Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ndis.sys file corrupted from Trojan [Closed]

Started by deemon , May 24 2010 12:22 PM

  • This topic is locked This topic is locked

#1
deemon
Posted 24 May 2010 - 12:22 PM

deemon

    Member

  • Member
  • PipPip
  • 32 posts
Hi I got a trojan in a brain dead moment. Anyway stupidity is never an excuse. AVG did not pick it up so HELP.
I ran Malaware and Hitman Pro 3.5 and AVG. I ran the logs as you asked and include a report from AVG though you pobably don't need or want it. Don't have a XP disc to replace. Backed up on USB drives files and emails. Will send all emails to laptop. This is an old Dell desktop.
Thanks for any input.

I am running xp home 5.1 with sp3. I don't have the start up disc. What do I do?

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4113

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.11

5/18/2010 5:53:13 PM
mbam-log-2010-05-18 (17-53-13).txt

Scan type: Full scan (C:\|)
Objects scanned: 207236
Time elapsed: 39 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 11
Folders Infected: 1
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\helpers32.dll (Trojan.FakeAV) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\pgsb.lto (Backdoor.Bot) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\SE2010 (Rogue.Securityessentials2010) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qvolpphm (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\security essentials 2010 (Rogue.SecurityEssentials2010) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-soft-package.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-software-package.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe pgsb.lto csxyfxr) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Securityessentials2010 (Rogue.SecurityEssentials2010) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\helpers32.dll (Trojan.FakeAV) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\pgsb.lto (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\qvolpphm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Susan Hatcher\Local Settings\Temporary Internet Files\Content.IE5\MGJEZSOE\firewall[1].dll (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2605\A0270078.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Securityessentials2010\SE2010.exe (Rogue.SecurityEssentials2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Susan Hatcher\Application Data\Microsoft\Internet Explorer\Quick Launch\Security essentials 2010.lnk (Rogue.SecurityEssentials2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Susan Hatcher\Start Menu\Security essentials 2010.lnk (Rogue.SecurityEssentials2010) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\Winlogon32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Got the following from avg 3 days ago.

"C:\WINDOWS\system32\svchost.exe (684)";"Trojan horse Downloader.Generic9.BWVA";"Reboot is required to finish the action"
"C:\WINDOWS\System32\svchost.exe (444):\memory_09500000";"Trojan horse Generic17.BKCS";"Object is inaccessible."
"C:\WINDOWS\System32\svchost.exe (444)";"Trojan horse Generic17.BKCS";""
"C:\WINDOWS\System32\svchost.exe (2704):\memory_00400000";"Trojan horse SpamTool.FYS";"Object is inaccessible."
"C:\WINDOWS\System32\svchost.exe (2704)";"Trojan horse SpamTool.FYS";""
"C:\WINDOWS\System32\svchost.exe (2688):\memory_00400000";"Trojan horse SpamTool.FYS";"Object is inaccessible."
"C:\WINDOWS\System32\svchost.exe (2688)";"Trojan horse SpamTool.FYS";""
"C:\WINDOWS\SYSTEM32\DRIVERS\ndis.sys";"Trojan horse Rootkit-Pakes.AA";"Object is white-listed (critical/system file that should not be removed)"
"C:\WINDOWS\SYSTEM32\DLLCACHE\ndis.sys";"Trojan horse Rootkit-Pakes.AA";"Moved to Virus Vault"
"C:\DOCUME~1\SUSANH~1\LOCALS~1\Temp\10.tmp";"Trojan horse Downloader.Generic9.BWVA";"Moved to Virus Vault"
Now it says I have 3 diffent problems with"C:\WINDOWS\System32\svchost.exe (756):\memory_00400000";"Trojan horse SpamTool.FYS";"Object is inaccessible."
"C:\WINDOWS\System32\svchost.exe (756)";"Trojan horse SpamTool.FYS";""
"C:\WINDOWS\System32\svchost.exe (628):\memory_00400000";"Trojan horse SpamTool.FYS";"Object is inaccessible."
"C:\WINDOWS\System32\svchost.exe (628)";"Trojan horse SpamTool.FYS";""
"C:\WINDOWS\system32\services.exe (556):\memory_09500000";"Trojan horse Generic17.BKCS";"Object is inaccessible."
"C:\WINDOWS\system32\services.exe (556)";"Trojan horse Generic17.BKCS";""

