Virus is causing a SHDOCWV error?

Solved
By djackson84
Jul 4, 2010
Topic Status:
Not open for further replies.
  1. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Cool :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  2. djackson84

    djackson84 Newcomer, in training Topic Starter Posts: 87

    Ok...here's the log.

    Attached Files:

    • log.txt
      File size:
      20.4 KB
      Views:
      1
  3. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Note: If you have a previous version of TDSSKiller downloaded please delete it now and download a fresh copy using the links provided below

    Download TDSSKiller and save it to your Desktop.
    Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
    Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

    If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
    When it is done, a log file should be created on your C: drive called TDSSKiller.txt please copy and paste the contents of that file here.
  4. djackson84

    djackson84 Newcomer, in training Topic Starter Posts: 87

    9:04:19:656 3800 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
    19:04:19:656 3800 ================================================================================
    19:04:19:656 3800 SystemInfo:

    19:04:19:656 3800 OS Version: 5.1.2600 ServicePack: 3.0
    19:04:19:656 3800 Product type: Workstation
    19:04:19:656 3800 ComputerName: DJACKSON1984
    19:04:19:656 3800 UserName: Mom
    19:04:19:656 3800 Windows directory: C:\WINDOWS
    19:04:19:656 3800 System windows directory: C:\WINDOWS
    19:04:19:656 3800 Processor architecture: Intel x86
    19:04:19:656 3800 Number of processors: 2
    19:04:19:656 3800 Page size: 0x1000
    19:04:19:656 3800 Boot type: Normal boot
    19:04:19:656 3800 ================================================================================
    19:04:20:750 3800 Initialize success
    19:04:20:750 3800
    19:04:20:750 3800 Scanning Services ...
    19:04:21:296 3800 Raw services enum returned 336 services
    19:04:21:312 3800
    19:04:21:312 3800 Scanning Drivers ...
    19:04:22:296 3800 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    19:04:22:437 3800 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    19:04:22:750 3800 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    19:04:22:812 3800 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    19:04:22:953 3800 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
    19:04:23:125 3800 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    19:04:23:187 3800 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    19:04:23:218 3800 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    19:04:23:265 3800 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    19:04:23:421 3800 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    19:04:23:625 3800 BHDrvx86 (87c00decc19bd995217a4a5fdd4d638c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100619.001\BHDrvx86.sys
    19:04:23:843 3800 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    19:04:23:953 3800 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys
    19:04:24:109 3800 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    19:04:24:171 3800 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    19:04:24:250 3800 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    19:04:24:359 3800 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    19:04:24:437 3800 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    19:04:24:500 3800 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    19:04:24:593 3800 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    19:04:24:671 3800 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    19:04:24:703 3800 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    19:04:24:812 3800 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    19:04:24:843 3800 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    19:04:24:937 3800 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    19:04:25:000 3800 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    19:04:25:015 3800 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    19:04:25:031 3800 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    19:04:25:078 3800 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    19:04:25:187 3800 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    19:04:25:265 3800 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    19:04:25:343 3800 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    19:04:25:406 3800 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    19:04:25:562 3800 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    19:04:25:640 3800 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    19:04:25:718 3800 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    19:04:25:781 3800 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    19:04:26:078 3800 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    19:04:26:343 3800 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20100709.001\IDSxpx86.sys
    19:04:26:484 3800 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    19:04:26:703 3800 IntcAzAudAddService (988a112c4061f309ce9c1abfc971d001) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    19:04:26:921 3800 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    19:04:26:968 3800 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    19:04:27:015 3800 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    19:04:27:140 3800 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    19:04:27:171 3800 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    19:04:27:234 3800 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    19:04:27:281 3800 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    19:04:27:312 3800 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    19:04:27:437 3800 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    19:04:27:500 3800 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
    19:04:27:531 3800 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    19:04:27:593 3800 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    19:04:27:937 3800 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    19:04:28:156 3800 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    19:04:28:406 3800 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
    19:04:28:859 3800 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    19:04:28:968 3800 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    19:04:29:031 3800 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    19:04:29:046 3800 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    19:04:29:062 3800 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    19:04:29:062 3800 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    19:04:29:218 3800 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    19:04:29:218 3800 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    19:04:29:234 3800 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    19:04:29:281 3800 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    19:04:29:281 3800 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    19:04:29:468 3800 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100711.002\NAVENG.SYS
