also @ TechSpot: Nvidia GeForce GTX 780 Review

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Virus is causing a SHDOCWV error?

Discussion in 'Virus and Malware Removal' started by djackson84, Jul 4, 2010.

Page 4 of 5

djackson84 Newcomer, in training Posts: 87

part 4

[2010/07/05 12:10:15 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/07/05 12:08:49 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\ParetoLogic PC Health Advisor.lnk
[2010/07/05 12:08:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2010/07/05 12:08:03 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2010/07/05 11:47:12 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/07/05 11:47:12 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/07/05 11:47:01 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2010/07/05 11:45:07 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Norton Installation Files.lnk
[2010/07/04 02:03:58 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2010/07/04 02:03:58 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2010/07/04 02:03:58 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2010/07/04 02:03:57 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2010/07/04 02:03:57 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2010/07/04 02:03:57 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2010/07/04 02:03:57 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2010/07/04 02:03:57 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2010/07/04 02:03:56 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2010/07/04 02:03:54 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2010/06/30 16:15:26 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010/06/30 16:15:26 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/06/28 23:43:39 | 000,016,108 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\thanks.docx
[2010/06/27 03:10:58 | 000,072,262 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\26837_1228712248973_1564081511_1871473_8286546_n.jpg
[2010/06/27 03:04:49 | 000,055,769 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\n1564081511_1070521_9115.jpg
[2010/06/27 03:03:53 | 000,054,158 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\6569_1151456397625_1564081511_1655047_1538108_n.jpg
[2010/06/13 19:03:38 | 000,035,888 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\TicketTrans.htm
[2010/06/13 19:01:45 | 000,035,888 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\TicketTrans.pdf
[2010/06/04 19:07:11 | 000,991,232 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\final3DSmaxNEW.max
[2010/05/30 15:52:52 | 000,770,048 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\final3DSmax.max
[2010/05/30 15:30:50 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autodesk 3ds Max 2010 32-bit.lnk
[2010/05/26 03:07:49 | 000,000,477 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\epicsNEW.lnk
[2010/05/26 00:59:12 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\epicsNEW.doc
[2010/05/19 02:46:54 | 000,028,848 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/17 02:01:37 | 000,004,388 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Piano.rtf
[2010/05/16 11:53:20 | 003,235,667 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\APMonthlyPaymentsContract.pdf
[2010/05/16 01:28:11 | 000,022,872 | ---- | C] () -- C:\WINDOWS\System32\gawv
[2010/05/12 10:05:18 | 000,004,694 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Heidi.rtf
[2010/05/10 01:46:08 | 000,005,521 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\raisin.rtf
[2010/05/03 10:57:01 | 004,456,448 | ---- | C] () -- C:\Documents and Settings\Mom\ntuser.dat
[2010/04/26 21:19:20 | 000,012,746 | -HS- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\6yB3PQs2
[2010/04/26 21:19:20 | 000,012,746 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6yB3PQs2

djackson84, Jul 11, 2010

#61
djackson84 Newcomer, in training Posts: 87

[2010/01/17 13:36:16 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/01/17 12:52:53 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/02 17:27:36 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/12/31 19:50:55 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/12/29 14:21:30 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/12/29 14:21:30 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/12/29 14:21:20 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/12/29 14:21:19 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/12/29 14:21:18 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/08/31 14:00:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2009/08/31 14:00:21 | 000,185,344 | ---- | C] () -- C:\WINDOWS\System32\MemWarp.dll

========== LOP Check ==========

[2010/01/01 04:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/01/01 04:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2010/05/30 15:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/07/11 17:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/07/05 12:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/05/26 03:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2009/12/31 23:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/15 02:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\acccore
[2010/05/30 15:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Autodesk
[2010/04/01 12:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Facebook
[2010/01/20 00:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Nemetschek
[2010/01/20 23:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\net.nemetschek.vectorworks.2010.help.eng.CC16605A57FA88F0CED2B1A19E704F482AB2B1EB.1
[2010/05/26 00:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\NVD
[2010/07/11 17:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\SoftGrid Client
[2010/05/26 00:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\TP
[2010/07/05 15:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Uniblue
[2010/07/05 12:10:15 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2010/07/05 14:45:47 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
[2010/07/05 14:45:47 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor.job

