Jump to content


Photo

[RESOLVED] Trojan made computer act crazy


  • You cannot start a new topic
  • Please log in to reply
41 replies to this topic

#21 claramaecallie

claramaecallie

    Member

  • Topic Starter
  • Members
  • 54 posts
  • 3 topics
    • :
  • Joined November 07, 2010
  • Skin: IP.Board
  • Local time: 07:47 AM
  • Zodiac:Aquarius
  • OS:Windows XP
  • Country:
Offline

Posted 08 November 2010 - 02:02 AM

OTL Extras logfile created on: 11/7/2010 7:47:32 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Richardson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

223.00 Mb Total Physical Memory | 103.00 Mb Available Physical Memory | 46.00% Memory free
547.00 Mb Paging File | 167.00 Mb Available in Paging File | 31.00% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 21.73 Gb Free Space | 58.31% Space Free | Partition Type: NTFS
Drive D: | 540.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: RICHARSO-B64CA6 | User Name: Richardson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htafile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [edit] -- Reg Error: Key error.
jsfile [print] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{120AC2FF-EEDF-42C6-ACB5-95E533D0D41D}" = MSN Toolbar
"{15FE4D77-D717-4632-8EA8-B6BB258CFC7D}" = Wal-Mart® Mini Movie
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{24A71701-4BFD-4228-97B3-7D739195EC67}" = Walmart Digital Photo Manager
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{45FC15ED-1713-4394-ACDF-866E23F46F46}" = 1300_Help
"{4E03E0F0-9530-4D74-A6EE-0FF134EBA6F0}" = 1300Trb
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5D112C61-C8D0-4718-8DD7-B9115EB9AF90}" = LogMeIn
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9738780E-5865-44C5-8E5C-817F68AA823C}" = Family Tree Maker 2008 Lite
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A8C3083C-A1C1-4248-B0E2-14A7D9F2E9EF}" = BCL easyConverter SDK 1.0.0 Module
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BA9A0063-68B5-47B3-91EA-214AD5B79EFB}" = 1300
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A978A3-CAE4-4856-89D5-696498A7B8F7}" = HPODiscovery
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{E031338C-839D-4EDD-9537-99B653C39D81}" = Autodesk MapGuide® Viewer ActiveX Control Release 6.5
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FCC3BD6A-F118-475D-8748-7EE08EA0AF56}" = HDView for Internet Explorer
"20,000 Recipes" = 20,000 Recipes
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AnswerWorks" = AnswerWorks Runtime
"Best of Slots II" = Best of Slots II
"Corel Applications" = Corel Applications
"Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
"Family Tree Maker 2008 Lite" = Family Tree Maker 2008 Lite
"HP Photo & Imaging" = HP Image Zone 4.2
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Masque Slots - IGT and MultiPlay Video Poker" = Masque Slots - IGT and MultiPlay Video Poker
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSNINST" = MSN
"Nero PhotoShow Express" = Nero PhotoShow Express
"NeroMultiInstaller!UninstallKey" = Nero Suite
"PPTView97" = Microsoft PowerPoint Viewer 97
"RKU" = Rootkit Unhooker Uninstall
"SolSuite" = SolSuite
"VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"WebPost" = Web Publishing Wizard
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/7/2010 11:52:08 AM | Computer Name = RICHARSO-B64CA6 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.1.6805.0, P3 timeout, P4 1.1.6301.0, P5 local, P6 unspecified, P7 unspecified,
P8 NIL, P9 NIL, P10 NIL.

Error - 11/7/2010 12:22:31 PM | Computer Name = RICHARSO-B64CA6 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/7/2010 12:25:17 PM | Computer Name = RICHARSO-B64CA6 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 11/7/2010 5:29:53 PM | Computer Name = RICHARSO-B64CA6 | Source = MatSvc | ID = 262153
Description = The MATS service encountered a failure when diagnosing problems. hr=0x803C0101
SAP
folder: C:\Program Files\Microsoft Fix it Center\SAPFolder\Scheduled\DDA435FA-6E05-4DBF-80FE-C4EBE882E798.18


Error - 11/7/2010 5:30:07 PM | Computer Name = RICHARSO-B64CA6 | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0x803C0101 .

Error - 11/7/2010 5:32:44 PM | Computer Name = RICHARSO-B64CA6 | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 11/7/2010 5:42:01 PM | Computer Name = RICHARSO-B64CA6 | Source = Application Error | ID = 1000
Description = Faulting application dh56z598.exe, version 1.0.15.15507, faulting
module dh56z598.exe, version 1.0.15.15507, fault address 0x00067719.

Error - 11/7/2010 8:32:57 PM | Computer Name = RICHARSO-B64CA6 | Source = MatSvc | ID = 262153
Description = The MATS service encountered a failure when diagnosing problems. hr=0x803C0101
SAP
folder: C:\Program Files\Microsoft Fix it Center\SAPFolder\Scheduled\DDA435FA-6E05-4DBF-80FE-C4EBE882E798.18


Error - 11/7/2010 8:33:14 PM | Computer Name = RICHARSO-B64CA6 | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0x803C0101 .