    19:04:29:562 3800 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100711.002\NAVEX15.SYS
    19:04:29:750 3800 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    19:04:29:812 3800 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    19:04:29:859 3800 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    19:04:29:875 3800 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    19:04:29:890 3800 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    19:04:29:937 3800 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    19:04:30:062 3800 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    19:04:30:109 3800 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    19:04:30:156 3800 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    19:04:30:203 3800 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    19:04:30:296 3800 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    19:04:30:343 3800 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    19:04:30:375 3800 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    19:04:30:390 3800 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    19:04:30:437 3800 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    19:04:30:578 3800 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    19:04:30:609 3800 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    19:04:30:625 3800 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    19:04:30:703 3800 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    19:04:30:734 3800 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    19:04:30:843 3800 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    19:04:30:890 3800 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    19:04:30:968 3800 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    19:04:30:984 3800 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    19:04:30:984 3800 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    19:04:31:000 3800 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    19:04:31:000 3800 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    19:04:31:031 3800 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    19:04:31:203 3800 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    19:04:31:234 3800 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    19:04:31:296 3800 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    19:04:31:328 3800 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    19:04:31:484 3800 RTLE8023xp (cb9310a5a910648d359c99a857e22a54) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    19:04:31:546 3800 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    19:04:31:578 3800 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    19:04:31:609 3800 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    19:04:31:734 3800 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    19:04:31:890 3800 sftfs (21fd68e11d15ac0c4b3a0846e39be565) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftfsXP.sys
    19:04:31:953 3800 sftplay (38fd811e7f58250916548031bd9308d0) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplayXP.sys
    19:04:32:062 3800 Sftredir (1f13f3c7907588d017299b008eeed06c) C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys
    19:04:32:203 3800 sftvol (634274439e8701799f6fce42933cdb06) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftvolXP.sys
    19:04:32:296 3800 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    19:04:32:328 3800 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    19:04:32:484 3800 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS
    19:04:32:531 3800 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS
    19:04:32:687 3800 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
    19:04:32:765 3800 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    19:04:32:828 3800 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    19:04:32:890 3800 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS
    19:04:33:031 3800 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS
    19:04:33:109 3800 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    19:04:33:187 3800 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS
    19:04:33:359 3800 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS
    19:04:33:437 3800 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    19:04:33:500 3800 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    19:04:33:656 3800 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    19:04:33:703 3800 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    19:04:33:734 3800 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    19:04:33:796 3800 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    19:04:33:859 3800 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    19:04:33:890 3800 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
    19:04:34:046 3800 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    19:04:34:125 3800 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    19:04:34:156 3800 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    19:04:34:156 3800 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    19:04:34:187 3800 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    19:04:34:218 3800 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    19:04:34:343 3800 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    19:04:34:406 3800 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    19:04:34:437 3800 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    19:04:34:484 3800 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    19:04:34:484 3800
    19:04:34:484 3800 Completed
    19:04:34:484 3800
    19:04:34:484 3800 Results:
    19:04:34:484 3800 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
    19:04:34:484 3800 File objects infected / cured / cured on reboot: 0 / 0 / 0
    19:04:34:484 3800
    19:04:34:625 3800 KLMD(ARK) unloaded successfully
  5. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Very good :)
    How is your computer doing at the moment?

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start>"Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall"
    Click OK (Vista users - press Enter).
    Restart computer.

    =================================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  6. djackson84

    djackson84 Newcomer, in training Topic Starter Posts: 87

    I don't see any noticeable problems right now!!! I'll do these last steps though. You're awesome.
  7. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Thank you :)
  8. djackson84

    djackson84 Newcomer, in training Topic Starter Posts: 87

    here's pt 1.

