009-11-14 13:00:45 0 d-----w- D:\73e6b157e19f967bda80d4e3
2009-11-14 12:59:29 0 d-----w- d:\docume~1\barryb~1\applic~1\Windows Desktop Search
2009-11-14 12:59:14 0 d-----w- d:\windows\system32\GroupPolicy
2009-11-14 12:59:14 0 d-----w- d:\program files\Windows Desktop Search
2009-11-14 12:59:03 98304 -c----w- d:\windows\system32\dllcache\nlhtml.dll
2009-11-14 12:59:03 29696 -c----w- d:\windows\system32\dllcache\mimefilt.dll
2009-11-14 12:59:03 192000 -c----w- d:\windows\system32\dllcache\offfilt.dll
2009-11-14 12:58:50 0 d-----w- d:\program files\Windows Media Connect 2
2009-11-14 12:58:06 0 d-----w- d:\windows\system32\LogFiles
2009-11-14 12:57:20 0 d-----w- d:\windows\system32\URTTemp
2009-11-14 12:27:23 0 d-sh--w- d:\documents and settings\barry buchanan\IECompatCache
2009-11-14 12:24:49 0 d-sh--w- d:\documents and settings\barry buchanan\PrivacIE
2009-11-14 12:22:04 267864 ----a-r- d:\windows\system32\hpzids01.dll
2009-11-14 12:22:01 117760 ----a-w- d:\windows\system32\hpzll5ha.dll
2009-11-14 12:19:18 306688 ----a-w- d:\windows\IsUninst.exe
2009-11-14 12:15:22 0 d-----w- d:\program files\CONEXANT
2009-11-14 12:11:35 10368 -c--a-w- d:\windows\system32\dllcache\hidusb.sys
2009-11-14 12:11:35 10368 ----a-w- d:\windows\system32\drivers\hidusb.sys
2009-11-14 12:11:00 32128 -c--a-w- d:\windows\system32\dllcache\usbccgp.sys
2009-11-14 12:11:00 32128 ----a-w- d:\windows\system32\drivers\usbccgp.sys
2009-11-14 12:10:30 0 d-----w- d:\windows\system32\Lang
2009-11-14 12:10:10 0 d-sh--w- d:\documents and settings\barry buchanan\IETldCache
2009-11-14 12:07:58 0 dc-h--w- d:\windows\ie8
2009-11-14 12:01:59 56576 -c--a-w- d:\windows\system32\dllcache\swmidi.sys
2009-11-14 11:52:53 0 d-----w- d:\windows\system32\scripting
2009-11-14 11:52:52 0 d-----w- d:\windows\system32\en
2009-11-14 11:52:52 0 d-----w- d:\windows\l2schemas
2009-11-14 11:50:58 0 d-----w- d:\windows\network diagnostic
2009-11-14 08:14:07 272128 -c----w- d:\windows\system32\dllcache\bthport.sys
2009-11-14 08:09:58 974 ------w- d:\windows\system32\pid.inf
2009-11-14 08:07:29 128512 -c----w- d:\windows\system32\dllcache\dhtmled.ocx
2009-11-14 08:03:16 203136 -c----w- d:\windows\system32\dllcache\rmcast.sys
2009-11-14 08:02:59 455296 -c----w- d:\windows\system32\dllcache\mrxsmb.sys
2009-11-14 08:02:30 333952 -c----w- d:\windows\system32\dllcache\srv.sys
2009-11-14 08:02:18 331776 -c----w- d:\windows\system32\dllcache\msadce.dll
2009-11-14 08:02:03 1315328 -c----w- d:\windows\system32\dllcache\msoe.dll
2009-11-14 08:01:27 691712 -c----w- d:\windows\system32\dllcache\inetcomm.dll
