Virus is causing a SHDOCWV error?

Solved
By djackson84
Jul 4, 2010
Topic Status:
Not open for further replies.
  1. Hi,


    I recently got a virus on my computer and after two system restores that both said they were unable to restore to the selected date, I now can get windows to load, but once I click on my user name I get an error saying that the computer can't find the shdocwv.vll, and that reinstalling it could fix the problem. My background image shows up but nothing else loads. I'm on a borrowed computer now, so any help would be nice.

    Also, if anyone knows how to remove the virus that caused this ( it was opening popups, and linking me to cites other that what I clicked on) without doing a restore cause that's not working, it would be appreciated.
  2. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Let's see, if we can look at your computer booting from an external source.

    Using good computer, please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your bad computer using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps here
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
  3. djackson84

    djackson84 Newcomer, in training Topic Starter Posts: 87

    I'm sorry, but that doesn't really seem to address my issue at all. I just need to know how to reinstall the shdocvw.dll onto windows xp. I believe a virus removed it.
  4. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    You can do it, using CD, I just asked you to create, or you can recovery console, if on Windows XP.
    I don't even know, what Windows version you're using.
  5. djackson84

    djackson84 Newcomer, in training Topic Starter Posts: 87

    I don't have any recovery CD. I can get online through the task manager so if there's somewhere I can download a new dll, that would work, but no where I look online has been the least bit helpful even though I hear this is a common problem. I've been trying to fix it all weekend, so I'm just looking for the quickest way. If there is a way to reach System Recovery from task manager, that might also help, but I don't think it'll work without the dll functioning. It also seems to be disabling the sound on my computer now as well. And yes, I am on Windows XP.
  6. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    I did show you the way to do it.
    Create the CD, I asked you to make and I'll help you out.
    I can also provide missing file, IF that's the real reason for your computer not being able to boot.
    When you provide a log, I asked for in my previous instructions, we'll see better what's going on.
  7. djackson84

    djackson84 Newcomer, in training Topic Starter Posts: 87

    what kind of CD do I need to purchase? I've never done anything like this.
  8. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Any CD+R, or CD-R will do.
  9. djackson84

    djackson84 Newcomer, in training Topic Starter Posts: 87

    Okay, I'm going to get a CD. I don't have the laptop I was using right now. I'm assuming it's important that I don't use my computer to do this, yes? If so, this is gonna take longer cause I'll have to get it back.

    Also, the sound on my Media Player and Itunes isn't working. Could this be related?
  10. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    You can create that CD on any computer.
  11. djackson84

    djackson84 Newcomer, in training Topic Starter Posts: 87

    Here's the txt file:


    OTL logfile created on: 7/6/2010 11:56:06 PM - Run
    OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 189.71 Gb Free Space | 81.46% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO
    Current User Name: SYSTEM
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: All users
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard
    Using ControlSet: ControlSet003

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - [2010/06/30 19:21:35 | 002,561,624 | ---- | M] () [Auto] -- c:\Program Files\Common Files\Akamai\rswin_3725.dll -- (Akamai)
    SRV - [2010/06/30 19:19:34 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2010/06/30 19:19:32 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
    SRV - [2010/05/30 18:31:03 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/03/29 11:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2010/03/12 14:30:28 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2010/03/12 14:30:01 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
    SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
    SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2009/09/26 10:35:02 | 000,819,600 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
    SRV - [2009/09/26 07:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
    SRV - [2009/09/23 18:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2009/09/23 18:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2009/03/12 20:36:24 | 000,086,016 | ---- | M] () [Auto] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
    SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
    SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
    SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)


    ========== Driver Services (SafeList) ==========
     
  12. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    I need a whole piece...
  13. djackson84

    djackson84 Newcomer, in training Topic Starter Posts: 87

    what do you mean? That was all of it. I'll scan again and make sure though.
  14. djackson84

    djackson84 Newcomer, in training Topic Starter Posts: 87

    Part 1:



    OTL logfile created on: 7/8/2010 12:49:27 AM - Run
    OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 93.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 189.71 Gb Free Space | 81.46% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO
    Current User Name: SYSTEM
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: All users
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard
    Using ControlSet: ControlSet003