    OTL logfile created on: 7/11/2010 7:55:46 PM - Run 1
    OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Mom\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 201.79 Gb Free Space | 86.65% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: DJACKSON1984
    Current User Name: Mom
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/07/11 19:54:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\My Documents\Downloads\OTL.exe
    PRC - [2010/06/26 01:41:08 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\ccsvchst.exe
    PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    PRC - [2009/09/26 07:35:02 | 000,819,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    PRC - [2009/09/23 15:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2009/09/23 15:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2009/03/12 17:36:24 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
    PRC - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
    PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/01/11 23:16:38 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    PRC - [2006/07/25 03:01:00 | 000,114,688 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic Shared\CineTray.exe
  9. djackson84

    djackson84 Newcomer, in training Topic Starter Posts: 87

    part 2


    ========== Modules (SafeList) ==========

    MOD - [2010/07/11 19:54:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\My Documents\Downloads\OTL.exe
    MOD - [2010/05/13 22:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\asoehook.dll
    MOD - [2009/07/11 23:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
    MOD - [2009/07/11 23:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
    MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - [2010/06/30 16:21:35 | 002,561,624 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3725.dll -- (Akamai)
    SRV - [2010/05/30 15:31:03 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
    SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2009/09/26 07:35:02 | 000,819,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
    SRV - [2009/09/26 04:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
    SRV - [2009/09/23 15:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2009/09/23 15:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2009/03/12 17:36:24 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
    SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
    SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
    SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Mom\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/07/10 00:26:07 | 006,088,296 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2010/07/05 11:47:11 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2010/07/05 01:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100711.002\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/07/05 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2010/07/05 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/07/05 01:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100711.002\NAVENG.SYS -- (NAVENG)
  10. djackson84

    djackson84 Newcomer, in training Topic Starter Posts: 87

    part 3

    DRV - [2010/06/19 00:46:00 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100619.001\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2010/05/28 12:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20100709.001\IDSXpx86.sys -- (IDSxpx86)
    DRV - [2010/05/05 21:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS -- (SYMTDI)
    DRV - [2010/04/28 22:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS -- (SymIRON)
    DRV - [2010/04/21 20:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS -- (SymEFA)
    DRV - [2010/04/21 19:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS -- (SRTSP)
    DRV - [2010/04/21 19:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2010/02/25 17:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys -- (ccHP)
    DRV - [2010/02/03 18:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS -- (SymDS)
    DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
    DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
    DRV - [2009/09/23 15:05:06 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)
    DRV - [2009/09/23 15:04:56 | 000,014,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftVolXP.sys -- (sftvol)
    DRV - [2009/09/23 15:04:54 | 000,190,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplayxp.sys -- (sftplay)
    DRV - [2009/09/23 15:04:52 | 000,543,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftFSXP.sys -- (sftfs)
    DRV - [2009/07/28 17:55:00 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/02/15 14:12:06 | 005,854,752 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

    IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
    FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
    FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s


    FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010/07/05 17:47:11 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010/07/05 11:47:54 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/06 21:04:45 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/06 21:04:39 | 000,000,000 | ---D | M]

    [2010/01/05 08:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Mozilla\Extensions
    [2010/07/11 00:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\nokaurrz.default\extensions
    [2010/07/02 14:05:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\nokaurrz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
    [2010/07/02 14:08:13 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\nokaurrz.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2010/04/10 15:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\nokaurrz.default\extensions\info@djzig.com
    [2009/12/31 20:05:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010/07/11 18:26:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
    O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
    O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Desktop Background.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Desktop Background.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/05/30 15:04:53 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
    O32 - AutoRun File - [2009/12/29 01:31:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
  11. djackson84

