1
"Fatal system error" Antimalware Doctor. on Fri Sep 03, 2010 11:13 pm
birddog2001
New Member
Hi,
I have a crazy virus called anti "malware doctor". So I ran avg free to try to get rid of it. But when it said to restart my computer, it wouldnt restart so I just unplugged it.
When I turned it back on, it has a blue screen and says:
STOP: c000021a {Fatal System Error}
The windows logon process system process terminated unexpectedly with a st
f 0xc0000034 (0x00000000 0x00000000).
The system has been shut down.
I even pressed F8 on boot up and started in safe mode, but it goes to the same thing.
I have windows XP.
I tried to restart using last known working configureation.
Tried to use a recovery cd. Wouldnt work correctly.
I finally made a cd using REATOGO Windows Recovery Environment. Ran a scan
and this is what I got. Any help would be appreciated.
OTL logfile created on: 9/2/2010 11:40:00 PM - Run
OTLPE by OldTimer - Version 3.1.40.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
510.00 Mb Total Physical Memory | 297.00 Mb Available Physical Memory | 58.00% Memory free
458.00 Mb Paging File | 328.00 Mb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.12 Gb Total Space | 0.93 Gb Free Space | 2.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/25 23:52:05 | 000,053,248 | ---- | M] () [Auto] -- C:\WINDOWS\system32\6to4v32.dll -- (6to4)
SRV - [2010/07/16 09:05:40 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/10 22:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/07/16 09:05:50 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/16 09:03:50 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 10:42:37 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/01/26 18:13:41 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/01/26 18:13:39 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/13 14:39:47 | 000,024,576 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2007/04/16 13:28:02 | 000,194,362 | ---- | M] (Jungo) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2004/05/16 20:46:15 | 000,347,648 | R--- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WlanUIG.sys -- (WlanUIG)
DRV - [2003/06/30 20:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 10:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/03/07 17:34:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/21 10:05:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/26 19:59:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/26 19:59:22 | 000,000,000 | ---D | M]
[2010/08/25 12:58:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/22 08:47:08 | 000,002,074 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml
O1 HOSTS File: ([2003/07/16 16:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (brumaqpyxgrm Object) - {CFB67527-F3D8-484F-8016-971B3FCF76AF} - C:\WINDOWS\$NtUninstallMTF1011$\mmx.dll ()
O2 - BHO: (796525 Class) - {E7F15AC4-E0A9-43F0-921B-70DFEA621220} - C:\WINDOWS\System32\796525\796525.dll File not found
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [bipro] C:\WINDOWS\$NtUninstallMTF1011$\mmduch.DLL File not found
O4 - HKLM..\Run: [fuqnjkru] C:\Documents and Settings\Owner\Local Settings\Application Data\jjgejenub\fnsrealshdw.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [wenramxsoc.tmp] C:\Documents and Settings\Owner\Local Settings\Temp\wenramxsoc.tmp ()
O4 - HKU\Owner_ON_C..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found
O4 - HKU\Owner_ON_C..\Run: [fuqnjkru] C:\Documents and Settings\Owner\Local Settings\Application Data\jjgejenub\fnsrealshdw.exe ()
O4 - HKU\Owner_ON_C..\Run: [newsecureapp70700.exe] C:\Documents and Settings\Owner\Application Data\BC41313B30793314D1EF04DD8E21A4FB\newsecureapp70700.exe (MS)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab (LogMeIn Rescue Applet Downloader)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234751630545 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/27 21:28:53 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/08/25 22:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Street-Ads
[2010/08/25 21:25:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/25 21:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/25 21:07:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\jjgejenub
[2010/08/25 21:06:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Windows Server
[2010/08/25 21:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\BC41313B30793314D1EF04DD8E21A4FB
[2010/08/22 22:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\32bit_Version
[2010/08/22 22:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\64bit_Version
[2010/08/22 22:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\stephenhawkins
[2010/08/22 22:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Bonuses
[2009/02/15 22:03:34 | 000,347,648 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\WlanUIG.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/09/02 23:38:22 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/09/02 23:15:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/25 23:52:05 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\6to4v32.dll
[2010/08/25 23:28:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/25 22:28:05 | 063,880,571 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/25 21:08:27 | 000,001,175 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2010/08/25 21:08:26 | 000,001,197 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Antimalware Doctor.lnk
[2010/08/25 21:08:06 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010/08/25 15:26:27 | 000,001,230 | ---- | M] () -- C:\WINDOWS\System\myvideos.dll
[2010/08/25 08:12:27 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
[2010/08/25 08:03:17 | 000,309,203 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ATT.NET - Email, News,.url
[2010/08/24 21:47:47 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/08/24 21:43:57 | 000,001,134 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to vacation 2010 016.lnk
[2010/08/23 21:35:45 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Kaitlyn Nicole Henderson- SCHEDULE.doc
[2010/08/22 23:05:13 | 000,509,574 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/22 23:05:13 | 000,434,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/22 23:05:13 | 000,068,166 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/22 22:59:22 | 000,000,295 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\SEOLDFASTINDEX.REG
[2010/08/22 21:19:56 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft PowerPoint.lnk
[2010/08/20 20:18:32 | 000,053,029 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Bag Receipt.mht