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - [2010/06/30 19:21:35 | 002,561,624 | ---- | M] () [Auto] -- c:\Program Files\Common Files\Akamai\rswin_3725.dll -- (Akamai)
    SRV - [2010/06/30 19:19:34 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2010/06/30 19:19:32 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
    SRV - [2010/05/30 18:31:03 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/03/29 11:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2010/03/12 14:30:28 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2010/03/12 14:30:01 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
    SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
    SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2009/09/26 10:35:02 | 000,819,600 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
    SRV - [2009/09/26 07:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
    SRV - [2009/09/23 18:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2009/09/23 18:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2009/03/12 20:36:24 | 000,086,016 | ---- | M] () [Auto] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
    SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
    SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
    SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System] -- -- (i2omgmt)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - [2010/07/05 14:47:11 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2010/07/05 04:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100706.021\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/07/05 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2010/07/05 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/07/05 04:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100706.021\NAVENG.SYS -- (NAVENG)
    DRV - [2010/06/30 19:19:36 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
    DRV - [2010/06/30 19:19:36 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
    DRV - [2010/06/19 03:46:00 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100619.001\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2010/05/28 15:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20100706.003\IDSXpx86.sys -- (IDSxpx86)
    DRV - [2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS -- (SYMTDI)
    DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS -- (SymIRON)
    DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\symefa.sys -- (SymEFA)
    DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS -- (SRTSP)
    DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2010/03/12 14:30:29 | 000,122,376 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
    DRV - [2010/03/12 14:30:29 | 000,030,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
    DRV - [2010/03/12 14:30:29 | 000,026,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
    DRV - [2010/03/12 14:30:29 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
    DRV - [2010/03/12 14:30:00 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
    DRV - [2010/03/12 14:29:59 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (AvgRkx86)
    DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys -- (ccHP)
    DRV - [2010/02/03 21:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\symds.sys -- (SymDS)
    DRV - [2010/01/01 01:47:48 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
    DRV - [2010/01/01 01:47:48 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
    DRV - [2009/10/22 02:28:42 | 005,934,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2009/09/23 18:05:06 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)
    DRV - [2009/09/23 18:04:56 | 000,014,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftVolXP.sys -- (sftvol)
    DRV - [2009/09/23 18:04:54 | 000,190,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplayxp.sys -- (sftplay)
    DRV - [2009/09/23 18:04:52 | 000,543,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftFSXP.sys -- (sftfs)
    DRV - [2009/07/28 20:55:00 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2008/08/06 00:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
    DRV - [2008/04/13 14:40:27 | 000,057,600 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
    DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/02/15 17:12:06 | 005,854,752 | R--- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2006/01/04 19:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Administrator_ON_C\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
    IE - HKU\Administrator_ON_C\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
    IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll File not found
    IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    IE - HKU\Mom_2_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll File not found
    IE - HKU\Mom_2_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Mom_ON_C\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
    IE - HKU\Mom_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll File not found
    IE - HKU\Mom_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    ========== FireFox ==========
  15. djackson84

    djackson84 Newcomer, in training Topic Starter Posts: 87

    Part 2:



    FF - prefs.js..browser.search.defaultenginename: "AIM Search"
    FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?src=aim&ncid=snsusaimc00000001"
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
    FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query="


    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/30 19:20:59 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010/07/05 20:47:11 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010/07/05 14:47:54 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/07 00:04:45 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/07 00:04:39 | 000,000,000 | ---D | M]