    djackson84 Newcomer, in training Topic Starter Posts: 87

    part 4


    [2010/07/05 12:10:15 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
    [2010/07/05 12:08:49 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\ParetoLogic PC Health Advisor.lnk
    [2010/07/05 12:08:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor.job
    [2010/07/05 12:08:03 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
    [2010/07/05 11:47:12 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
    [2010/07/05 11:47:12 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
    [2010/07/05 11:47:01 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
    [2010/07/05 11:45:07 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Norton Installation Files.lnk
    [2010/07/04 02:03:58 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
    [2010/07/04 02:03:58 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
    [2010/07/04 02:03:58 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
    [2010/07/04 02:03:57 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
    [2010/07/04 02:03:57 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
    [2010/07/04 02:03:57 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
    [2010/07/04 02:03:57 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
    [2010/07/04 02:03:57 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
    [2010/07/04 02:03:56 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
    [2010/07/04 02:03:54 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
    [2010/06/30 16:15:26 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
    [2010/06/30 16:15:26 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [2010/06/28 23:43:39 | 000,016,108 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\thanks.docx
    [2010/06/27 03:10:58 | 000,072,262 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\26837_1228712248973_1564081511_1871473_8286546_n.jpg
    [2010/06/27 03:04:49 | 000,055,769 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\n1564081511_1070521_9115.jpg
    [2010/06/27 03:03:53 | 000,054,158 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\6569_1151456397625_1564081511_1655047_1538108_n.jpg
    [2010/06/13 19:03:38 | 000,035,888 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\TicketTrans.htm
    [2010/06/13 19:01:45 | 000,035,888 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\TicketTrans.pdf
    [2010/06/04 19:07:11 | 000,991,232 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\final3DSmaxNEW.max
    [2010/05/30 15:52:52 | 000,770,048 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\final3DSmax.max
    [2010/05/30 15:30:50 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autodesk 3ds Max 2010 32-bit.lnk
    [2010/05/26 03:07:49 | 000,000,477 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\epicsNEW.lnk
    [2010/05/26 00:59:12 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\epicsNEW.doc
    [2010/05/19 02:46:54 | 000,028,848 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/05/17 02:01:37 | 000,004,388 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Piano.rtf
    [2010/05/16 11:53:20 | 003,235,667 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\APMonthlyPaymentsContract.pdf
    [2010/05/16 01:28:11 | 000,022,872 | ---- | C] () -- C:\WINDOWS\System32\gawv
    [2010/05/12 10:05:18 | 000,004,694 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Heidi.rtf
    [2010/05/10 01:46:08 | 000,005,521 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\raisin.rtf
    [2010/05/03 10:57:01 | 004,456,448 | ---- | C] () -- C:\Documents and Settings\Mom\ntuser.dat
    [2010/04/26 21:19:20 | 000,012,746 | -HS- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\6yB3PQs2
    [2010/04/26 21:19:20 | 000,012,746 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6yB3PQs2
     
  12. djackson84

    djackson84 Newcomer, in training Topic Starter Posts: 87

    [2010/01/17 13:36:16 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
    [2010/01/17 12:52:53 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2010/01/02 17:27:36 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2009/12/31 19:50:55 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
    [2009/12/29 14:21:30 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
    [2009/12/29 14:21:30 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
    [2009/12/29 14:21:20 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
    [2009/12/29 14:21:19 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
    [2009/12/29 14:21:18 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
    [2009/08/31 14:00:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
    [2009/08/31 14:00:21 | 000,185,344 | ---- | C] () -- C:\WINDOWS\System32\MemWarp.dll

    ========== LOP Check ==========

    [2010/01/01 04:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
    [2010/01/01 04:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
    [2010/05/30 15:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
    [2010/07/11 17:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/07/05 12:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
    [2010/05/26 03:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
    [2009/12/31 23:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2010/01/15 02:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\acccore
    [2010/05/30 15:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Autodesk
    [2010/04/01 12:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Facebook
    [2010/01/20 00:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Nemetschek
    [2010/01/20 23:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\net.nemetschek.vectorworks.2010.help.eng.CC16605A57FA88F0CED2B1A19E704F482AB2B1EB.1
    [2010/05/26 00:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\NVD
    [2010/07/11 17:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\SoftGrid Client
    [2010/05/26 00:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\TP
    [2010/07/05 15:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Uniblue
    [2010/07/05 12:10:15 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
    [2010/07/05 14:45:47 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
    [2010/07/05 14:45:47 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor.job