Error - 11/7/2010 8:36:36 PM | Computer Name = RICHARSO-B64CA6 | Source = MSSecurityEssentials | ID = 5000
Description =

[ System Events ]
Error - 11/7/2010 8:43:06 PM | Computer Name = RICHARSO-B64CA6 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/7/2010 8:43:06 PM | Computer Name = RICHARSO-B64CA6 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/7/2010 8:43:06 PM | Computer Name = RICHARSO-B64CA6 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/7/2010 8:43:07 PM | Computer Name = RICHARSO-B64CA6 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/7/2010 8:43:07 PM | Computer Name = RICHARSO-B64CA6 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/7/2010 8:43:07 PM | Computer Name = RICHARSO-B64CA6 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/7/2010 8:43:07 PM | Computer Name = RICHARSO-B64CA6 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/7/2010 8:43:07 PM | Computer Name = RICHARSO-B64CA6 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/7/2010 8:43:07 PM | Computer Name = RICHARSO-B64CA6 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/7/2010 8:48:35 PM | Computer Name = RICHARSO-B64CA6 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.


< End of report >
OTL logfile created on: 11/7/2010 7:47:32 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Richardson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

223.00 Mb Total Physical Memory | 103.00 Mb Available Physical Memory | 46.00% Memory free
547.00 Mb Paging File | 167.00 Mb Available in Paging File | 31.00% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 21.73 Gb Free Space | 58.31% Space Free | Partition Type: NTFS
Drive D: | 540.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: RICHARSO-B64CA6 | User Name: Richardson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/07 19:45:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richardson\Desktop\OTL.exe
PRC - [2010/09/27 13:49:10 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/09/27 13:47:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/05/31 10:31:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/05/31 10:31:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/04/10 16:05:58 | 000,266,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/25 21:40:42 | 000,203,312 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2009/06/20 15:46:11 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2010/11/07 19:45:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richardson\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/27 13:49:10 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/09/27 13:47:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/05/31 10:31:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/04/10 16:05:58 | 000,266,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\CrucialSMBusScan_XP32.sys -- (CrucialSMBusScan)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/09/27 13:50:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/05/31 10:31:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/05/31 10:31:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2004/08/03 17:29:52 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3SavageNB)
DRV - [2004/03/17 15:22:58 | 000,117,248 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viaudios.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://by142w.bay142...x?wa=wsignin1.0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/01/16 16:14:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/16 18:48:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/09 09:35:18 | 000,000,000 | ---D | M]

[2009/10/11 20:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richardson\Application Data\Mozilla\Extensions
[2010/11/07 06:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richardson\Application Data\Mozilla\Firefox\Profiles\mmpyx1id.default\extensions
[2009/10/11 20:29:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Richardson\Application Data\Mozilla\Firefox\Profiles\mmpyx1id.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/05/26 09:01:35 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Richardson\Application Data\Mozilla\Firefox\Profiles\mmpyx1id.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/12/28 10:32:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/16 16:15:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com

O1 HOSTS File: ([2010/11/07 18:49:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1008.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1008.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1156901199625 (WUWebControl Class)
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} http://ak.imgag.com/...tall/AxCtp2.cab (Create & Print ActiveX Plug-in)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: PackageCab http://www.imgag.com...tall/AxCtp2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.177.176.38 97.81.22.195 24.178.162.3
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Richardson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Richardson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/30 10:01:28 | 000,001,182 | ---- | M] () - C:\autobio -- [ NTFS ]
O32 - AutoRun File - [2006/08/29 20:02:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1996/05/23 03:55:00 | 000,041,472 | R--- | M] (Sierra On-Line Inc.) - D:\AUTOPLAY.EXE -- [ CDFS ]
O32 - AutoRun File - [1997/07/16 08:19:12 | 000,000,588 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/07 19:46:07 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/11/07 19:45:06 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Richardson\Desktop\OTL.exe
[2010/11/07 18:54:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/11/07 18:38:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/07 18:35:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/07 18:35:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/07 18:35:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/07 18:35:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/07 18:35:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/07 18:34:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/07 18:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richardson\Desktop\tdsskiller
[2010/11/07 17:57:54 | 000,000,000 | ---D | C] -- C:\RkUnhooker
[2010/11/07 17:57:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richardson\Desktop\RkU37300505
[2010/11/07 06:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/11/06 22:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\LogMeIn
[2010/11/06 22:18:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn
[2010/11/06 21:09:23 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Richardson\Desktop\TFC.exe
[2010/11/06 20:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richardson\Application Data\Malwarebytes
[2010/11/06 19:57:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/06 19:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/06 19:57:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/06 19:57:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/06 19:56:03 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Richardson\My Documents\mbam-setup-1.46.exe
[2010/11/06 18:01:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richardson\Local Settings\Application Data\FixItCenter
[2010/11/06 17:47:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS
[2010/11/06 17:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2010/11/06 17:46:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/11/05 07:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richardson\Local Settings\Application Data\LogMeIn
[2010/11/05 07:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/11/05 07:49:49 | 000,029,568 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2010/11/05 07:49:48 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2010/11/05 07:49:48 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
[2010/11/05 07:49:00 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2010/11/05 07:48:11 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2010/11/05 07:33:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richardson\Local Settings\Application Data\Deployment
[2010/10/18 08:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegWork
[2010/10/18 07:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\RegTask
[2010/10/18 07:50:48 | 000,348,520 | ---- | C] (Time Pioneer Limited ) -- C:\Documents and Settings\Richardson\My Documents\RegtaskTool_Installer.exe
[2010/10/18 07:45:12 | 005,969,744 | ---- | C] (Weskysoft Inc. ) -- C:\Documents and Settings\Richardson\My Documents\PerfectOptimizer_V52.exe
[2010/10/16 11:53:14 | 000,000,000 | ---D | C] -- C:\laurel
[2010/10/11 07:58:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richardson\My Documents\NeroVision