    [2009/12/31 23:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2010/01/01 16:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z2e9o4p4.default\extensions
    [2010/01/01 07:55:24 | 000,004,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z2e9o4p4.default\searchplugins\aim-search.xml
    [2009/12/31 23:05:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2001/08/23 16:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
    O2 - BHO: (Internet Explorer Plugin) - {DFC1A8D5-F5A4-453D-BB54-0A886678B9B0} - File not found
    O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKU\Administrator_ON_C..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
    O4 - HKU\Mom_ON_C..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
    O4 - HKLM..\RunOnce: [*Restore] C:\WINDOWS\System32\restore\rstrui.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Mom_2_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Mom_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/05/30 18:04:53 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
    O32 - AutoRun File - [2009/12/29 04:31:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/07/05 18:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\Uniblue
    [2010/07/05 18:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
    [2010/07/05 18:21:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Registry Patrol
    [2010/07/05 18:21:03 | 000,086,016 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
    [2010/07/05 18:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Patrol
    [2010/07/05 17:06:33 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdiv.sys
    [2010/07/05 17:06:32 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdi.sys
    [2010/07/05 17:06:31 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.sys
    [2010/07/05 17:06:30 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.sys
    [2010/07/05 17:06:29 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.sys
    [2010/07/05 17:06:27 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.sys
    [2010/07/05 17:06:26 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\ironx86.sys
    [2010/07/05 17:06:24 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.sys
    [2010/07/05 17:04:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0402000.00C
    [2010/07/05 15:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
    [2010/07/05 15:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
    [2010/07/05 14:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\My Documents\Symantec
    [2010/07/05 14:47:12 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
    [2010/07/05 14:47:12 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
    [2010/07/05 14:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2010/07/05 14:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2010/07/05 14:46:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
    [2010/07/05 14:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
    [2010/07/05 14:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
    [2010/07/05 14:46:16 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
  16. djackson84

    djackson84 Newcomer, in training Topic Starter Posts: 87

    Part 3:





    -- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
    [2010/07/04 05:04:37 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
    [2010/07/04 05:04:36 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
    [2010/07/04 05:04:36 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
    [2010/07/04 05:04:36 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
    [2010/07/04 05:04:36 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
    [2010/07/04 05:04:36 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
    [2010/07/04 05:04:35 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
    [2010/07/04 05:04:35 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
    [2010/07/04 05:04:34 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
    [2010/07/04 05:04:34 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
    [2010/07/04 05:04:34 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
    [2010/07/04 05:04:34 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
    [2010/07/04 05:04:33 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
    [2010/07/04 05:04:33 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
    [2010/07/04 05:04:33 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
    [2010/07/04 05:04:33 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
    [2010/07/04 05:04:32 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
    [2010/07/04 05:04:32 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
    [2010/07/04 05:04:32 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
    [2010/07/04 05:04:25 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
    [2010/07/04 05:04:06 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
    [2010/07/04 05:04:06 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
    [2010/07/04 05:04:06 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
    [2010/07/04 05:04:06 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
    [2010/07/04 05:04:05 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
    [2010/07/04 05:04:05 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
    [2010/07/04 05:04:05 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
    [2010/07/04 05:04:04 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
    [2010/07/04 05:04:04 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
    [2010/07/04 05:04:04 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
    [2010/07/04 05:04:04 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
    [2010/07/04 05:04:03 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
    [2010/07/04 05:04:03 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
    [2010/07/04 05:04:03 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
    [2010/07/04 05:04:02 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
    [2010/07/04 05:04:01 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