2009-11-14 08:01:02 2145280 -c----w- d:\windows\system32\dllcache\ntkrnlmp.exe
2009-11-14 08:01:01 2066048 -c----w- d:\windows\system32\dllcache\ntkrnlpa.exe
2009-11-14 08:01:01 2023936 -c----w- d:\windows\system32\dllcache\ntkrpamp.exe
2009-11-14 07:55:50 337408 -c----w- d:\windows\system32\dllcache\netapi32.dll
2009-11-14 07:55:46 1172480 -c----w- d:\windows\system32\dllcache\msxml3.dll
2009-11-14 07:55:35 2560 ------w- d:\windows\system32\xpsp4res.dll
2009-11-14 07:55:35 1203922 -c----w- d:\windows\system32\dllcache\sysmain.sdb
2009-11-14 07:55:34 215552 -c----w- d:\windows\system32\dllcache\wordpad.exe
2009-11-14 07:31:21 0 d-----w- d:\program files\SymNetDrv
2009-11-14 07:22:01 4608 ----a-w- d:\windows\system32\drivers\symlcbrd.sys
2009-11-14 07:21:52 0 d-----w- d:\program files\Norton SystemWorks
2009-11-14 07:21:47 91904 ----a-w- d:\windows\system32\S32EVNT1.DLL
2009-11-14 07:21:47 124016 ----a-w- d:\windows\system32\drivers\SYMEVENT.SYS
2009-11-14 07:21:21 0 d-----w- d:\docume~1\barryb~1\applic~1\Symantec
2009-11-14 07:21:13 0 d-----w- d:\program files\Symantec
2009-11-14 07:21:06 0 d-----w- d:\docume~1\alluse~1\applic~1\Symantec
2009-11-14 07:20:58 0 d-----w- d:\program files\common files\Symantec Shared
2009-11-14 07:15:56 664 ----a-w- d:\windows\system32\d3d9caps.dat
2009-11-14 07:15:41 0 d-----w- d:\windows\system32\wbem\AutoRecover
2009-11-14 07:12:41 316640 ----a-w- d:\windows\WMSysPr9.prx
2009-11-14 07:12:23 0 d-----w- d:\windows\provisioning
2009-11-14 07:12:23 0 d-----w- d:\windows\peernet
2009-11-14 07:11:47 0 d-----w- d:\windows\ServicePackFiles
2009-11-14 07:10:25 0 d-----w- d:\windows\EHome
2009-11-14 07:05:02 7208 ------w- d:\windows\system32\secupd.sig
2009-11-14 07:05:02 67866 ------w- d:\windows\system32\drivers\netwlan5.img
2009-11-14 07:05:02 4569 ------w- d:\windows\system32\secupd.dat
2009-11-14 07:05:02 11264 ------w- d:\windows\system32\spnpinst.exe
2009-11-14 06:27:45 0 d-sh--w- d:\documents and settings\all users\DRM
2009-11-14 06:26:28 0 d-----w- d:\program files\common files\MSSoap
2009-11-14 06:25:50 0 d--h--w- d:\program files\WindowsUpdate
2009-11-14 06:25:50 0 d-----w- d:\program files\Online Services
2009-11-14 06:25:47 0 d-----w- d:\program files\Messenger
2009-11-14 06:25:41 0 d-----w- d:\program files\MSN Gaming Zone
2009-11-14 06:24:56 0 d-----w- d:\program files\Windows NT
2009-11-14 01:19:03 0 d-----w- d:\program files\common files\ODBC
2009-11-14 01:19:00 0 d-----w- d:\program files\common files\SpeechEngines
2009-11-14 01:18:39 0 d-----r- d:\documents and settings\all users\Documents