[2010/08/16 07:08:29 | 000,229,376 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/08/16 07:08:01 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/08/15 04:36:50 | 000,181,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/15 04:18:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/08/25 23:52:05 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\6to4v32.dll
[2010/08/25 21:08:27 | 000,001,175 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2010/08/25 21:08:25 | 000,001,197 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Antimalware Doctor.lnk
[2010/08/25 21:08:05 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010/08/24 21:43:57 | 000,001,134 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to vacation 2010 016.lnk
[2010/08/23 21:35:44 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Kaitlyn Nicole Henderson- SCHEDULE.doc
[2010/08/22 22:59:20 | 000,000,295 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\SEOLDFASTINDEX.REG
[2010/08/22 22:22:55 | 000,348,665 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SEOLD Quick Indexer Guide.pdf
[2010/08/20 20:18:31 | 000,053,029 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Bag Receipt.mht
[2010/07/24 00:06:40 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/07/24 00:06:39 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/01 18:58:58 | 000,060,744 | ---- | C] () -- C:\Documents and Settings\Owner\g2mdlhlpx.exe
[2009/06/08 18:38:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/27 21:40:00 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/15 19:56:35 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/02/15 19:56:34 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Owner\ntuser.dat.LOG
[2009/02/15 19:56:32 | 003,932,160 | -H-- | C] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/02/15 19:56:23 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2009/02/15 19:56:22 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2009/02/15 19:56:22 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2009/02/15 19:56:21 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2009/02/15 19:56:21 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2009/02/15 19:56:20 | 000,229,376 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2003/07/16 16:31:12 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\kbdclass.sys
========== LOP Check ==========
[2010/03/09 22:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG9
[2010/08/25 21:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BC41313B30793314D1EF04DD8E21A4FB
[2009/02/28 00:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/19 16:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CommissionBlueprint.KeywordBlueprint.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1
[2009/09/20 13:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CommissionBlueprint.OfferEvaluator.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1
[2010/08/08 19:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\playitall
[2010/07/20 17:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Research In Motion
[2010/08/25 22:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Street-Ads
[2010/04/21 21:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ubot
[2010/04/10 12:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ViralSubmitter
========== Purity Check ==========
< End of report >
I have a crazy virus called anti "malware doctor". So I ran avg free to try to get rid of it. But when it said to restart my computer, it wouldnt restart so I just unplugged it.
When I turned it back on, it has a blue screen and says:
STOP: c000021a {Fatal System Error}
The windows logon process system process terminated unexpectedly with a st
f 0xc0000034 (0x00000000 0x00000000).
The system has been shut down.
I even pressed F8 on boot up and started in safe mode, but it goes to the same thing.
I have windows XP.
I tried to restart using last known working configureation.
Tried to use a recovery cd. Wouldnt work correctly.
I finally made a cd using REATOGO Windows Recovery Environment. Ran a scan
and this is what I got. Any help would be appreciated.
OTL logfile created on: 9/2/2010 11:40:00 PM - Run
OTLPE by OldTimer - Version 3.1.40.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
510.00 Mb Total Physical Memory | 297.00 Mb Available Physical Memory | 58.00% Memory free
458.00 Mb Paging File | 328.00 Mb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.12 Gb Total Space | 0.93 Gb Free Space | 2.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/25 23:52:05 | 000,053,248 | ---- | M] () [Auto] -- C:\WINDOWS\system32\6to4v32.dll -- (6to4)
SRV - [2010/07/16 09:05:40 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/10 22:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/07/16 09:05:50 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/16 09:03:50 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 10:42:37 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/01/26 18:13:41 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/01/26 18:13:39 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/13 14:39:47 | 000,024,576 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2007/04/16 13:28:02 | 000,194,362 | ---- | M] (Jungo) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2004/05/16 20:46:15 | 000,347,648 | R--- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WlanUIG.sys -- (WlanUIG)
DRV - [2003/06/30 20:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 10:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/03/07 17:34:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/21 10:05:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/26 19:59:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/26 19:59:22 | 000,000,000 | ---D | M]
[2010/08/25 12:58:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/22 08:47:08 | 000,002,074 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml
O1 HOSTS File: ([2003/07/16 16:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (brumaqpyxgrm Object) - {CFB67527-F3D8-484F-8016-971B3FCF76AF} - C:\WINDOWS\$NtUninstallMTF1011$\mmx.dll ()
O2 - BHO: (796525 Class) - {E7F15AC4-E0A9-43F0-921B-70DFEA621220} - C:\WINDOWS\System32\796525\796525.dll File not found
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [bipro] C:\WINDOWS\$NtUninstallMTF1011$\mmduch.DLL File not found
O4 - HKLM..\Run: [fuqnjkru] C:\Documents and Settings\Owner\Local Settings\Application Data\jjgejenub\fnsrealshdw.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [wenramxsoc.tmp] C:\Documents and Settings\Owner\Local Settings\Temp\wenramxsoc.tmp ()
O4 - HKU\Owner_ON_C..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found