OTL Extras logfile created on: 5/24/2010 1:58:57 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Susan Hatcher\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 139.00 Mb Available Physical Memory | 27.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 24.35 Gb Free Space | 65.39% Space Free | Partition Type: NTFS
Drive D: | 535.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 119.98 Mb Total Space | 77.79 Mb Free Space | 64.83% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LHUTILITY
Current User Name: Susan Hatcher
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\SkyGolf\SkyCaddie Desktop\SkyCaddieDesktop.exe" = C:\Program Files\SkyGolf\SkyCaddie Desktop\SkyCaddieDesktop.exe:*:Enabled:SkyCaddie Desktop -- (Skyhawke Technologies)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{192C6FB8-40B8-4910-BE8C-5EE77FACF08D}" = Hallmark Card Studio 2006
"{1E0D8F69-A6AB-4934-9B2D-159D9F97BA4A}" = ParetoLogic DriverCure
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}" = F5 Networks VPN Client for Windows
"{706D5382-7381-4680-9DD0-161832578252}" = DellTouch
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90260409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Web Components
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{95120000-0038-0409-0000-0000000FF1CE}" = Time Zone Data Update Tool for Microsoft Office Outlook
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3C48666-2667-4364-AC5C-035C2B6C79E2}" = WeightWatchers Field Portal
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C14956B6-852F-464B-8C55-1EDA5A812C13}" = DBWT
"{C769A271-7E1C-48F9-B331-474600DD4C04}" = Microsoft Picture It! Photo Premium 2002
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E3436EE2-D5CB-4249-840B-3A0140CC34C1}" = PhoneTools
"Ad-aware 6 Personal" = Ad-aware 6 Personal
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avery Wizard 2.1 MSW10" = Avery® Wizard 2.1 for Microsoft® Word 2002
"AVG9Uninstall" = AVG Free 9.0
"BeatTheHouse_V1" = Beat the House, v1.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Easy Upload Tools" = ImageStation Easy Upload Tools
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"ERUNT_is1" = ERUNT 1.1j
"FileCD" = NTI FileCD
"Greetings Workshop" = Greetings Workshop
"HitmanPro35" = Hitman Pro 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Image Expert 3.2" = Dell Picture Studio - Image Expert 2000
"Languator_is1" = Languator 1.1f
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Mahjongg Tiles of Time" = Mahjongg Tiles of Time
"MailWasher_is1" = MailWasher
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Press Interactive Training" = Microsoft Interactive Training
"MouseMate98" = AMOUSE Uninstaller
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PokerAcademyPro2" = Poker Academy Pro 2
"Readiris" = Readiris
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"SkyCaddieDesktop" = SkyCaddie Desktop
"SLABCOMM" = CP2101 USB to UART Bridge Controller
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Tweak UI 2.10" = Tweak UI
"UIU__MODEM_PCI_VEN_14F1&DEV_1033&SUBSYS_020D13E0" = Conexant HCF V90 56K Data Fax PCI Modem
"Ultimate Family Tree" = Ultimate Family Tree
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ACT! 2000" = ACT! 2000
"AI RoboForm" = AI RoboForm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/8/2010 11:32:49 AM | Computer Name = LHUTILITY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16981, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/10/2010 5:59:20 PM | Computer Name = LHUTILITY | Source = Application Error | ID = 1000
Description = Faulting application photoed.exe, version 3.0.2.3, faulting module
unknown, version 0.0.0.0, fault address 0x6038c570.

Error - 2/13/2010 4:34:18 PM | Computer Name = LHUTILITY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16981, faulting
module unknown, version 0.0.0.0, fault address 0x604245d0.

Error - 3/13/2010 8:58:05 AM | Computer Name = LHUTILITY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16981, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/17/2010 7:42:29 AM | Computer Name = LHUTILITY | Source = MsiInstaller | ID = 11905
Description = Product: Macromedia Flash Player 8 -- Error 1905.Module C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
failed to unregister. HRESULT -2147220472. Contact your support personnel.

Error - 3/23/2010 7:48:38 PM | Computer Name = LHUTILITY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16981, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/31/2010 1:04:35 AM | Computer Name = LHUTILITY | Source = ESENT | ID = 490
Description = svchost (836) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 3/31/2010 1:04:35 AM | Computer Name = LHUTILITY | Source = ESENT | ID = 439
Description = Catalog Database (836) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb. Error
-1032.

Error - 3/31/2010 1:04:35 AM | Computer Name = LHUTILITY | Source = ESENT | ID = 473
Description = Catalog Database (836) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
was partially detached. Error -1032 encountered updating database headers.