========== Files - Modified Within 30 Days ==========

[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/07 19:45:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richardson\Desktop\OTL.exe
[2010/11/07 19:44:27 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/07 19:33:17 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2010/11/07 19:33:14 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/07 19:31:43 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/07 19:28:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/07 19:28:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/07 19:28:25 | 234,409,984 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/07 18:49:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/07 18:38:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/07 18:33:47 | 003,905,709 | R--- | M] () -- C:\Documents and Settings\Richardson\Desktop\ComboFix.exe
[2010/11/07 18:25:54 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/11/07 18:07:01 | 001,213,675 | ---- | M] () -- C:\Documents and Settings\Richardson\Desktop\tdsskiller.zip
[2010/11/07 17:56:48 | 000,158,300 | ---- | M] () -- C:\Documents and Settings\Richardson\Desktop\RkU37300505.zip
[2010/11/07 10:58:32 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2010/11/07 10:48:19 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Richardson\My Documents\hank & gail.xps
[2010/11/07 06:41:31 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/11/07 06:29:22 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 06:29:22 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/07 06:26:17 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/11/06 21:27:43 | 000,001,724 | ---- | M] () -- C:\Documents and Settings\Richardson\Desktop\smartest computing info.rtf
[2010/11/06 21:10:46 | 000,629,248 | ---- | M] () -- C:\Documents and Settings\Richardson\Desktop\dds.scr
[2010/11/06 21:10:25 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Richardson\Desktop\MBRCheck.exe
[2010/11/06 21:09:59 | 000,295,424 | ---- | M] () -- C:\Documents and Settings\Richardson\Desktop\dh56z598.exe
[2010/11/06 21:09:24 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richardson\Desktop\TFC.exe
[2010/11/06 19:57:45 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/06 19:56:10 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Richardson\My Documents\mbam-setup-1.46.exe
[2010/11/06 17:47:37 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2010/11/05 11:42:32 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RegTask.job
[2010/11/05 09:48:37 | 002,359,350 | ---- | M] () -- C:\log me in intro.wpd
[2010/11/05 08:10:25 | 000,693,552 | ---- | M] () -- C:\LogMeIn - LogMeIn Pro² Support.mht
[2010/11/05 07:48:57 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/11/03 12:44:09 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010/10/28 11:23:27 | 000,000,284 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2010/10/27 12:17:18 | 000,016,528 | ---- | M] () -- C:\Marriage_accoerding_to_kids.wpd
[2010/10/23 13:29:17 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\Class11
[2010/10/23 13:29:17 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\Band4
[2010/10/22 13:06:47 | 000,000,047 | ---- | M] () -- C:\WINDOWS\winhlp32.ini
[2010/10/22 13:05:56 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/10/18 07:50:49 | 000,348,520 | ---- | M] (Time Pioneer Limited ) -- C:\Documents and Settings\Richardson\My Documents\RegtaskTool_Installer.exe
[2010/10/18 07:45:21 | 005,969,744 | ---- | M] (Weskysoft Inc. ) -- C:\Documents and Settings\Richardson\My Documents\PerfectOptimizer_V52.exe
[2010/10/13 07:28:52 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/13 02:09:57 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2010/11/07 19:28:25 | 234,409,984 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/07 18:38:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/11/07 18:38:21 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/07 18:35:24 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/07 18:35:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/07 18:35:24 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/07 18:35:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/07 18:35:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/07 18:33:03 | 003,905,709 | R--- | C] () -- C:\Documents and Settings\Richardson\Desktop\ComboFix.exe
[2010/11/07 18:25:54 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/11/07 18:06:45 | 001,213,675 | ---- | C] () -- C:\Documents and Settings\Richardson\Desktop\tdsskiller.zip
[2010/11/07 17:56:31 | 000,158,300 | ---- | C] () -- C:\Documents and Settings\Richardson\Desktop\RkU37300505.zip
[2010/11/07 10:48:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Richardson\My Documents\hank & gail.xps
[2010/11/07 06:47:17 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/07 06:41:31 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/11/06 21:27:43 | 000,001,724 | ---- | C] () -- C:\Documents and Settings\Richardson\Desktop\smartest computing info.rtf