========== Purity Check ==========

< End of report >

djackson84, Jul 11, 2010

#62
djackson84 Newcomer, in training Posts: 87

Extra. txt

OTL Extras logfile created on: 7/11/2010 7:55:46 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Mom\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 201.79 Gb Free Space | 86.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJACKSON1984
Current User Name: Mom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1035:TCP" = 1035:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\freecell.exe" = C:\WINDOWS\system32\freecell.exe:*:Enabled:FreeCell -- (Microsoft Corporation)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Autodesk\Backburner\monitor.exe" = C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\manager.exe" = C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\server.exe" = C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2010 32-bit -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe" = C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe:*:Enabled:mental ray satellite server for Autodesk 3ds Max 2010 32-bit -- ()
"C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe" = C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe:*:Enabled:mental ray satellite for Autodesk 3ds Max 2010 32-bit -- (mental images GmbH)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 (Beta)
"{20140062-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 (Beta) - English
"{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}" = Autodesk 3ds Max 2010 32-bit
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60A08432-00DD-0409-AC2C-143C75460878}" = Autodesk 3ds Max 2010 32-bit Components
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9EF9C0B-0428-1743-BF3A-9CC890CA5C91}" = Vectorworks 2010 Help
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4576E0D-2295-4B8E-B663-B68086B00EE5}" = Sonic CinePlayer DVD Pack
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E551D82D-4D56-4AF7-A2C9-8897D7A0CB00}" = Autodesk 3ds Max 2010 Tutorials Files
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM Search" = AIM Search
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"N360" = Norton 360
"net.nemetschek.vectorworks.2010.help.eng.CC16605A57FA88F0CED2B1A19E704F482AB2B1EB.1" = Vectorworks 2010 Help
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010 (Beta)
"Registry Patrol" = Registry Patrol
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/11/2010 8:05:21 PM | Computer Name = DJACKSON1984 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/11/2010 8:05:21 PM | Computer Name = DJACKSON1984 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/11/2010 8:05:21 PM | Computer Name = DJACKSON1984 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/11/2010 8:05:21 PM | Computer Name = DJACKSON1984 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/11/2010 8:05:21 PM | Computer Name = DJACKSON1984 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/11/2010 8:05:21 PM | Computer Name = DJACKSON1984 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/11/2010 8:46:24 PM | Computer Name = DJACKSON1984 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001a52e8.

Error - 7/11/2010 9:06:55 PM | Computer Name = DJACKSON1984 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001a52e8.

Error - 7/11/2010 9:51:53 PM | Computer Name = DJACKSON1984 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/11/2010 9:51:53 PM | Computer Name = DJACKSON1984 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 7/11/2010 7:57:59 PM | Computer Name = DJACKSON1984 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 7/11/2010 8:27:46 PM | Computer Name = DJACKSON1984 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 7/11/2010 8:27:46 PM | Computer Name = DJACKSON1984 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 7/11/2010 8:34:08 PM | Computer Name = DJACKSON1984 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 7/11/2010 8:34:08 PM | Computer Name = DJACKSON1984 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 7/11/2010 8:47:31 PM | Computer Name = DJACKSON1984 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 7/11/2010 8:54:22 PM | Computer Name = DJACKSON1984 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 7/11/2010 8:54:22 PM | Computer Name = DJACKSON1984 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 7/11/2010 9:18:19 PM | Computer Name = DJACKSON1984 | Source = Service Control Manager | ID = 7034
Description = The mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit
service terminated unexpectedly. It has done this 1 time(s).

Error - 7/11/2010 9:21:19 PM | Computer Name = DJACKSON1984 | Source = Service Control Manager | ID = 7034
Description = The mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit
service terminated unexpectedly. It has done this 1 time(s).