Error - 5/22/2010 7:28:53 AM | Computer Name = LHUTILITY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17023, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/18/2010 5:54:53 PM | Computer Name = LHUTILITY | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 5/18/2010 5:56:20 PM | Computer Name = LHUTILITY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
AvgLdx86
AvgMfx86
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
Fips
hpn
hpt3xx
i2omp
ini910u
mraid35x
OMCI
PCIIde
perc2
perc2hib
Processor
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 5/18/2010 6:00:47 PM | Computer Name = LHUTILITY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/18/2010 6:00:53 PM | Computer Name = LHUTILITY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/18/2010 6:05:26 PM | Computer Name = LHUTILITY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/18/2010 6:57:27 PM | Computer Name = LHUTILITY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/18/2010 6:59:03 PM | Computer Name = LHUTILITY | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 5/18/2010 6:59:38 PM | Computer Name = LHUTILITY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
hpt3xx
i2omp
ini910u
mraid35x
PCIIde
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 5/19/2010 8:38:08 PM | Computer Name = LHUTILITY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
hpt3xx
i2omp
ini910u
mraid35x
PCIIde
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 5/23/2010 8:16:53 PM | Computer Name = LHUTILITY | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000022'
while processing the file 'ndis.sys' on the volume 'HarddiskVolume2'. It has stopped
monitoring the volume.


< End of report >

OTL logfile created on: 5/24/2010 1:58:57 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Susan Hatcher\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 139.00 Mb Available Physical Memory | 27.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 24.35 Gb Free Space | 65.39% Space Free | Partition Type: NTFS
Drive D: | 535.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 119.98 Mb Total Space | 77.79 Mb Free Space | 64.83% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LHUTILITY
Current User Name: Susan Hatcher
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/24 13:57:44 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Susan Hatcher\Desktop\OTL.exe
PRC - [2010/04/21 08:35:47 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/21 08:35:41 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/02 09:05:17 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/16 09:45:56 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/16 09:45:43 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/16 09:43:59 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/28 11:43:40 | 002,097,488 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/09/12 10:35:21 | 000,254,848 | ---- | M] (F5 Networks) -- C:\WINDOWS\SYSTEM32\F5InstallerService.exe
PRC - [2007/03/15 19:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2005/08/30 18:18:30 | 000,025,896 | ---- | M] (Creative Home) -- C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe
PRC - [2002/06/20 07:21:32 | 000,024,651 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
PRC - [2001/09/23 09:14:48 | 000,163,840 | ---- | M] (Netropa Corp.) -- C:\WINDOWS\DellMMKb.exe
PRC - [2001/09/22 16:28:38 | 000,090,112 | ---- | M] (Netropa Corp.) -- C:\Program Files\Netropa\OSD.exe
PRC - [2001/09/04 15:31:50 | 000,655,360 | ---- | M] (Roxio) -- C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2001/08/18 07:00:00 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Speech\SAPISVR.EXE
PRC - [2001/08/06 15:41:48 | 000,028,672 | ---- | M] () -- C:\WINDOWS\Nhksrv.exe
PRC - [2001/02/13 02:58:54 | 000,226,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office10\MSOFFICE.EXE
PRC - [2000/05/03 11:41:06 | 000,225,336 | ---- | M] (Interact Commerce Corporation) -- C:\Program Files\ACT\SideACT.exe
PRC - [1996/06/25 01:00:00 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Greetings Workshop\GWREMIND.EXE


========== Modules (SafeList) ==========

MOD - [2010/05/24 13:57:44 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Susan Hatcher\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/03/16 09:45:43 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2007/09/12 10:35:21 | 000,254,848 | ---- | M] (F5 Networks) [Auto | Running] -- C:\WINDOWS\SYSTEM32\F5InstallerService.exe -- (F5 Networks Component Installer)
SRV - [2004/11/02 17:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe -- (SymWSC)
SRV - [2001/08/10 13:14:14 | 000,192,512 | ---- | M] (Roxio Inc.) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\ImapiRox.exe -- (ImapiService)
SRV - [2001/08/06 15:41:48 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Nhksrv.exe -- (Nhksrv)