O4 - HKU\Owner_ON_C..\Run: [fuqnjkru] C:\Documents and Settings\Owner\Local Settings\Application Data\jjgejenub\fnsrealshdw.exe ()
O4 - HKU\Owner_ON_C..\Run: [newsecureapp70700.exe] C:\Documents and Settings\Owner\Application Data\BC41313B30793314D1EF04DD8E21A4FB\newsecureapp70700.exe (MS)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab (LogMeIn Rescue Applet Downloader)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234751630545 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/27 21:28:53 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/08/25 22:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Street-Ads
[2010/08/25 21:25:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/25 21:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/25 21:07:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\jjgejenub
[2010/08/25 21:06:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Windows Server
[2010/08/25 21:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\BC41313B30793314D1EF04DD8E21A4FB
[2010/08/22 22:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\32bit_Version
[2010/08/22 22:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\64bit_Version
[2010/08/22 22:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\stephenhawkins
[2010/08/22 22:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Bonuses
[2009/02/15 22:03:34 | 000,347,648 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\WlanUIG.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/09/02 23:38:22 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/09/02 23:15:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/25 23:52:05 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\6to4v32.dll
[2010/08/25 23:28:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/25 22:28:05 | 063,880,571 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/25 21:08:27 | 000,001,175 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2010/08/25 21:08:26 | 000,001,197 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Antimalware Doctor.lnk
[2010/08/25 21:08:06 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010/08/25 15:26:27 | 000,001,230 | ---- | M] () -- C:\WINDOWS\System\myvideos.dll
[2010/08/25 08:12:27 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
[2010/08/25 08:03:17 | 000,309,203 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ATT.NET - Email, News,.url
[2010/08/24 21:47:47 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/08/24 21:43:57 | 000,001,134 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to vacation 2010 016.lnk
[2010/08/23 21:35:45 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Kaitlyn Nicole Henderson- SCHEDULE.doc
[2010/08/22 23:05:13 | 000,509,574 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/22 23:05:13 | 000,434,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/22 23:05:13 | 000,068,166 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/22 22:59:22 | 000,000,295 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\SEOLDFASTINDEX.REG
[2010/08/22 21:19:56 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft PowerPoint.lnk
[2010/08/20 20:18:32 | 000,053,029 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Bag Receipt.mht
[2010/08/16 07:08:29 | 000,229,376 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/08/16 07:08:01 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/08/15 04:36:50 | 000,181,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/15 04:18:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/08/25 23:52:05 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\6to4v32.dll
[2010/08/25 21:08:27 | 000,001,175 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2010/08/25 21:08:25 | 000,001,197 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Antimalware Doctor.lnk
[2010/08/25 21:08:05 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010/08/24 21:43:57 | 000,001,134 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to vacation 2010 016.lnk
[2010/08/23 21:35:44 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Kaitlyn Nicole Henderson- SCHEDULE.doc
[2010/08/22 22:59:20 | 000,000,295 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\SEOLDFASTINDEX.REG
[2010/08/22 22:22:55 | 000,348,665 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SEOLD Quick Indexer Guide.pdf
[2010/08/20 20:18:31 | 000,053,029 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Bag Receipt.mht
[2010/07/24 00:06:40 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/07/24 00:06:39 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/01 18:58:58 | 000,060,744 | ---- | C] () -- C:\Documents and Settings\Owner\g2mdlhlpx.exe
[2009/06/08 18:38:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/27 21:40:00 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/15 19:56:35 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/02/15 19:56:34 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Owner\ntuser.dat.LOG
[2009/02/15 19:56:32 | 003,932,160 | -H-- | C] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/02/15 19:56:23 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2009/02/15 19:56:22 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2009/02/15 19:56:22 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2009/02/15 19:56:21 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2009/02/15 19:56:21 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2009/02/15 19:56:20 | 000,229,376 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2003/07/16 16:31:12 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\kbdclass.sys
========== LOP Check ==========
[2010/03/09 22:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG9
[2010/08/25 21:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BC41313B30793314D1EF04DD8E21A4FB
[2009/02/28 00:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/19 16:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CommissionBlueprint.KeywordBlueprint.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1
[2009/09/20 13:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CommissionBlueprint.OfferEvaluator.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1
[2010/08/08 19:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\playitall
[2010/07/20 17:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Research In Motion
[2010/08/25 22:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Street-Ads
[2010/04/21 21:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ubot
[2010/04/10 12:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ViralSubmitter
========== Purity Check ==========
< End of report >
Last edited by birddog2001 on Sat Sep 04, 2010 5:51 pm; edited 1 time in total (Reason for editing : name of virus)
Sun Feb 05, 2012 3:10 pm by 