[2010/11/06 21:10:45 | 000,629,248 | ---- | C] () -- C:\Documents and Settings\Richardson\Desktop\dds.scr
[2010/11/06 21:10:25 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Richardson\Desktop\MBRCheck.exe
[2010/11/06 21:09:56 | 000,295,424 | ---- | C] () -- C:\Documents and Settings\Richardson\Desktop\dh56z598.exe
[2010/11/06 19:57:45 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/06 17:58:54 | 000,000,616 | -H-- | C] () -- C:\WINDOWS\tasks\ConfigExec.job
[2010/11/06 17:58:54 | 000,000,580 | -H-- | C] () -- C:\WINDOWS\tasks\DataUpload.job
[2010/11/06 17:47:37 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2010/11/05 09:48:36 | 002,359,350 | ---- | C] () -- C:\log me in intro.wpd
[2010/11/05 08:10:23 | 000,693,552 | ---- | C] () -- C:\LogMeIn - LogMeIn Pro² Support.mht
[2010/11/05 07:48:53 | 000,001,024 | ---- | C] () -- C:\.rnd
[2010/10/28 11:22:37 | 000,000,284 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2010/10/27 12:22:46 | 000,016,528 | ---- | C] () -- C:\Marriage_accoerding_to_kids.wpd
[2010/10/23 13:29:17 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\Class11
[2010/10/23 13:29:17 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\Band4
[2010/10/18 07:54:23 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RegTask.job
[2010/01/30 10:29:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\qpw.INI
[2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2010/01/19 08:01:56 | 000,417,792 | ---- | C] () -- C:\WINDOWS\System32\fxdb.dll
[2010/01/19 08:01:00 | 001,213,440 | ---- | C] () -- C:\WINDOWS\System32\opengl.dll
[2010/01/19 08:01:00 | 000,315,904 | ---- | C] () -- C:\WINDOWS\System32\glu.dll
[2010/01/19 08:01:00 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\glut.dll
[2009/11/19 13:02:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2009/10/15 10:16:48 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2009/04/12 16:48:17 | 000,000,734 | ---- | C] () -- C:\WINDOWS\sshot.ini
[2009/04/12 16:45:03 | 000,000,135 | ---- | C] () -- C:\WINDOWS\PTMAIL.INI
[2009/04/12 16:45:03 | 000,000,069 | ---- | C] () -- C:\WINDOWS\Parsons.ini
[2009/04/11 10:04:08 | 000,000,043 | ---- | C] () -- C:\WINDOWS\dmodeler.ini
[2009/03/05 12:07:39 | 000,150,016 | ---- | C] () -- C:\WINDOWS\CRLASP95.DLL
[2009/03/05 12:06:43 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\NCSPI8EN.DLL
[2009/03/05 12:06:30 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL
[2009/03/05 12:06:29 | 000,022,480 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI16.DLL
[2008/12/25 13:59:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TEXTART.INI
[2008/05/08 09:17:34 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PHOTOS~2.INI
[2008/01/16 19:02:31 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Richardson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/18 09:52:17 | 000,000,028 | ---- | C] () -- C:\WINDOWS\SWIFTREC.INI
[2007/10/20 10:53:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\PROGMAN.INI
[2007/06/19 13:23:03 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/02 11:51:05 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2007/06/02 11:46:01 | 000,000,046 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/04/25 22:13:22 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/03/30 11:43:12 | 000,000,116 | ---- | C] () -- C:\WINDOWS\chess.ini
[2006/11/30 22:48:49 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/09/22 09:50:54 | 000,000,113 | ---- | C] () -- C:\WINDOWS\SYMGAMES.INI
[2006/08/31 18:10:22 | 000,005,364 | ---- | C] () -- C:\Documents and Settings\Richardson\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/08/31 18:10:22 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/08/30 17:12:09 | 000,000,827 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/08/30 09:25:28 | 000,000,047 | ---- | C] () -- C:\WINDOWS\winhlp32.ini
[2006/08/30 09:23:46 | 000,017,552 | ---- | C] () -- C:\WINDOWS\System32\TTYTWIN.DRV
[2006/08/30 07:46:07 | 000,002,827 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/08/29 20:40:15 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2006/08/29 20:20:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/29 12:15:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/17 17:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[1999/08/11 23:00:00 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1999/08/11 23:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1999/08/11 23:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1999/08/11 23:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1996/07/01 10:12:46 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\GNNPOST.DLL
[1996/06/18 13:44:44 | 000,068,936 | ---- | C] () -- C:\WINDOWS\System32\AOLTCP16.DLL
[1996/06/03 09:20:04 | 000,007,328 | ---- | C] () -- C:\WINDOWS\System32\GAUGE.DLL