========== Driver Services (SafeList) ==========

DRV - [2010/05/23 20:16:56 | 000,030,784 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\egtfvglm.sys -- (egtfvglm)
DRV - [2010/05/20 21:12:34 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ndis.vir -- (NDIS)
DRV - [2010/04/21 08:35:41 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/16 09:45:54 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/16 09:44:00 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/03/22 13:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\elagopro.sys -- (elagopro)
DRV - [2007/03/22 13:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\elaunidr.sys -- (elaunidr)
DRV - [2007/02/22 23:29:01 | 000,028,160 | ---- | M] (F5 Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\urvpndrv.sys -- (urvpndrv)
DRV - [2005/12/15 03:41:20 | 000,010,256 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\urfltw2k.sys -- (f5ipfw)
DRV - [2005/10/30 15:51:00 | 000,052,384 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\slabbus.sys -- (slabbus) CP2101 USB Composite Device driver (WDM)
DRV - [2005/07/28 14:52:18 | 000,123,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/08/04 01:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/03/25 20:36:48 | 000,084,512 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\slabser.sys -- (slabser)
DRV - [2003/07/28 16:19:00 | 001,341,339 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv4)
DRV - [2003/07/28 16:19:00 | 001,341,339 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2002/06/17 05:52:33 | 000,055,216 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Cdr4_xp.sys -- (Cdr4_xp)
DRV - [2002/06/17 05:52:33 | 000,022,713 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys -- (Cdralw2k)
DRV - [2001/09/10 10:43:46 | 000,205,824 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/09/04 16:37:08 | 000,233,344 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.sys -- (cdudf_xp)
DRV - [2001/09/04 15:39:50 | 000,017,990 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Dvd_2k.sys -- (dvd_2K)
DRV - [2001/09/04 15:39:40 | 000,019,702 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mmc_2k.sys -- (mmc_2K)
DRV - [2001/09/04 15:39:28 | 000,078,454 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pwd_2K.sys -- (pwd_2K)
DRV - [2001/08/23 02:33:12 | 000,010,192 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipfilter.sys -- (IPFilter)
DRV - [2001/08/20 11:59:38 | 000,025,472 | ---- | M] (Roxio Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\imapiRox.sys -- (Imapi)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:24 | 000,038,144 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\hpt3xx.sys -- (hpt3xx)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 15:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 14:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\AC97INTC.SYS -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/08/13 19:17:34 | 000,737,973 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\winachcf.sys -- (Winachcf)
DRV - [2001/08/09 18:25:22 | 000,022,608 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wandrv.sys -- (wandrv)
DRV - [2001/06/20 19:32:54 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bvrp_pci.sys -- (bvrp_pci)
DRV - [2001/05/14 18:15:40 | 000,010,368 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2000/10/03 17:18:24 | 000,006,942 | ---- | M] (Netropa Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Msikbd2k.sys -- (Msikbd2k)
DRV - [1999/01/16 08:04:58 | 000,024,704 | ---- | M] (Genius) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\genmmser.sys -- (genmmser) AMOUSE (Serial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://portal.field....htwatchers.com"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/22 08:16:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/03/15 18:21:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.6\extensions\\Components: C:\Program Files\WeightWatchers Browser\components [2008/06/02 00:51:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.6\extensions\\Plugins: C:\Program Files\WeightWatchers Browser\plugins [2010/04/17 09:21:19 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008/03/17 00:01:56 | 000,228,383 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8011 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CaddieSyncLauncher] C:\Program Files\SkyGolf\SkyCaddie Desktop\CaddieSyncLauncher.exe (SkyHawke Inc.)
O4 - HKLM..\Run: [DellTouch] C:\WINDOWS\DellMMKb.exe (Netropa Corp.)
O4 - HKLM..\Run: [gmouse] C:\Amouse\gmouse.exe (KYE Systems Corp.)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe (Sony Electronics Inc.)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe (Sierra Imaging)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder.lnk = C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe (Creative Home)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SideACT!.lnk = C:\Program Files\ACT\SideACT.exe (Interact Commerce Corporation)
O4 - Startup: C:\Documents and Settings\Susan Hatcher\Start Menu\Programs\Startup\Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8 - Extra context menu item: Customize Menu &4 - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms &] - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms &[ - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O9 - Extra 'Tools' menuitem : RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: digital-supply.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: digital-supply.com ([]http in Trusted sites)
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.micros...i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} file://C:/Program Files/F5 VPN/F5_TMP/urxvpn.cab (F5 Networks VPN Manager)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} file://C:/Program Files/F5 VPN/F5_TMP/f5tunsrv.cab (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} file://C:/Program Files/F5 VPN/F5_TMP/InstallerControl.cab (F5 Networks Auto Update)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://207.188.7.150...tzip/RdxIE2.cab (Reg Error: Key error.)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} file://C:/Program Files/F5 VPN/F5_TMP/f5InspectionHost.cab (F5 Networks Policy Agent Host Class)
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} file://C:/Program Files/F5 VPN/F5_TMP/urTermProxy.cab (F5 Networks SSLTunnel)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1144670155500 (MUWebControl Class)
O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} file://C:/Program Files/F5 VPN/F5_TMP/vdeskctrl.cab (F5 Virtual Sandbox Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai....02/cpbrkpie.cab (cpbrkpie Control)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7596.5613541667 (Reg Error: Key error.)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} file://C:/Program Files/F5 VPN/F5_TMP/urxshost.cab (F5 Networks SuperHost Class)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} file://C:/Program Files/F5 VPN/F5_TMP/urxhost.cab (F5 Networks Host Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Susan Hatcher\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/09/20 13:17:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/03/31 08:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{6c7a2643-fb01-11d5-9837-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{6c7a2643-fb01-11d5-9837-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6c7a2643-fb01-11d5-9837-806d6172696f}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2003/03/31 08:00:00 | 001,310,720 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (bootdelete) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2001/12/11 19:10:34 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/24 13:57:44 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Susan Hatcher\Desktop\OTL.exe