< End of report >

djackson84, Jul 11, 2010

#63

Broni Malware Annihilator Posts: 39,398 +177

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Mom\LOCALS~1\Temp\catchme.sys -- (catchme)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
[2010/04/26 21:19:20 | 000,012,746 | -HS- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\6yB3PQs2
[2010/04/26 21:19:20 | 000,012,746 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6yB3PQs2 


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" =-
"AntiVirusOverride" =-


:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

Broni, Jul 11, 2010

#64

djackson84 Newcomer, in training Posts: 87

All processes killed
========== OTL ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\Mom\LOCALS~1\Temp\catchme.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
C:\Documents and Settings\Mom\Local Settings\Application Data\6yB3PQs2 moved successfully.
C:\Documents and Settings\All Users\Application Data\6yB3PQs2 moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 0 bytes

User: Mom
->Temp folder emptied: 696408 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 37348619 bytes
->Flash cache emptied: 22213 bytes

User: Mom_2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49635 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 36.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: Mom
->Flash cache emptied: 0 bytes

User: Mom_2
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.9.0 log created on 07112010_201812

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_5dc.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_664.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_7ac.dat not found!

Registry entries deleted on Reboot...

djackson84, Jul 11, 2010

#65

Broni Malware Annihilator Posts: 39,398 +177

Very good
We're almost there...

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Broni, Jul 11, 2010

#66

djackson84 Newcomer, in training Posts: 87

Two problems: I'm getting a warning that the site has an expired code,

and two, java says that its connection is interrupted and the program can't run.

djackson84, Jul 11, 2010

#67
Broni Malware Annihilator Posts: 39,398 +177

Both problems regarding Kaspersky?
Did you run TFC yet?

Broni, Jul 11, 2010

#68
djackson84 Newcomer, in training Posts: 87

I ran TFC and restarted. Kaspersky is the problem

djackson84, Jul 11, 2010

#69
djackson84 Newcomer, in training Posts: 87

Tried again. I still got the first warning, but it's running now.

djackson84, Jul 11, 2010

#70
Broni Malware Annihilator Posts: 39,398 +177
OK
If for any reason, it refuses to cooperate....

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Broni, Jul 11, 2010

#71
djackson84 Newcomer, in training Posts: 87

so while I'm waiting for that to download, would you mind telling a bit about what happened to my computer?

djackson84, Jul 12, 2010

#72
Broni Malware Annihilator Posts: 39,398 +177

Well, not much to say. Your computer was just seriously infected with some trojans, one rootkit, one system file was missing, etc......

Broni, Jul 12, 2010

#73
djackson84 Newcomer, in training Posts: 87

Oh ok...I think I'm gonna try ESET scanner. This one is slowing everything down majorly, and it looks like it'll be another hour before it finishes loading, seeing as it's starting going backwards in its progression percentage. Would that be alright or should I wait it out?

djackson84, Jul 12, 2010

#74
Broni Malware Annihilator Posts: 39,398 +177

Kaspersky takes time. It may even run overnight.
I'd prefer, you leave it running.
Your computer should be 99% clean, so you don't have to worry much.

Broni, Jul 12, 2010

#75
djackson84 Newcomer, in training Posts: 87

Ok. got it. You've gotten me this far.

djackson84, Jul 12, 2010

#76
Broni Malware Annihilator Posts: 39,398 +177

Cool
If not tonight, I'll check on you tomorrow after work

Broni, Jul 12, 2010

#77
djackson84 Newcomer, in training Posts: 87

Ok. Thanks so much. You've been absolutely great to do this for me. My only concern was leaving Norton off so long, but after what we just did it should be fine. You're right. Thanks again.

djackson84, Jul 12, 2010

#78
Broni Malware Annihilator Posts: 39,398 +177

You're very welcome

Broni, Jul 12, 2010

#79
djackson84 Newcomer, in training Posts: 87

So I'm having a new little issue. Don't know if it's a setting problem perhaps. I can't click on links that are photos. Nothing happens. Also, I can't get a right click menu to come up either. Say I'm going to copy or paste something. After several tries and computer freezes I'm going go to with ESET, but I can't click on the icon to download that either. It's also effecting the drop down menu in the search bar. Nothing is suggested until more than word is typed in. It used to only 1. I know these are small changes, but could they be indicative of something else?

djackson84, Jul 12, 2010

#80

Page 4 of 5

Topic Status:: Not open for further replies.

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.