========== LOP Check ==========

[2009/02/14 08:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/11/06 22:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/02/13 14:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/10/18 08:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegWork
[2010/09/06 10:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2008/02/04 10:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/29 20:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wal-Mart
[2009/02/13 14:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richardson\Application Data\DriverCure
[2007/06/13 11:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richardson\Application Data\InterTrust
[2007/09/17 14:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richardson\Application Data\Leadertech
[2006/09/03 11:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richardson\Application Data\MSNInstaller
[2009/03/09 11:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richardson\Application Data\OpenOffice.org
[2006/09/14 11:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richardson\Application Data\Simple Star
[2006/09/15 08:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richardson\Application Data\Snapfish
[2010/08/30 15:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richardson\Application Data\SolSuite
[2008/03/16 10:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richardson\Application Data\Systweak
[2009/05/29 20:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richardson\Application Data\Wal-Mart
[2009/12/19 11:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richardson\Application Data\WMTMiniMovie
[2010/11/07 19:33:17 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\Tasks\ConfigExec.job
[2010/11/07 10:58:32 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\Tasks\DataUpload.job
[2010/11/07 19:44:27 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/11/05 11:42:32 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\RegTask.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/11/05 07:48:57 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/12/01 02:10:09 | 002,483,195 | ---- | M] () -- C:\4891385430093.jpg
[2007/02/02 13:15:59 | 000,014,939 | ---- | M] () -- C:\actors_working_together.wpd
[2010/09/06 09:41:52 | 002,955,424 | ---- | M] (Siber Systems) -- C:\AiRoboForm-cs007.exe
[2006/09/19 11:08:57 | 000,009,127 | ---- | M] () -- C:\al_benn_090206.txt
[2010/09/06 09:38:57 | 003,225,856 | ---- | M] (Sammsoft ) -- C:\arolicense2010.exe
[2006/08/30 10:01:28 | 000,001,182 | ---- | M] () -- C:\autobio
[2006/08/29 20:02:37 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/09/21 17:08:35 | 000,009,568 | ---- | M] () -- C:\bob_lieberman_corr.wpd
[2010/11/07 06:26:17 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/11/07 18:38:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2008/05/06 14:28:50 | 000,017,816 | ---- | M] () -- C:\charities_asking_for_donations.wb3
[2008/03/28 08:50:36 | 000,011,663 | ---- | M] () -- C:\citibank_charges_dead.wpd
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/11/07 18:54:28 | 000,014,640 | ---- | M] () -- C:\ComboFix.txt
[2006/08/29 20:02:37 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/03/05 08:26:00 | 000,012,826 | ---- | M] () -- C:\Copy of jjokes.wpd
[1999/11/27 10:39:54 | 001,130,496 | ---- | M] (NVision Design, Inc.) -- C:\Copy of santa.exe
[2007/11/27 20:35:28 | 000,009,702 | ---- | M] () -- C:\dwarfs_guy_hung.wpd
[2007/06/05 19:45:55 | 000,001,449 | ---- | M] () -- C:\geico_voice.wpd
[2009/05/07 14:07:28 | 005,536,461 | ---- | M] () -- C:\HBHS_pictures_04302009.jpg.wpd
[2010/11/07 19:28:25 | 234,409,984 | -HS- | M] () -- C:\hiberfil.sys
[2006/08/29 20:02:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/15 10:30:01 | 000,008,987 | ---- | M] () -- C:\jokes'gunslinger_punk_oldtimer.wpd
[2007/11/15 15:08:56 | 000,008,633 | ---- | M] () -- C:\lions_club.wpd
[2010/11/05 09:48:37 | 002,359,350 | ---- | M] () -- C:\log me in intro.wpd
[2010/11/05 08:10:25 | 000,693,552 | ---- | M] () -- C:\LogMeIn - LogMeIn Pro² Support.mht
[2010/10/27 12:17:18 | 000,016,528 | ---- | M] () -- C:\Marriage_accoerding_to_kids.wpd
[2006/08/29 20:02:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/08/29 20:15:37 | 000,000,119 | ---- | M] () -- C:\MSN.com
[2008/01/15 17:18:18 | 000,038,347 | ---- | M] () -- C:\my_life_bio_113007.wpd
[2008/08/15 08:43:39 | 000,163,773 | ---- | M] () -- C:\nicknames_sports.wpd
[2008/05/05 14:44:36 | 001,899,888 | ---- | M] ( ) -- C:\noadwarefullv5.exe
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/30 09:05:23 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/14 10:36:08 | 000,011,324 | ---- | M] () -- C:\ocean_descriptions_kids.wpd
[2010/11/07 19:28:24 | 352,321,536 | -HS- | M] () -- C:\pagefile.sys
[2010/11/03 12:44:09 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010/05/25 08:42:50 | 000,015,027 | ---- | M] () -- C:\richardson_book_excerpt_062608.wpd
[2010/09/06 10:49:26 | 000,067,177 | ---- | M] () -- C:\robo_menu_options.jpg
[2010/09/06 10:49:26 | 000,026,498 | ---- | M] () -- C:\robo_save_forms.jpg
[1999/11/27 10:39:54 | 001,130,496 | ---- | M] (NVision Design, Inc.) -- C:\santa.exe
[1999/12/06 11:12:54 | 000,002,316 | ---- | M] () -- C:\santa_directions.txt.wpd
[2010/08/15 10:36:32 | 006,259,064 | ---- | M] (Microsoft Corporation) -- C:\Silverlight.exe
[1998/03/06 18:57:34 | 000,009,352 | ---- | M] () -- C:\SILVERS.TAR
[1998/01/24 10:41:58 | 000,002,749 | ---- | M] () -- C:\SIL_STAR.LET
[2009/12/13 15:59:49 | 000,235,511 | ---- | M] () -- C:\stan&chat_july_2008.jpg.wpd
[2008/06/21 09:41:21 | 000,025,459 | ---- | M] () -- C:\STAN_RICHARDSON1[1]..rtf
[2010/11/07 18:09:29 | 000,031,906 | ---- | M] () -- C:\TDSSKiller.2.4.6.0_07.11.2010_18.08.00_log.txt
[2010/11/01 19:20:00 | 000,031,645 | ---- | M] () -- C:\television_programs.txt
[2009/12/15 14:24:05 | 000,000,923 | ---- | M] () -- C:\updatedatfix.log
[1997/05/27 08:37:42 | 000,021,318 | ---- | M] () -- C:\WARSTORY.ORI
[2008/07/29 13:25:16 | 000,021,217 | ---- | M] () -- C:\why_we_love_kids.wpd
[2010/08/23 12:01:46 | 001,239,912 | ---- | M] (Microsoft Corporation) -- C:\wlsetup-web.exe
[2010/02/28 09:59:19 | 000,000,162 | -H-- | M] () -- C:\~$ell_records.pdf