    [2010/07/04 05:04:01 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
    [2010/07/04 05:04:01 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
    [2010/07/04 05:03:57 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
    [2010/07/04 05:03:56 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
    [2010/07/04 05:03:55 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
    [2010/07/04 05:03:55 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
    [2010/07/04 05:03:55 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
    [2010/07/04 05:03:55 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
    [2010/07/04 05:03:54 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
    [2010/07/04 05:03:54 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
    [2010/07/04 05:03:54 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
    [2010/07/04 05:03:52 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
    [2010/07/04 05:03:52 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
    [2010/07/04 05:03:51 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
    [2010/07/04 05:03:51 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
    [2010/07/04 05:03:50 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
    [2010/07/04 05:03:50 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
    [2010/07/04 05:03:49 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
    [2010/07/04 05:03:48 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
    [2010/07/04 05:03:48 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
    [2010/07/04 05:03:48 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
    [2010/07/04 05:03:47 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
    [2010/07/04 05:03:47 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
    [2010/07/04 05:03:47 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
    [2010/07/04 05:03:47 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
    [2010/07/04 05:03:46 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
    [2010/07/04 05:03:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
    [2010/07/04 05:03:43 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
    [2010/07/04 05:03:41 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
    [2010/07/04 05:03:41 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
    [2010/07/04 05:03:40 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
    [2010/07/04 05:03:40 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
    [2010/07/04 05:03:40 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
    [2010/07/04 05:03:39 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
    [2010/07/04 05:03:39 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
    [2010/07/04 05:03:39 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
    [2010/07/04 05:03:38 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
    [2010/07/04 05:03:38 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
    [2010/07/04 05:03:38 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
    [2010/07/04 05:03:37 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
    [2010/07/04 05:03:37 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
    [2010/07/04 05:03:37 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
    [2010/07/04 05:03:37 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
    [2010/07/04 05:03:36 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
    [2010/07/04 05:03:36 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
    [2010/07/04 05:03:36 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
    [2010/07/04 05:03:36 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
    [2010/07/04 05:03:35 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
    [2010/07/04 05:03:35 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
    [2010/07/04 05:03:35 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
    [2010/07/04 05:03:35 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
    [2010/07/04 05:03:35 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
    [2010/07/04 05:03:22 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
    [2010/07/02 17:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
    [2010/07/02 06:30:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
    [2010/07/02 06:30:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
    [2010/07/02 06:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
    [2010/07/01 04:15:18 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\UserData
    [2010/06/30 19:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
    [2010/06/29 20:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/06/29 20:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/07/07 13:25:48 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
    [2010/07/07 01:43:18 | 000,307,200 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
    [2010/07/07 01:43:18 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
    [2010/07/07 01:43:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/07/07 01:42:55 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Mom\ntuser.dat
    [2010/07/07 01:42:55 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Mom\ntuser.ini
    [2010/07/07 01:20:16 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/07/07 00:23:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mom_2\Local Settings\Application Data\prvlcl.dat
    [2010/07/07 00:23:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\prvlcl.dat
    [2010/07/06 22:49:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/07/06 22:28:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/07/06 21:20:19 | 061,697,329 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2010/07/06 16:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\nyihntpn.job
    [2010/07/05 23:25:14 | 000,786,432 | ---- | M] () -- C:\Documents and Settings\Mom_2\ntuser.dat
    [2010/07/05 23:25:14 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Mom_2\ntuser.ini
    [2010/07/05 18:55:06 | 000,000,212 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job
  17. djackson84