    ========== Purity Check ==========


    < End of report >
  13. djackson84

    djackson84 Newcomer, in training Topic Starter Posts: 87

    Extra. txt

    OTL Extras logfile created on: 7/11/2010 7:55:46 PM - Run 1
    OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Mom\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 201.79 Gb Free Space | 86.65% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: DJACKSON1984
    Current User Name: Mom
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" File not found
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" File not found
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1035:TCP" = 1035:TCP:*:Enabled:Akamai NetSession Interface
    "5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\freecell.exe" = C:\WINDOWS\system32\freecell.exe:*:Enabled:FreeCell -- (Microsoft Corporation)
    "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Autodesk\Backburner\monitor.exe" = C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
    "C:\Program Files\Autodesk\Backburner\manager.exe" = C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
    "C:\Program Files\Autodesk\Backburner\server.exe" = C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
    "C:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2010 32-bit -- (Autodesk, Inc.)
    "C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe" = C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe:*:Enabled:mental ray satellite server for Autodesk 3ds Max 2010 32-bit -- ()
    "C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe" = C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe:*:Enabled:mental ray satellite for Autodesk 3ds Max 2010 32-bit -- (mental images GmbH)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{20140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 (Beta)
    "{20140062-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 (Beta) - English
    "{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}" = Autodesk 3ds Max 2010 32-bit
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
    "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{60A08432-00DD-0409-AC2C-143C75460878}" = Autodesk 3ds Max 2010 32-bit Components
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
    "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
    "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
    "{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
    "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
    "{B9EF9C0B-0428-1743-BF3A-9CC890CA5C91}" = Vectorworks 2010 Help
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D4576E0D-2295-4B8E-B663-B68086B00EE5}" = Sonic CinePlayer DVD Pack
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E551D82D-4D56-4AF7-A2C9-8897D7A0CB00}" = Autodesk 3ds Max 2010 Tutorials Files
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AIM Search" = AIM Search
    "AIM Toolbar" = AIM Toolbar
    "AIM_7" = AIM 7
    "Akamai" = Akamai NetSession Interface
    "Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "N360" = Norton 360
    "net.nemetschek.vectorworks.2010.help.eng.CC16605A57FA88F0CED2B1A19E704F482AB2B1EB.1" = Vectorworks 2010 Help
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 (Beta)
    "Registry Patrol" = Registry Patrol
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Facebook Plug-In" = Facebook Plug-In
    "Move Media Player" = Move Media Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 7/11/2010 8:05:21 PM | Computer Name = DJACKSON1984 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 7/11/2010 8:05:21 PM | Computer Name = DJACKSON1984 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 7/11/2010 8:05:21 PM | Computer Name = DJACKSON1984 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 7/11/2010 8:05:21 PM | Computer Name = DJACKSON1984 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 7/11/2010 8:05:21 PM | Computer Name = DJACKSON1984 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 7/11/2010 8:05:21 PM | Computer Name = DJACKSON1984 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 7/11/2010 8:46:24 PM | Computer Name = DJACKSON1984 | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x001a52e8.

    Error - 7/11/2010 9:06:55 PM | Computer Name = DJACKSON1984 | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x001a52e8.

    Error - 7/11/2010 9:51:53 PM | Computer Name = DJACKSON1984 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 7/11/2010 9:51:53 PM | Computer Name = DJACKSON1984 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    [ System Events ]
    Error - 7/11/2010 7:57:59 PM | Computer Name = DJACKSON1984 | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the Windows Management Instrumentation
    service, but this action failed with the following error: %%1056

    Error - 7/11/2010 8:27:46 PM | Computer Name = DJACKSON1984 | Source = Ftdisk | ID = 262189
    Description = The system could not sucessfully load the crash dump driver.

    Error - 7/11/2010 8:27:46 PM | Computer Name = DJACKSON1984 | Source = Ftdisk | ID = 262193
    Description = Configuring the Page file for crash dump failed. Make sure there is
    a page file on the boot partition and that is large enough to contain all physical
    memory.

    Error - 7/11/2010 8:34:08 PM | Computer Name = DJACKSON1984 | Source = Ftdisk | ID = 262189
    Description = The system could not sucessfully load the crash dump driver.

    Error - 7/11/2010 8:34:08 PM | Computer Name = DJACKSON1984 | Source = Ftdisk | ID = 262193
    Description = Configuring the Page file for crash dump failed. Make sure there is
    a page file on the boot partition and that is large enough to contain all physical
    memory.