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/08/29 20:01:54 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2010/09/27 13:49:26 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2004/11/17 16:24:24 | 000,421,888 | ---- | M] () -- C:\WINDOWS\Nero PhotoShow.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/08/29 12:12:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/08/29 12:12:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/08/29 12:12:46 | 000,868,352 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/10/22 12:56:08 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Create & Print Home.url
[2008/10/30 09:12:16 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/08/29 20:15:36 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Richardson\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2006/08/29 20:15:35 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Richardson\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2004/08/04 07:00:00 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Richardson\Desktop\calc.exe
[2010/11/07 18:33:47 | 003,905,709 | R--- | M] () -- C:\Documents and Settings\Richardson\Desktop\ComboFix.exe
[2010/11/06 21:09:59 | 000,295,424 | ---- | M] () -- C:\Documents and Settings\Richardson\Desktop\dh56z598.exe
[2010/11/06 21:10:25 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Richardson\Desktop\MBRCheck.exe
[2010/11/07 19:45:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richardson\Desktop\OTL.exe
[2010/11/06 21:09:24 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richardson\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2010/04/10 15:16:12 | 000,000,786 | ---- | M] () -- C:\WINDOWS\AppPatch\Custom\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2006/11/20 19:09:26 | 000,484,352 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Richardson\My Documents\ie6setup.exe
[2010/11/06 19:56:10 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Richardson\My Documents\mbam-setup-1.46.exe
[2009/12/13 11:38:32 | 003,130,625 | ---- | M] (Autodesk) -- C:\Documents and Settings\Richardson\My Documents\MgControl6.5SP1.exe
[2010/02/02 06:58:17 | 009,052,816 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Richardson\My Documents\MSNOIE8_ENUS_XPL.EXE
[2010/11/07 06:40:07 | 013,063,352 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Richardson\My Documents\mssefullinstall-x86fre-en-us-xp.exe
[2010/10/18 07:45:21 | 005,969,744 | ---- | M] (Weskysoft Inc. ) -- C:\Documents and Settings\Richardson\My Documents\PerfectOptimizer_V52.exe
[2006/11/06 20:32:51 | 000,534,112 | ---- | M] (Adobe Systems) -- C:\Documents and Settings\Richardson\My Documents\psa30se_ytb612_a708_DLM_en_us.exe
[2010/10/18 07:50:49 | 000,348,520 | ---- | M] (Time Pioneer Limited ) -- C:\Documents and Settings\Richardson\My Documents\RegtaskTool_Installer.exe
[2007/04/18 14:55:56 | 000,545,992 | ---- | M] (Adobe Systems) -- C:\Documents and Settings\Richardson\My Documents\sgc10_gtb401019_rdr80_DLM_en_US.exe
[2010/02/27 10:05:58 | 004,938,120 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Richardson\My Documents\Silverlight.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/11/06 12:56:53 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\Richardson\Favorites\4RUNNER.wpd.lnk
[2006/09/17 19:45:42 | 000,000,454 | ---- | M] () -- C:\Documents and Settings\Richardson\Favorites\Backups.lnk
[2010/10/22 13:06:08 | 000,000,568 | ---- | M] () -- C:\Documents and Settings\Richardson\Favorites\Corel Macros.LNK
[2006/08/29 20:15:35 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Richardson\Favorites\Desktop.ini
[2010/10/31 12:01:22 | 000,000,379 | ---- | M] () -- C:\Documents and Settings\Richardson\Favorites\Documents.lnk
[2010/10/22 13:06:08 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Richardson\Favorites\Graphics.LNK
[2010/10/22 13:06:08 | 000,000,426 | ---- | M] () -- C:\Documents and Settings\Richardson\Favorites\Personal Files.LNK
[2008/05/20 09:04:16 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Richardson\Favorites\wp51.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/08/26 08:25:15 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Richardson\Cookies\desktop.ini
[2010/11/07 19:36:35 | 000,704,512 | ---- | M] () -- C:\Documents and Settings\Richardson\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 13:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 13:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 13:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1994/11/30 00:00:00 | 000,004,128 | R--- | M] (Apple Computer, Inc.) -- C:\WINDOWS\system\QTNOTIFY.EXE

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >


< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

#22 Broni Re: [RESOLVED] Trojan made computer act crazy

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 34,923 posts
  • 1,999 topics
    • Time Online: 204d 6m 43s
  • Joined October 04, 2004
  • Age: 59
  • Skin: Smartest wide
  • Local time: 12:47 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 08 November 2010 - 02:31 AM

One of your main problems is here:

223.00 Mb Total Physical Memory

Very little of RAM.
XP needs at least 512MB of RAM to run better (1GB preferable).

==================================================================

Update your Java version here: http://www.java.com/...d/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

==========================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\CrucialSMBusScan_XP32.sys -- (CrucialSMBusScan)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
    O16 - DPF: PackageCab http://www.imgag.com...tall/AxCtp2.cab (Reg Error: Key error.)
    [2010/10/18 08:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegWork
    [2010/10/18 07:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\RegTask
    [2010/10/18 07:50:48 | 000,348,520 | ---- | C] (Time Pioneer Limited ) -- C:\Documents and Settings\Richardson\My Documents\RegtaskTool_Installer.exe
    [2010/11/05 11:42:32 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RegTask.job
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

===========================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.

p22003266.jpg  p22003279.jpgp4279089.jpg


#23 claramaecallie Re: [RESOLVED] Trojan made computer act crazy

claramaecallie

    Member

  • Topic Starter
  • Members
  • 54 posts
  • 3 topics
    • :
  • Joined November 07, 2010
  • Skin: IP.Board
  • Local time: 07:47 AM
  • Zodiac:Aquarius
  • OS:Windows XP
  • Country:
Offline

Posted 08 November 2010 - 03:13 AM

I will order 1 gig of ram. This computer used to run much better than it does now. It was actually fast to have only 256 megs of ram, not the case now. It now takes 12 minutes to boot. Also when I rebooted my anti virus was not there. I just wanted to make sure it was worth ordering the ram before I do it. I know one time tonight while we were doing things on it that you told me to do I looked and the anti-virus was all of a sudden gone from the taskbar. It was on there and I never removed it. That is what is strange. I will do the rest of the things you wanted me to do and post back the results. Stan

#24 Broni Re: [RESOLVED] Trojan made computer act crazy

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 34,923 posts
  • 1,999 topics
    • Time Online: 204d 6m 43s
  • Joined October 04, 2004
  • Age: 59
  • Skin: Smartest wide
  • Local time: 12:47 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 08 November 2010 - 03:21 AM

It now takes 12 minutes to boot

This is not normal, even with 256MB of RAM.
You may have some other issues, possibly hardware related.