    djackson84 Newcomer, in training Topic Starter Posts: 87

    Part 4:


    [2010/07/05 18:55:01 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
    [2010/07/05 18:20:58 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Registry Patrol.lnk
    [2010/07/05 17:45:47 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
    [2010/07/05 17:45:47 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor.job
    [2010/07/05 17:45:37 | 000,622,004 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
    [2010/07/05 15:10:15 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
    [2010/07/05 15:09:07 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\ParetoLogic PC Health Advisor.lnk
    [2010/07/05 14:47:11 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
    [2010/07/05 14:47:11 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
    [2010/07/05 14:47:11 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
    [2010/07/05 14:47:11 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
    [2010/07/05 14:45:07 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Norton Installation Files.lnk
    [2010/07/04 18:33:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
    [2010/07/01 21:02:03 | 003,720,738 | -H-- | M] () -- C:\Documents and Settings\Mom_2\Local Settings\Application Data\IconCache.db
    [2010/06/30 19:19:36 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2010/06/30 19:19:36 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2010/06/30 19:19:36 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2010/06/30 19:16:08 | 000,599,358 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
    [2010/06/30 19:11:36 | 000,147,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/06/30 14:38:58 | 000,017,226 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\thanks.docx
    [2010/06/28 01:18:19 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\resumeNEW.doc
    [2010/06/27 06:10:58 | 000,072,262 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\26837_1228712248973_1564081511_1871473_8286546_n.jpg
    [2010/06/27 06:04:49 | 000,055,769 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\n1564081511_1070521_9115.jpg
    [2010/06/27 06:03:54 | 000,054,158 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\6569_1151456397625_1564081511_1655047_1538108_n.jpg
    [2010/06/23 06:02:47 | 000,499,568 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/06/23 06:02:47 | 000,091,320 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/06/13 22:03:39 | 000,035,888 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\TicketTrans.htm
    [2010/06/13 22:01:45 | 000,035,888 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\TicketTrans.pdf
    [2010/06/13 07:07:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
    [2010/06/10 05:29:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/07/05 21:08:01 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
    [2010/07/05 18:55:06 | 000,000,212 | ---- | C] () -- C:\WINDOWS\tasks\RegistryBooster.job
    [2010/07/05 18:55:01 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
    [2010/07/05 18:20:58 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Registry Patrol.lnk
    [2010/07/05 17:45:28 | 000,622,004 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
    [2010/07/05 17:06:32 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.cat
    [2010/07/05 17:06:32 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.inf
    [2010/07/05 17:06:31 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.cat
    [2010/07/05 17:06:31 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.inf
    [2010/07/05 17:06:30 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.cat
    [2010/07/05 17:06:30 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.inf
    [2010/07/05 17:06:29 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.cat
    [2010/07/05 17:06:29 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.inf
    [2010/07/05 17:06:29 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.inf
    [2010/07/05 17:06:28 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.cat
    [2010/07/05 17:06:27 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.cat
    [2010/07/05 17:06:27 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.inf
    [2010/07/05 17:06:25 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.cat
    [2010/07/05 17:06:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.inf
    [2010/07/05 17:06:24 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.inf
    [2010/07/05 17:06:23 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.cat
    [2010/07/05 17:04:13 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\isolate.ini
    [2010/07/05 15:10:15 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
    [2010/07/05 15:08:49 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\ParetoLogic PC Health Advisor.lnk
    [2010/07/05 15:08:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor.job
    [2010/07/05 15:08:03 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
    [2010/07/05 14:47:12 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
    [2010/07/05 14:47:12 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
    [2010/07/05 14:45:07 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Norton Installation Files.lnk
    [2010/07/04 05:03:58 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
    [2010/07/04 05:03:58 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
    [2010/07/04 05:03:58 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
    [2010/07/04 05:03:57 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
    [2010/07/04 05:03:57 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
    [2010/07/04 05:03:57 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
    [2010/07/04 05:03:57 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
    [2010/07/04 05:03:57 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
    [2010/07/04 05:03:56 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
    [2010/07/04 05:03:54 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
    [2010/06/29 02:43:39 | 000,017,226 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\thanks.docx
    [2010/06/27 06:10:58 | 000,072,262 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\26837_1228712248973_1564081511_1871473_8286546_n.jpg
    [2010/06/27 06:04:49 | 000,055,769 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\n1564081511_1070521_9115.jpg
    [2010/06/27 06:03:53 | 000,054,158 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\6569_1151456397625_1564081511_1655047_1538108_n.jpg
    [2010/06/13 22:03:38 | 000,035,888 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\TicketTrans.htm
    [2010/06/13 22:01:45 | 000,035,888 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\TicketTrans.pdf
    [2010/05/03 13:57:01 | 004,456,448 | ---- | C] () -- C:\Documents and Settings\Mom\ntuser.dat
    [2010/04/27 00:19:20 | 000,012,746 | -HS- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\6yB3PQs2
    [2010/03/06 04:30:07 | 000,011,988 | -HS- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\pDSP5YYtnffP
    [2010/03/05 19:45:47 | 000,786,432 | ---- | C] () -- C:\Documents and Settings\Mom_2\ntuser.dat
    [2010/03/03 23:56:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mom_2\Local Settings\Application Data\prvlcl.dat
    [2010/01/22 05:57:15 | 000,258,048 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat
    [2010/01/17 16:36:16 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
    [2010/01/17 15:52:53 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2010/01/16 07:01:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\prvlcl.dat
    [2010/01/05 11:33:48 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Mom_2\ntuser.ini
    [2010/01/05 11:33:47 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Mom_2\ntuser.dat.LOG
    [2010/01/05 11:12:01 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Mom\ntuser.dat.LOG
    [2010/01/05 11:12:01 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Mom\ntuser.ini
    [2010/01/02 20:27:36 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2009/12/31 22:50:55 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
    [2009/12/29 17:21:30 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
    [2009/12/29 17:21:30 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
    [2009/12/29 17:21:20 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
    [2009/12/29 17:21:19 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
    [2009/12/29 17:21:18 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
    [2009/12/29 04:41:53 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
    [2009/12/29 04:41:53 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
    [2009/12/29 04:41:52 | 001,310,720 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
    [2009/12/29 04:41:26 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
    [2009/12/29 04:41:25 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
    [2009/12/29 04:41:25 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
    [2009/12/29 04:34:19 | 000,307,200 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
    [2009/12/29 04:34:19 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
    [2009/12/29 04:34:19 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
    [2009/12/28 20:22:56 | 000,057,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\redbook.sys
    [2009/08/31 17:00:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
    [2009/08/31 17:00:21 | 000,185,344 | ---- | C] () -- C:\WINDOWS\System32\MemWarp.dll