    Error - 7/11/2010 8:47:31 PM | Computer Name = DJACKSON1984 | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the Windows Management Instrumentation
    service, but this action failed with the following error: %%1056

    Error - 7/11/2010 8:54:22 PM | Computer Name = DJACKSON1984 | Source = Ftdisk | ID = 262189
    Description = The system could not sucessfully load the crash dump driver.

    Error - 7/11/2010 8:54:22 PM | Computer Name = DJACKSON1984 | Source = Ftdisk | ID = 262193
    Description = Configuring the Page file for crash dump failed. Make sure there is
    a page file on the boot partition and that is large enough to contain all physical
    memory.

    Error - 7/11/2010 9:18:19 PM | Computer Name = DJACKSON1984 | Source = Service Control Manager | ID = 7034
    Description = The mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit
    service terminated unexpectedly. It has done this 1 time(s).

    Error - 7/11/2010 9:21:19 PM | Computer Name = DJACKSON1984 | Source = Service Control Manager | ID = 7034
    Description = The mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit
    service terminated unexpectedly. It has done this 1 time(s).


    < End of report >
  14. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Mom\LOCALS~1\Temp\catchme.sys -- (catchme)
      O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
      [2010/04/26 21:19:20 | 000,012,746 | -HS- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\6yB3PQs2
      [2010/04/26 21:19:20 | 000,012,746 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6yB3PQs2 
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
      "FirstRunDisabled" =-
      "AntiVirusOverride" =-
      
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [resethosts]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
  15. djackson84

    djackson84 Newcomer, in training Topic Starter Posts: 87

    All processes killed
    ========== OTL ==========
    Service catchme stopped successfully!
    Service catchme deleted successfully!
    File C:\DOCUME~1\Mom\LOCALS~1\Temp\catchme.sys not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    C:\Documents and Settings\Mom\Local Settings\Application Data\6yB3PQs2 moved successfully.
    C:\Documents and Settings\All Users\Application Data\6yB3PQs2 moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->FireFox cache emptied: 0 bytes

    User: Mom
    ->Temp folder emptied: 696408 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->FireFox cache emptied: 37348619 bytes
    ->Flash cache emptied: 22213 bytes

    User: Mom_2
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 49635 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 36.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: Mom
    ->Flash cache emptied: 0 bytes

    User: Mom_2
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.9.0 log created on 07112010_201812

    Files\Folders moved on Reboot...
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_5dc.dat not found!
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_664.dat not found!
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_7ac.dat not found!

    Registry entries deleted on Reboot...
  16. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Very good :)
    We're almost there...

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.


    2. Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
  17. djackson84

    djackson84 Newcomer, in training Topic Starter Posts: 87

    Two problems: I'm getting a warning that the site has an expired code,

    and two, java says that its connection is interrupted and the program can't run.
  18. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Both problems regarding Kaspersky?
    Did you run TFC yet?
  19. djackson84

    djackson84 Newcomer, in training Topic Starter Posts: 87

    I ran TFC and restarted. Kaspersky is the problem
  20. djackson84

    djackson84 Newcomer, in training Topic Starter Posts: 87

    Tried again. I still got the first warning, but it's running now.
  21. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    OK :)
    If for any reason, it refuses to cooperate....

    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  22. djackson84

    djackson84 Newcomer, in training Topic Starter Posts: 87

    so while I'm waiting for that to download, would you mind telling a bit about what happened to my computer?
  23. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Well, not much to say. Your computer was just seriously infected with some trojans, one rootkit, one system file was missing, etc......
  24. djackson84

    djackson84 Newcomer, in training Topic Starter Posts: 87

    Oh ok...I think I'm gonna try ESET scanner. This one is slowing everything down majorly, and it looks like it'll be another hour before it finishes loading, seeing as it's starting going backwards in its progression percentage. Would that be alright or should I wait it out?
  25. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Kaspersky takes time. It may even run overnight.
    I'd prefer, you leave it running.
    Your computer should be 99% clean, so you don't have to worry much.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.