Let's finish all steps and we'll go from there.

p22003266.jpg  p22003279.jpgp4279089.jpg


#25 claramaecallie Re: [RESOLVED] Trojan made computer act crazy

claramaecallie

    Member

  • Topic Starter
  • Members
  • 54 posts
  • 3 topics
    • :
  • Joined November 07, 2010
  • Skin: IP.Board
  • Local time: 07:47 AM
  • Zodiac:Aquarius
  • OS:Windows XP
  • Country:
Offline

Posted 08 November 2010 - 03:59 AM

All processes killed
========== OTL ==========
Error: No service named CrucialSMBusScan was found to stop!
Service\Driver key CrucialSMBusScan not found.
File C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\CrucialSMBusScan_XP32.sys not found.
Service cpuz132 stopped successfully!
Service cpuz132 deleted successfully!
File C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys not found.
Starting removal of ActiveX control PackageCab
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\PackageCab\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\PackageCab\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PackageCab\ not found.
C:\Documents and Settings\All Users\Application Data\RegWork\History folder moved successfully.
C:\Documents and Settings\All Users\Application Data\RegWork folder moved successfully.
C:\Program Files\RegTask\Logs folder moved successfully.
C:\Program Files\RegTask folder moved successfully.
C:\Documents and Settings\Richardson\My Documents\RegtaskTool_Installer.exe moved successfully.
C:\WINDOWS\tasks\RegTask.job moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: My Documents

User: NetworkService
->Temp folder emptied: 11046 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Richardson
->Temp folder emptied: 9252589 bytes
->Temporary Internet Files folder emptied: 748885 bytes
->Java cache emptied: 1783 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 1321 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6566 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 10.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: LogMeInRemoteUser
->Flash cache emptied: 0 bytes

User: My Documents

User: NetworkService

User: Richardson
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11072010_214918

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#26 Broni Re: [RESOLVED] Trojan made computer act crazy

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 34,923 posts
  • 1,999 topics
    • Time Online: 204d 6m 43s
  • Joined October 04, 2004
  • Age: 59
  • Skin: Smartest wide
  • Local time: 12:47 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 08 November 2010 - 04:01 AM

Good. Go on...

p22003266.jpg  p22003279.jpgp4279089.jpg


#27 claramaecallie Re: [RESOLVED] Trojan made computer act crazy

claramaecallie

    Member

  • Topic Starter
  • Members
  • 54 posts
  • 3 topics
    • :
  • Joined November 07, 2010
  • Skin: IP.Board
  • Local time: 07:47 AM
  • Zodiac:Aquarius
  • OS:Windows XP
  • Country:
Offline

Posted 08 November 2010 - 04:06 AM

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Microsoft Security Essentials
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
Java™ 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.0.42.34
Adobe Reader 9.4.0
Mozilla Firefox (3.5.6) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Microsoft Security Essentials msseces.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

#28 Broni Re: [RESOLVED] Trojan made computer act crazy

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 34,923 posts
  • 1,999 topics
    • Time Online: 204d 6m 43s
  • Joined October 04, 2004
  • Age: 59
  • Skin: Smartest wide
  • Local time: 12:47 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 08 November 2010 - 04:08 AM

Please, update Firefox to current, 3.6.12 version.

p22003266.jpg  p22003279.jpgp4279089.jpg


#29 claramaecallie Re: [RESOLVED] Trojan made computer act crazy

claramaecallie

    Member

  • Topic Starter
  • Members
  • 54 posts
  • 3 topics
    • :
  • Joined November 07, 2010
  • Skin: IP.Board
  • Local time: 07:47 AM
  • Zodiac:Aquarius
  • OS:Windows XP
  • Country:
Offline

Posted 08 November 2010 - 04:27 AM

Broni, I will just uninstall firefox because I do not use it anymore. Also the time it takes this computer to do things is a problem. I am not sure what is going on but something is really wrong. I do not know how to test the hard drive other than the windows test using the error checking method. It took 15 minutes to boot after we run the last fix using the OTL program. Any suggestions on what I should do next. How would I tell if the hardware is the problem? I know in the last few weeks when I open up word perfect 8 the screen will go black. Anyway do you think the system is now virus free? I did not yet run the virus test you told me to. I clicked on it and 20 minutes later it was still doing something but never started. I know this computer used to run much faster than it is now. Thanks for any tips you may have. Stan

#30 Broni Re: [RESOLVED] Trojan made computer act crazy

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 34,923 posts
  • 1,999 topics
    • Time Online: 204d 6m 43s
  • Joined October 04, 2004
  • Age: 59
  • Skin: Smartest wide
  • Local time: 12:47 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 08 November 2010 - 04:32 AM

I want you to finish all steps (Eset scan) and I'll see what else we can do.

p22003266.jpg  p22003279.jpgp4279089.jpg


#31 claramaecallie Re: [RESOLVED] Trojan made computer act crazy

claramaecallie

    Member

  • Topic Starter
  • Members
  • 54 posts
  • 3 topics
    • :
  • Joined November 07, 2010
  • Skin: IP.Board
  • Local time: 07:47 AM
  • Zodiac:Aquarius
  • OS:Windows XP
  • Country:
Offline

Posted 08 November 2010 - 04:59 AM

I will see if I can do that tomorrow. Thanks again for you time on this, People like you are rare. Someone willing to help someone today is a special person. You will be repaid one of these days. Thanks again. Stan

#32 Broni Re: [RESOLVED] Trojan made computer act crazy

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 34,923 posts
  • 1,999 topics
    • Time Online: 204d 6m 43s
  • Joined October 04, 2004
  • Age: 59
  • Skin: Smartest wide
  • Local time: 12:47 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 08 November 2010 - 05:00 AM