[2010/05/23 22:14:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/23 22:13:10 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/23 22:08:32 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Susan Hatcher\Desktop\TFC.exe
[2010/05/23 21:01:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan Hatcher\Application Data\DriverCure
[2010/05/23 21:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010/05/23 21:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/05/23 21:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/05/23 21:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2010/05/23 20:16:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/05/22 09:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan Hatcher\My Documents\Copy of Trips
[2010/05/22 09:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan Hatcher\My Documents\Copy of Recipies
[2010/05/22 09:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan Hatcher\My Documents\Copy of PWGA
[2010/05/22 09:22:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan Hatcher\My Documents\Copy of XM Firmware Release Notes
[2010/05/22 09:22:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan Hatcher\My Documents\Copy of WebSend
[2010/05/22 09:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan Hatcher\My Documents\Copy of jokes
[2010/05/22 09:21:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan Hatcher\My Documents\Copy of Enline
[2010/05/22 09:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan Hatcher\My Documents\Copy of Copy of Business
[2010/05/22 09:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan Hatcher\My Documents\Copy of Copy of ACT
[2010/05/22 09:14:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan Hatcher\My Documents\Copy of CCLGA
[2010/05/22 09:13:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan Hatcher\My Documents\Copy of 06 Invitational
[2010/05/19 20:29:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Susan Hatcher\My Documents\Copy of My Pictures
[2010/05/19 20:29:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Susan Hatcher\My Documents\Copy of My Music
[2010/05/19 20:29:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan Hatcher\My Documents\Copy of My eBooks
[2010/05/19 20:29:07 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Susan Hatcher\My Documents\Copy of My Data Sources
[2010/05/19 20:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan Hatcher\My Documents\Copy of Business
[2010/05/18 18:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/05/18 18:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/05/18 16:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan Hatcher\Application Data\Malwarebytes
[2010/05/18 16:44:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/18 16:44:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/18 16:44:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/18 16:44:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/07 21:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2010/04/02 11:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2010/04/02 11:02:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/04/02 10:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/04/02 10:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/03/16 18:45:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan Hatcher\Application Data\SkyGolf
[2010/03/16 09:45:55 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/28 12:23:54 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/02/28 12:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\Documents and Settings\Susan Hatcher\My Documents\*.tmp files -> C:\Documents and Settings\Susan Hatcher\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/24 13:57:44 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Susan Hatcher\Desktop\OTL.exe
[2010/05/24 10:11:55 | 000,000,424 | ---- | M] () -- C:\Documents and Settings\Susan Hatcher\Desktop\Security essentials 2010.lnk
[2010/05/24 10:05:31 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Susan Hatcher\My Documents\~$HELP.doc
[2010/05/24 09:52:48 | 060,322,973 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/24 00:33:17 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2010/05/23 22:08:32 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Susan Hatcher\Desktop\TFC.exe
[2010/05/23 22:03:20 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Susan Hatcher\My Documents\HELP.doc
[2010/05/23 21:04:13 | 000,000,864 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ParetoLogic DriverCure.lnk
[2010/05/23 21:01:14 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/05/23 21:01:08 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure.job
[2010/05/23 20:08:04 | 000,000,269 | ---- | M] () -- C:\WINDOWS\MSIOSD.INI
[2010/05/23 15:20:05 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Susan Hatcher\My Documents\avg.doc
[2010/05/22 09:49:34 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\Susan Hatcher\NTUSER.DAT
[2010/05/21 07:03:06 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Susan Hatcher\My Documents\About virus.doc
[2010/05/20 21:07:32 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/05/20 21:07:21 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/20 21:07:17 | 000,000,312 | ---- | M] () -- C:\WINDOWS\MMKEYBD.INI
[2010/05/20 21:06:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/20 21:06:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/05/20 21:06:20 | 535,904,256 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/19 21:49:24 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Susan Hatcher\NTUSER.INI
[2010/05/18 19:11:10 | 004,313,290 | -H-- | M] () -- C:\Documents and Settings\Susan Hatcher\Local Settings\Application Data\IconCache.db
[2010/05/18 18:57:13 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Susan Hatcher\My Documents\Malwarebytes.doc
[2010/05/18 18:05:31 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/05/18 16:44:16 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/18 11:15:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\8855.exe
[2010/05/18 10:54:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2437.exe
[2010/05/18 10:34:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21238.exe
[2010/05/18 10:14:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\7719.exe
[2010/05/18 09:54:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\38.exe
[2010/05/17 19:40:04 | 000,079,629 | ---- | M] () -- C:\Documents and Settings\Susan Hatcher\My Documents\Costa Rica Auction June 5.pdf
[2010/05/14 13:36:49 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Susan Hatcher\My Documents\Auction of C trees.doc
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/22 08:49:15 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Susan Hatcher\My Documents\Roosevelt The Famous Quote.doc
[2010/04/22 08:17:03 | 000,366,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/21 08:35:41 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/17 14:55:39 | 000,116,256 | ---- | M] () -- C:\Documents and Settings\Susan Hatcher\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/17 12:14:11 | 000,116,256 | ---- | M] () -- C:\Documents and Settings\Susan Hatcher\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/17 09:21:20 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/16 09:10:09 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Susan Hatcher\My Documents\Notice of Appeal Letter Buckland Farm Case.doc
[2010/04/15 01:10:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/11 13:56:07 | 000,093,696 | ---- | M] () -- C:\Documents and Settings\Susan Hatcher\My Documents\Netbook laptop buying issues.doc
[2010/04/02 10:30:08 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/03/17 18:29:36 | 000,032,507 | ---- | M] () -- C:\Documents and Settings\Susan Hatcher\My Documents\pwga GCC sign up.pdf