==================== Find3M ====================

2009-11-14 06:25:53 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2009-11-14 05:15:57 6281600 ----a-w- d:\windows\system32\nv4_disp.dll
2009-11-14 05:15:57 592488 ----a-w- d:\windows\system32\nvudisp.exe
2009-11-14 05:15:57 4038656 ----a-w- d:\windows\system32\nvcuda.dll
2009-11-14 05:15:57 182888 ----a-w- d:\windows\system32\nvcodins.dll
2009-11-14 05:15:57 182888 ----a-w- d:\windows\system32\nvcod.dll
2009-11-14 05:15:57 13602816 ----a-w- d:\windows\system32\nvoglnt.dll
2009-11-14 05:15:57 1056768 ----a-w- d:\windows\system32\nvapi.dll
2009-11-14 05:15:57 10236192 ----a-w- d:\windows\system32\drivers\nv4_mini.sys
2009-11-14 04:47:34 278120 ----a-w- d:\windows\system32\nvmccs.dll
2009-11-14 04:47:32 145000 ----a-w- d:\windows\system32\nvcolor.exe
2009-11-14 04:47:30 154216 ----a-w- d:\windows\system32\nvsvc32.exe
2009-11-14 04:47:30 12669544 ----a-w- d:\windows\system32\nvcpl.dll
2009-11-14 04:47:30 110184 ----a-w- d:\windows\system32\nvmctray.dll
2009-11-14 04:47:20 81920 ----a-w- d:\windows\system32\nvwddi.dll
2009-11-13 23:14:54 592488 ----a-w- d:\windows\system32\NVUNINST.EXE
2009-10-08 19:57:02 611328 ----a-w- d:\windows\system32\uiautomationcore.dll
2009-10-08 19:57:00 220160 ----a-w- d:\windows\system32\oleacc.dll
2009-10-08 19:56:56 20480 ----a-w- d:\windows\system32\oleaccrc.dll
2009-09-25 05:37:09 81920 ------w- d:\windows\system32\ieencode.dll
2009-09-11 14:18:39 136192 ----a-w- d:\windows\system32\msv1_0.dll
2009-09-04 22:44:40 69464 ----a-w- d:\windows\system32\XAPOFX1_3.dll
2009-09-04 22:44:40 515416 ----a-w- d:\windows\system32\XAudio2_5.dll
2009-09-04 22:44:40 238936 ----a-w- d:\windows\system32\xactengine3_5.dll
2009-09-04 22:29:34 453456 ----a-w- d:\windows\system32\d3dx10_42.dll
2009-09-04 22:29:34 235344 ----a-w- d:\windows\system32\d3dx11_42.dll
2009-09-04 22:29:32 5501792 ----a-w- d:\windows\system32\d3dcsx_42.dll
2009-09-04 22:29:32 1974616 ----a-w- d:\windows\system32\D3DCompiler_42.dll
2009-09-04 22:29:30 1892184 ----a-w- d:\windows\system32\D3DX9_42.dll
2009-09-04 21:03:36 58880 ----a-w- d:\windows\system32\msasn1.dll
2005-02-11 17:21:26 159744 ----a-w- d:\program files\FX-BorisRED3.prm
2005-02-11 17:20:42 147456 ----a-w- d:\program files\FL-BorisRED3.prm
2009-09-01 01:48:19 39424 --sha-w- d:\windows\system32\fefemisi.dll
2009-09-01 01:43:17 52736 --sha-w- d:\windows\system32\gokegaze.dll
2009-09-01 01:43:17 52736 --sha-w- d:\windows\system32\mazuhojo.dll
2009-09-01 13:48:40 39424 --sha-w- d:\windows\system32\wizuyebi.dll
2009-09-01 01:43:17 52736 --sha-w- d:\windows\system32\yilinetu.dll
2009-09-01 13:48:41 61952 --sha-w- d:\windows\system32\zewewegi.dll

============= FINISH: 18:14:56.82 ===============

Attached Files


Edited by 14WFRd, 02 December 2009 - 05:56 PM.


BC AdBot (Login to Remove)

 


#2 14WFRd

14WFRd
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 05 December 2009 - 01:50 AM

Please disregard and remove the original post. I was able to solve the issues and remove the virus.

Thank you.

#3 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:11:57 AM

Posted 05 December 2009 - 10:46 AM

Topic closed per OP's request - MG
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users