    ========== LOP Check ==========

    [2010/07/07 01:42:59 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SoftGrid Client
    [2010/05/26 03:55:48 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\{20140062-0062-0409-0000-0000000FF1CE}
    [2010/01/01 07:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\acccore
    [2010/01/01 19:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nemetschek
    [2010/01/02 21:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\net.nemetschek.vectorworks.2010.help.eng.CC16605A57FA88F0CED2B1A19E704F482AB2B1EB.1
    [2010/04/23 20:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom_2\Application Data\acccore
    [2010/01/15 05:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\acccore
    [2010/05/30 18:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Autodesk
    [2010/04/01 15:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Facebook
    [2010/01/20 03:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Nemetschek
    [2010/01/21 02:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\net.nemetschek.vectorworks.2010.help.eng.CC16605A57FA88F0CED2B1A19E704F482AB2B1EB.1
    [2010/05/26 03:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\NVD
    [2010/06/30 19:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\SoftGrid Client
    [2010/05/26 03:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\TP
    [2010/07/05 18:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Uniblue
    [2010/06/13 07:07:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
    [2010/07/06 16:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\nyihntpn.job
    [2010/07/05 15:10:15 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
    [2010/07/05 17:45:47 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
    [2010/07/05 17:45:47 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor.job
    [2010/07/05 18:55:06 | 000,000,212 | ---- | M] () -- C:\WINDOWS\Tasks\RegistryBooster.job

    ========== Purity Check ==========


    < End of report >
  18. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Good, let me go through it...
  19. djackson84

    djackson84 Newcomer, in training Topic Starter Posts: 87

    ok thanks.
  20. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    You're running two AV programs, so as soon, as we make your computer stable (if successful), you need to remove one of them.
    If AVG goes, use AVG Remover: http://www.avg.com/us-en/download-tools
    If Norton goes, use Norton Removal Tool: http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

    ==================================================================

    While I'm reviewing your OTL log....
    Attached is zipped shdocvw.dll file.
    Unzip it and put shdocvw.dll onto USB memory stick (flash drive).
    Boot from OTLPE CD again and transfer shdocvw.dll file from your flash drive to C:\WINDOWS\System32 folder.
    Let me know, when you're done.
  21. djackson84

    djackson84 Newcomer, in training Topic Starter Posts: 87

    I'm having a bit of trouble finding that folder. I'm in C:\Windows...but nothing labeled system32.
  22. djackson84

    djackson84 Newcomer, in training Topic Starter Posts: 87

    NEVERMIND! Found it. sorry I seem so inept, I'm just really stressed about this whole thing. Thanks so much for helping me out thus far.
  23. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    You're very welcome :)

    When you're done....

    Do this on the computer you are posting from:
    Copy the text in the codebox below:


    Code:
    :OTL
    O2 - BHO: (Internet Explorer Plugin) - {DFC1A8D5-F5A4-453D-BB54-0A886678B9B0} - File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab  (Reg Error: Key error.)
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
    [2010/07/07 00:23:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mom_2\Local Settings\Application Data\prvlcl.dat
    [2010/07/07 00:23:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\prvlcl.dat
    [2010/07/06 16:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\nyihntpn.job
    [2010/03/03 23:56:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mom_2\Local Settings\Application Data\prvlcl.dat
    [2010/01/16 07:01:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\prvlcl.dat
    
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    
    Open Notepad and paste it.
    Save the document as Fix.txt on to a USB flash drive


    On the infected computer the following...

    Run OTLPE

    • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
      • (The content of Fix.txt should appear in the box)
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post the log produced (you'll need to transfer it with USB stick)
    • Attempt to reboot normally into windows and let me know how it goes.
  24. djackson84

    djackson84 Newcomer, in training Topic Starter Posts: 87

    I can't click on your attachments.
  25. Broni

    Broni Malware Annihilator Posts: 46,182   +251

Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.