[2010/03/16 18:45:54 | 000,000,965 | ---- | M] () -- C:\Documents and Settings\Susan Hatcher\Desktop\CaddieSync.lnk
[2010/03/16 09:45:55 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/16 09:45:54 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/16 09:44:00 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/15 18:38:19 | 000,358,194 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/15 18:38:19 | 000,312,946 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/03/15 18:38:19 | 000,040,664 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/03/15 18:21:19 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/03/10 06:23:27 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Susan Hatcher\My Documents\Roster Starmount 2010.doc
[2010/03/10 06:20:08 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Susan Hatcher\My Documents\Roster Forest Oaks 2010.doc
[2010/03/10 06:19:03 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Susan Hatcher\My Documents\Roster Cedarbrook 2010.doc
[2010/03/10 06:18:13 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Susan Hatcher\My Documents\Roster Alamance 2010.doc
[2010/03/05 18:27:59 | 000,248,832 | ---- | M] () -- C:\Documents and Settings\Susan Hatcher\My Documents\Piedmont Handbook 10.pub
[2010/03/05 18:21:59 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Susan Hatcher\My Documents\Roster Pine Brook 2010.doc
[2010/03/03 12:58:13 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Susan Hatcher\My Documents\Roster Pinewood 2010.doc
[2010/03/03 12:57:28 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Susan Hatcher\My Documents\Roster Greensboro 2010.doc
[2010/03/03 10:55:05 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Susan Hatcher\My Documents\Roster Sapona 2010.doc
[2010/03/02 20:38:55 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Susan Hatcher\My Documents\Roster Colonial 2010.doc
[2010/03/02 20:37:04 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Susan Hatcher\My Documents\PWGA Handbook checklist by club.doc
[2010/03/02 20:34:30 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Susan Hatcher\My Documents\Roster Sedgefield 2010.doc
[2010/03/02 12:08:36 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Susan Hatcher\My Documents\Roster High Point 2010.doc
[2010/03/02 11:59:25 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Susan Hatcher\My Documents\Roster Cross Creek 2010.doc
[2010/02/28 12:23:09 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/28 12:23:06 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\Documents and Settings\Susan Hatcher\My Documents\*.tmp files -> C:\Documents and Settings\Susan Hatcher\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/24 10:05:31 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Susan Hatcher\My Documents\~$HELP.doc
[2010/05/23 22:03:20 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Susan Hatcher\My Documents\HELP.doc
[2010/05/23 21:01:14 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/05/23 21:01:08 | 000,000,396 | ---- | C] () -- C:\WINDOWS\tasks\DriverCure.job
[2010/05/23 21:01:05 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2010/05/23 21:01:02 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ParetoLogic DriverCure.lnk
[2010/05/23 15:20:04 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Susan Hatcher\My Documents\avg.doc
[2010/05/23 14:03:40 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2010/05/21 07:03:06 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Susan Hatcher\My Documents\About virus.doc
[2010/05/18 18:58:38 | 535,904,256 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/18 18:57:13 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Susan Hatcher\My Documents\Malwarebytes.doc
[2010/05/18 18:01:34 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/18 18:01:05 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/05/18 16:44:16 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/18 11:15:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\8855.exe
[2010/05/18 10:54:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\2437.exe
[2010/05/18 10:34:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\21238.exe
[2010/05/18 10:14:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\7719.exe
[2010/05/18 09:54:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\38.exe
[2010/05/18 09:37:23 | 000,000,424 | ---- | C] () -- C:\Documents and Settings\Susan Hatcher\Desktop\Security essentials 2010.lnk
[2010/05/17 19:40:04 | 000,079,629 | ---- | C] () -- C:\Documents and Settings\Susan Hatcher\My Documents\Costa Rica Auction June 5.pdf
[2010/05/14 13:36:47 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Susan Hatcher\My Documents\Auction of C trees.doc
[2010/04/22 08:49:14 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Susan Hatcher\My Documents\Roosevelt The Famous Quote.doc
[2010/04/15 09:38:50 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Susan Hatcher\My Documents\Notice of Appeal Letter Buckland Farm Case.doc
[2010/04/11 13:56:07 | 000,093,696 | ---- | C] () -- C:\Documents and Settings\Susan Hatcher\My Documents\Netbook laptop buying issues.doc
[2010/04/02 11:10:03 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/02 10:30:08 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/03/17 18:29:36 | 000,032,507 | ---- | C] () -- C:\Documents and Settings\Susan Hatcher\My Documents\pwga GCC sign up.pdf
[2010/03/16 18:45:54 | 000,000,965 | ---- | C] () -- C:\Documents and Settings\Susan Hatcher\Desktop\CaddieSync.lnk
[2010/03/02 11:59:25 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Susan Hatcher\My Documents\Roster Cross Creek 2010.doc
[2010/02/28 12:23:09 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2008/02/15 23:28:43 | 000,000,061 | R--- | C] () -- C:\WINDOWS\System32\uninstall.ini
[2006/01/25 21:24:29 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/04/12 21:30:11 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2002/03/16 10:09:40 | 000,000,515 | ---- | C] () -- C:\WINDOWS\TrpMaker.INI
[2002/03/16 10:09:40 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Winhelp.INI
[2002/03/16 10:08:59 | 000,011,136 | ---- | C] () -- C:\WINDOWS\System32\FPRUN300.DLL
[2002/01/20 12:42:21 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/01/17 16:54:19 | 000,000,132 | ---- | C] () -- C:\WINDOWS\Maxlink.ini
[2002/01/17 16:54:19 | 000,000,130 | ---- | C] () -- C:\WINDOWS\pagesuit.ini
[2002/01/17 16:54:15 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2002/01/17 10:10:04 | 000,001,100 | ---- | C] () -- C:\WINDOWS\BTH.INI
[2002/01/04 20:56:12 | 000,000,064 | ---- | C] () -- C:\WINDOWS\PPTVIEW.INI
[2002/01/04 20:56:01 | 000,000,267 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2001/12/11 19:50:00 | 000,000,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2001/12/11 19:29:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2001/12/11 19:26:15 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\saverrc.dll
[2001/12/11 19:25:11 | 000,000,312 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2001/12/11 19:25:11 | 000,000,269 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
[2001/12/11 19:25:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2001/12/11 19:25:09 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2001/12/11 19:25:00 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2001/12/11 19:24:43 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2001/12/11 19:24:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2001/12/11 19:20:36 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2001/09/20 14:08:48 | 000,000,884 | ---- | C] () -- C:\WINDOWS\LRUN32.INI
[2001/09/20 13:27:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2001/08/10 13:14:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ImapiRoxPS.dll