You're very welcome Posted Image

p22003266.jpg  p22003279.jpgp4279089.jpg


#33 claramaecallie Re: [RESOLVED] Trojan made computer act crazy

claramaecallie

    Member

  • Topic Starter
  • Members
  • 54 posts
  • 3 topics
    • :
  • Joined November 07, 2010
  • Skin: IP.Board
  • Local time: 07:47 AM
  • Zodiac:Aquarius
  • OS:Windows XP
  • Country:
Offline

Posted 08 November 2010 - 01:22 PM

C:\noadwarefullv5.exe multiple threats deleted - quarantined
C:\Documents and Settings\Richardson\My Documents\PerfectOptimizer_V52.exe a variant of Win32/Adware.PerfectOptimizer application deleted - quarantined
C:\System Volume Information\_restore{BFD3FFDF-4FB6-4D00-AF9A-BB5A9227E7BB}\RP1548\A0590200.exe multiple threats deleted - quarantined


I also rounded up another 256 meg of ram and it made a difference in the speed. I may go and order 1 gig. The computer is running a little better than yesterday. Stan

#34 Broni Re: [RESOLVED] Trojan made computer act crazy

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 34,923 posts
  • 1,999 topics
    • Time Online: 204d 6m 43s
  • Joined October 04, 2004
  • Age: 59
  • Skin: Smartest wide
  • Local time: 12:47 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 08 November 2010 - 07:33 PM

How is boot time?

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/v...ning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingc.../topic2520.html

12. Please, let me know, how is your computer doing.

p22003266.jpg  p22003279.jpgp4279089.jpg


#35 claramaecallie Re: [RESOLVED] Trojan made computer act crazy

claramaecallie

    Member

  • Topic Starter
  • Members
  • 54 posts
  • 3 topics
    • :
  • Joined November 07, 2010
  • Skin: IP.Board
  • Local time: 07:47 AM
  • Zodiac:Aquarius
  • OS:Windows XP
  • Country:
Offline

Posted 08 November 2010 - 11:31 PM

All processes killed
Error: Unable to interpret <:OTL :OTL > in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: My Documents

User: NetworkService
->Temp folder emptied: 4008 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Richardson
->Temp folder emptied: 403 bytes
->Temporary Internet Files folder emptied: 378276 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11950 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1409 bytes

Total Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: LogMeInRemoteUser
->Flash cache emptied: 0 bytes

User: My Documents

User: NetworkService

User: Richardson
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: My Documents

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Richardson
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: LogMeInRemoteUser
->Flash cache emptied: 0 bytes

User: My Documents

User: NetworkService

User: Richardson
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Error: Unable to stop service SRService!

OTL by OldTimer - Version 3.2.17.3 log created on 11082010_164604

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#36 Broni Re: [RESOLVED] Trojan made computer act crazy

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 34,923 posts
  • 1,999 topics
    • Time Online: 204d 6m 43s
  • Joined October 04, 2004
  • Age: 59
  • Skin: Smartest wide
  • Local time: 12:47 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 08 November 2010 - 11:32 PM

Go on....

p22003266.jpg  p22003279.jpgp4279089.jpg


#37 claramaecallie Re: [RESOLVED] Trojan made computer act crazy

claramaecallie

    Member

  • Topic Starter
  • Members
  • 54 posts
  • 3 topics
    • :
  • Joined November 07, 2010
  • Skin: IP.Board
  • Local time: 07:47 AM
  • Zodiac:Aquarius
  • OS:Windows XP
  • Country:
Offline

Posted 09 November 2010 - 12:59 AM

Its running much better Broni. I will install the new ram when I get it and report back. Thanks again so much for your time on helping me. Stan

#38 Broni Re: [RESOLVED] Trojan made computer act crazy

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 34,923 posts
  • 1,999 topics
    • Time Online: 204d 6m 43s
  • Joined October 04, 2004
  • Age: 59
  • Skin: Smartest wide
  • Local time: 12:47 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 09 November 2010 - 01:08 AM

Way to go!! Posted Image
Good luck and stay safe :)

p22003266.jpg  p22003279.jpgp4279089.jpg


#39 claramaecallie Re: [RESOLVED] Trojan made computer act crazy

claramaecallie

    Member

  • Topic Starter
  • Members
  • 54 posts
  • 3 topics
    • :
  • Joined November 07, 2010
  • Skin: IP.Board
  • Local time: 07:47 AM
  • Zodiac:Aquarius
  • OS:Windows XP
  • Country:
Offline

Posted 11 November 2010 - 01:54 AM

I got the ram today. I now have 1 gig. The computer runs much faster but I still have problems. I installed microsoft's antivirus software and since I did the install my cpu is being used 100%. Two things are using it, MSMPENG.EXE MRT.EXE are eating of the cpu resources. I just removed the microsoft antivirus and the speed is back but now when I open up my Corel 8 the screen resolution changes. The screen actually goes black for a few seconds and the it shows very little color,like in safe mode. I close the program and it goes back to normal but I have to move things to the right or left using monitor setting so I am able to see what I am viewing, I have Corel 9 installed and it does not do it. I never noticed this happening until I got hit with these trojans, may not have anything to do with it though. Anyway to check this. Also which one of the antivirus programs you suggested would use less memory? Thanks for anymore tips on this computer. Stan

#40 Broni Re: [RESOLVED] Trojan made computer act crazy

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 34,923 posts
  • 1,999 topics
    • Time Online: 204d 6m 43s
  • Joined October 04, 2004
  • Age: 59
  • Skin: Smartest wide
  • Local time: 12:47 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 11 November 2010 - 02:00 AM

Before we go anywhere, we need to clarify couple of things.

1. You installed MSE on November 7th. Did the CPU issue start right then? You didn't say anything.
2. Why do you need two Corel versions?

p22003266.jpg  p22003279.jpgp4279089.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users