========== LOP Check ==========

[2010/05/17 18:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/05/18 16:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/23 21:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/05/18 18:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/05/23 21:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2007/09/06 00:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PokerAcademyPro2
[2001/12/11 19:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra Imaging
[2008/02/15 23:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SkyGolf
[2010/05/23 21:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan Hatcher\Application Data\DriverCure
[2001/12/28 10:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan Hatcher\Application Data\InterTrust
[2004/07/26 21:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan Hatcher\Application Data\MailWasher
[2007/09/06 00:31:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan Hatcher\Application Data\PokerAcademyPro2
[2010/03/16 18:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan Hatcher\Application Data\SkyGolf
[2010/05/23 21:01:08 | 000,000,396 | ---- | M] () -- C:\WINDOWS\Tasks\DriverCure.job
[2010/05/23 21:01:14 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2010/05/24 00:33:17 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2001/09/20 13:17:36 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2004/12/19 20:51:31 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2001/09/20 12:56:14 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2001/09/20 13:17:36 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2001/12/11 20:02:12 | 000,003,297 | RH-- | M] () -- C:\DELL.SDR
[2010/05/20 21:06:20 | 535,904,256 | -HS- | M] () -- C:\hiberfil.sys
[2001/09/20 13:17:36 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2001/12/11 19:27:20 | 000,000,128 | -H-- | M] () -- C:\IPH.PH
[2001/09/20 13:17:36 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/12/19 20:39:53 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/22 12:04:34 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2006/04/22 16:02:56 | 000,000,548 | -H-- | M] () -- C:\os432565.bin
[2010/05/20 21:06:19 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/03/11 08:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtmsft.dll
[2010/03/11 08:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtrans.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2001/09/20 13:08:12 | 000,090,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2001/09/20 13:08:12 | 000,606,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2001/09/20 13:08:12 | 000,385,024 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /180 >
[2010/03/16 09:44:00 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys
[2010/03/16 09:45:54 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys
[2010/04/21 08:35:41 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys
[2010/05/23 20:16:56 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\egtfvglm.sys
[2010/05/20 21:07:21 | 000,015,944 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\hitmanpro35.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mrxsmb.sys
[2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\srv.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\setupapi.log: SummaryInformation
@Alternate Data Stream - 708 bytes -> C:\WINDOWS\System32\drivers\egtfvglm.sys:changelist
< End of report >

Last MBAM report
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4113

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

5/19/2010 8:34:10 PM
mbam-log-2010-05-19 (20-34-10).txt

Scan type: Full scan (C:\|)
Objects scanned: 208291
Time elapsed: 1 hour(s), 46 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ipsecndis.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Drivers\ntndis.sys (Rootkit.Agent) -> Delete on reboot.
  • 0

Advertisements

#2
Rorschach112
Posted 24 May 2010 - 12:32 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#3
deemon
Posted 24 May 2010 - 04:36 PM

deemon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Wow now after running the suggested file the modem shut down. It is still there but when I tried to open IE it said no internet connection.
I am sending this from my laptop. So I can't send the log until I fix this.
  • 0

#4
Rorschach112
Posted 24 May 2010 - 05:06 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
I left you instructions in your PM

Try keep all your questions here please
  • 0

#5
deemon
Posted 24 May 2010 - 05:09 PM

deemon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
How do I do that manually? I have tried the ways I know how by enabling it. I missed something.
Deemon
  • 0

#6
Rorschach112
Posted 24 May 2010 - 05:10 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
did you do this ?


ComboFix will disconnect the machine from the internet, this prevents fresh malware from coming in.
The connection shall be restored once ComboFix gets to the Find3M stage.
In the event that ComboFix terminates prematurely you can manually restore the connection by ...
* Going to Control Panel > Network Connections.
* Right click on their Network icons & select "Repair"

Posted Image

Alternately, if the Network icon appears in the notification area in the lower right corner of Desktop, right-click it, and then click Repair from the shortcut menu.

Posted Image



If that fails, do this


Please go to Start > Control Panel > Network and Internet Connections > Network Connections. Then right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using dial-up, and left-click on the Properties option. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says "Obtain DNS servers automatically". Click OK twice, and restart your computer.




Go to Start > Run.... In the Open: field type cmd and press the OK button. This will open a Command Prompt.
Type or copy & paste the entire contents inside the QUOTE box below into the command window:

ipconfig /flushdns

Hit Enter and exit the Command Prompt.



Go to Start then to run
type in Cmd and click Enter
Type in ipconfig /release all then click enter
Now type in ipconfig /renew all and click Enter
  • 0

#7
deemon
Posted 24 May 2010 - 05:13 PM

deemon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Boy I feel really dumb. I have never used this site and I don't know what a PM is.
Deemon
  • 0

#8
Rorschach112
Posted 24 May 2010 - 05:16 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
sorry, PM = private message

keep all your questions in this topic, its easier for me

try my above post
  • 0

#9
deemon
Posted 24 May 2010 - 05:31 PM

deemon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
1st Network connections has my broadband to my server but rt click gives connect, cancel as default connection, crete copy, delete,rename, and properties as options. I was unable to do second suggestion and when I tried to enter command prompt cmd nothing can be typed and ok button in window is dim. deemon
  • 0

#10
Rorschach112
Posted 24 May 2010 - 05:32 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
got your windows cd ?
  • 0

Advertisements

#11
deemon
Posted 24 May 2010 - 05:32 PM

deemon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Sorry about the PM - will keep it all in post.
Deemon
  • 0

#12
deemon
Posted 24 May 2010 - 05:34 PM

deemon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
No. That was in my original post. It was damaged by kids.
  • 0

#13
Rorschach112
Posted 24 May 2010 - 05:35 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
going to have to send you to the techs to fix your net problem

make a topic here

http://www.geekstogo...2003-NT-f5.html

tell them I sent you over and explain your net problem


when you get back online, return here
  • 0

#14
deemon
Posted 24 May 2010 - 05:36 PM

deemon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Will do. Thanks so much.
Deemon
  • 0

#15
Rorschach112
Posted 25 May 2010 - 07:14 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
no problem
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP