1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Computer Powers Down By Itself

Discussion in 'Malware and Virus Removal Archive' started by writeman47, 2010/07/06.

Page 2 of 2
  1. 2010/07/18
    writeman47

    writeman47 Inactive Thread Starter

    Joined:
    2006/01/13
    Messages:
    19
    Likes Received:
    0
    ========== Files/Folders - Created Within 90 Days ==========

    [2010/07/18 18:26:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/07/18 18:23:49 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/07/18 12:58:12 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
    [2010/07/16 18:06:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/07/16 13:48:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/07/14 09:56:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ArcSoft
    [2010/07/14 09:53:05 | 000,018,688 | ---- | C] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\afc.sys
    [2010/07/14 09:52:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
    [2010/07/14 09:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
    [2010/07/14 09:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
    [2010/07/14 09:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Media Player Classic
    [2010/07/12 17:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My TiVo Recordings for Portables
    [2010/07/12 17:18:29 | 000,073,728 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
    [2010/07/12 17:18:28 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
    [2010/07/12 17:18:28 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
    [2010/07/12 17:18:28 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
    [2010/07/12 13:07:00 | 001,189,376 | ---- | C] (TiVo Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\TiVoTransfer.exe
    [2010/07/08 14:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\TiVo Desktop
    [2010/07/08 14:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/07/08 05:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2010/07/07 17:13:36 | 000,000,000 | ---D | C] -- C:\Program Files\TiVo
    [2010/06/30 09:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools 2010
    [2010/06/30 08:54:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Recent
    [2010/06/29 13:37:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Kindle Content
    [2010/06/29 13:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/06/28 17:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Amazon
    [2010/06/24 13:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers
    [2010/06/12 08:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\Hijackthis
    [2010/06/11 09:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
    [2010/05/31 16:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\Calibrize
    [2010/05/24 11:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
    [2010/05/21 19:18:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
    [2010/05/21 18:13:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
    [2010/05/12 15:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\bootable_usb_flash_drive_files
    [2010/05/12 12:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\fix_mbr_files
    [2010/05/01 10:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Jason Lefmann FB_files
    [2010/04/28 09:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\SumatraPDF

    ========== Files - Modified Within 90 Days ==========

    [2010/07/18 18:37:00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6ACC229A-6DB3-4E23-AD97-BCD4B9F544EE}.job
    [2010/07/18 18:28:37 | 000,267,361 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
    [2010/07/18 18:28:31 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
    [2010/07/18 18:28:19 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/07/18 18:28:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/07/18 18:28:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/07/18 18:27:23 | 012,509,184 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.dat
    [2010/07/18 18:27:04 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2010/07/18 17:52:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/07/18 13:48:28 | 000,082,234 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\328438.full.gif
    [2010/07/18 13:48:01 | 000,177,370 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\328382.full.gif
    [2010/07/18 13:40:33 | 000,407,067 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Tips for Sunscreens and Minimizing Sun Exposure How to Pick a Sunscreen Based on SPF and Ingredients.mht
    [2010/07/18 13:36:22 | 000,000,553 | ---- | M] () -- C:\hpfr5550.xml
    [2010/07/18 13:36:04 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\monthPSn1-Aug-2010-to-Sep-2010-dYvy.doc
    [2010/07/18 12:58:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
    [2010/07/18 12:51:12 | 017,207,554 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
    [2010/07/17 23:00:12 | 000,001,632 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L107A1E82D2E74995BB94728F086B491C.job
    [2010/07/17 23:00:00 | 000,001,632 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L85288786C24444F49F2A6E7D2CE4BD98.job
    [2010/07/17 13:56:25 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/07/17 13:40:00 | 001,475,720 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Health Discovery Painkillers Increase Heart Attack, Stroke Risks in Healthy - AARP Bulletin.mht
    [2010/07/16 18:06:52 | 000,000,279 | RHS- | M] () -- C:\boot.ini
    [2010/07/16 16:46:54 | 000,526,013 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Colbie_Image_B.jpg
    [2010/07/16 13:40:31 | 003,738,072 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe.GetRight
    [2010/07/16 08:03:37 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Gary Lefmann's Meds List as of 16 Jul 10.doc
    [2010/07/15 17:56:13 | 000,001,672 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\CrystalDiskInfo.lnk
    [2010/07/15 14:16:15 | 000,000,232 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Realtek HD Sound Effect Manager.lnk
    [2010/07/15 07:49:03 | 000,059,904 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\low-cost and early-age spay neuter clinics 6-10.doc
    [2010/07/15 07:49:03 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$w-cost and early-age spay neuter clinics 6-10.doc
    [2010/07/15 07:48:17 | 000,133,959 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\transporters 6-10.rtf
    [2010/07/15 07:48:17 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$ansporters 6-10.rtf
    [2010/07/15 07:47:41 | 000,152,140 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\help for lost pets 6-10.rtf
    [2010/07/15 07:47:41 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$lp for lost pets 6-10.rtf
    [2010/07/15 07:47:10 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\financial aid for pets 6-10.doc
    [2010/07/15 07:47:10 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$nancial aid for pets 6-10.doc
    [2010/07/15 07:46:40 | 000,053,440 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\pet food banks 6-10.rtf
    [2010/07/15 07:46:40 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$t food banks 6-10.rtf
    [2010/07/14 09:53:00 | 000,001,767 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Impression for Kodak.lnk
    [2010/07/14 08:58:36 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\9bvmfypp.exe
    [2010/07/13 14:42:28 | 000,530,084 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/07/13 14:42:28 | 000,461,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/07/13 14:42:28 | 000,079,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/07/13 14:31:04 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Quotes I Like.doc
    [2010/07/13 11:35:36 | 000,001,155 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\pfp-2.csv
    [2010/07/12 17:18:02 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
    [2010/07/12 17:18:02 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
    [2010/07/12 17:18:02 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
    [2010/07/12 17:18:02 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
    [2010/07/12 17:18:01 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
    [2010/07/12 09:00:27 | 001,133,338 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Firearms Safety in the Home.PDF
    [2010/07/12 08:03:19 | 001,777,717 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\July Newsletter.pdf
    [2010/07/09 16:15:46 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
    [2010/07/08 16:20:09 | 000,355,282 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\private detective_security application.pdf
    [2010/07/08 14:23:19 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/07/08 07:13:32 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2010/07/06 11:19:50 | 000,001,153 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/07/06 10:30:24 | 000,154,075 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Re Request for Money for Security Team Headsets.eml
    [2010/07/05 17:09:40 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Security Team Roster updtd 5Jul10.xls
    [2010/07/01 12:43:31 | 005,692,835 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Zx1_xUG_GLB_en.pdf
    [2010/06/30 09:56:56 | 000,002,325 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\license.xbin
    [2010/06/30 09:56:46 | 000,001,605 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\jv16 PowerTools 2010.lnk
    [2010/06/30 09:06:15 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2010/06/30 09:06:15 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2010/06/30 09:01:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/06/30 08:58:50 | 000,000,912 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
    [2010/06/30 08:56:49 | 000,020,394 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\cc_20100630_085632.reg
    [2010/06/28 17:58:37 | 000,035,563 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Authors I Like.doc
    [2010/06/24 15:32:12 | 000,231,936 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\marapr10newsletter.doc
    [2010/06/24 13:40:09 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\DVDVideoSoft Free Studio.lnk
    [2010/06/24 10:37:27 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/06/23 14:01:55 | 003,112,200 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\PCMatic Ref Guide.PDF
    [2010/06/23 13:51:31 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Matic.lnk
    [2010/06/23 09:39:34 | 000,116,224 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/06/22 15:47:20 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\H.U.G. Events.doc
    [2010/06/22 15:46:07 | 000,015,558 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\H.U.G. Events.docx
    [2010/06/22 08:58:06 | 000,013,651 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Rx needed June 2010.docx
    [2010/06/21 18:37:49 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/06/21 18:07:39 | 000,624,170 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\MotorolaXTN%20Series%20Accessories.pdf
    [2010/06/20 14:03:35 | 000,110,557 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\monthPSn1-Jul-2010-to-Aug-2010-NgW2.rtf
    [2010/06/20 14:01:45 | 000,107,478 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\monthPSf1-Jul-2010-to-Aug-2010-N93P.rtf
    [2010/06/13 15:26:03 | 001,505,732 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\June newsletter.pdf
    [2010/06/13 15:23:52 | 001,505,732 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\June newsletter-1.pdf
    [2010/06/11 09:52:04 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\EVEREST Home Edition.lnk
    [2010/06/10 11:13:13 | 000,002,465 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\pfp-1.csv
    [2010/06/10 11:13:07 | 000,013,506 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\pfp.csv
    [2010/06/10 10:36:11 | 000,093,187 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Memories of Zoey.docx
    [2010/06/09 10:06:30 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Copy of Security Team Roster updtd 24May09.xls
    [2010/06/09 09:37:34 | 000,352,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/06/05 11:50:53 | 002,576,379 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1B56DD79d01.pdf
    [2010/06/05 11:49:44 | 000,755,537 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Me_and_Web_Shadow_Excerpt_REV.pdf
    [2010/06/03 13:46:09 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Lynne's Meds List as of 03 Jun 10.doc
    [2010/06/03 13:41:58 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Gary's Meds List1 as of 03 Jun 10.doc
    [2010/06/03 13:39:56 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Gary's Meds List1 as of 20 Jan 10.doc
    [2010/05/29 10:14:09 | 000,582,294 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\79CAF680d01.pdf
    [2010/05/28 11:20:11 | 000,013,173 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\2010 Donations.docx
    [2010/05/24 11:58:19 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
    [2010/05/21 19:05:42 | 000,250,032 | RHS- | M] () -- C:\ntldr
    [2010/05/18 08:48:33 | 000,110,703 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\monthPSn1-Jun-2010-to-Jul-2010-7SD0.rtf
    [2010/05/13 09:10:26 | 002,320,114 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Samsung Intensity User Manual.PDF
    [2010/05/12 15:08:31 | 000,036,223 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\bootable_usb_flash_drive.html
    [2010/05/12 12:15:32 | 000,040,311 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\fix_mbr.html
    [2010/05/07 16:25:18 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Verizon Chat.doc
    [2010/05/07 16:24:53 | 000,014,991 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Verizon Chat.docx
    [2010/05/05 10:25:04 | 001,324,805 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\A45B6D42d01.pdf
    [2010/05/01 10:17:41 | 000,114,226 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jason Lefmann FB.htm
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/04/29 10:58:14 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
    [2010/04/26 12:24:39 | 000,001,749 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\GoodSync.lnk
    [2010/04/23 10:20:03 | 000,014,626 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Community Bible Church Membership Discount Application(2010).docx
    [2010/04/22 09:24:14 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Gary Medical History.xls
    [2010/04/22 09:23:59 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Medical History Gary.xls

    ========== Files Created - No Company Name ==========

    [2010/07/18 13:48:28 | 000,082,234 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\328438.full.gif
    [2010/07/18 13:48:00 | 000,177,370 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\328382.full.gif
    [2010/07/18 13:40:32 | 000,407,067 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Tips for Sunscreens and Minimizing Sun Exposure How to Pick a Sunscreen Based on SPF and Ingredients.mht
    [2010/07/18 13:36:04 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\monthPSn1-Aug-2010-to-Sep-2010-dYvy.doc
    [2010/07/17 13:39:52 | 001,475,720 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Health Discovery Painkillers Increase Heart Attack, Stroke Risks in Healthy - AARP Bulletin.mht
    [2010/07/16 18:06:52 | 000,000,281 | ---- | C] () -- C:\Boot.bak
    [2010/07/16 16:47:15 | 000,526,013 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Colbie_Image_B.jpg
    [2010/07/16 13:40:21 | 003,738,072 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe.GetRight
    [2010/07/16 08:03:36 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Gary Lefmann's Meds List as of 16 Jul 10.doc
    [2010/07/15 17:56:13 | 000,001,672 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\CrystalDiskInfo.lnk
    [2010/07/15 14:16:15 | 000,000,232 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Realtek HD Sound Effect Manager.lnk
    [2010/07/15 07:49:03 | 000,059,904 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\low-cost and early-age spay neuter clinics 6-10.doc
    [2010/07/15 07:49:03 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$w-cost and early-age spay neuter clinics 6-10.doc
    [2010/07/15 07:48:17 | 000,133,959 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\transporters 6-10.rtf
    [2010/07/15 07:48:17 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$ansporters 6-10.rtf
    [2010/07/15 07:47:41 | 000,152,140 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\help for lost pets 6-10.rtf
    [2010/07/15 07:47:41 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$lp for lost pets 6-10.rtf
    [2010/07/15 07:47:10 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\financial aid for pets 6-10.doc
    [2010/07/15 07:47:10 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$nancial aid for pets 6-10.doc
    [2010/07/15 07:46:40 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$t food banks 6-10.rtf
    [2010/07/15 07:46:39 | 000,053,440 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\pet food banks 6-10.rtf
    [2010/07/14 09:53:00 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Impression for Kodak.lnk
    [2010/07/14 08:58:34 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\9bvmfypp.exe
    [2010/07/12 09:00:46 | 001,133,338 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Firearms Safety in the Home.PDF
    [2010/07/12 08:09:28 | 001,777,717 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\July Newsletter.pdf
    [2010/07/08 16:21:38 | 000,355,282 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\private detective_security application.pdf
    [2010/07/08 14:23:13 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2010/07/06 10:30:24 | 000,154,075 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Re Request for Money for Security Team Headsets.eml
    [2010/07/05 16:54:43 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Security Team Roster updtd 5Jul10.xls
    [2010/07/01 12:42:11 | 005,692,835 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Zx1_xUG_GLB_en.pdf
    [2010/06/30 09:56:46 | 000,001,605 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\jv16 PowerTools 2010.lnk
    [2010/06/30 08:56:38 | 000,020,394 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\cc_20100630_085632.reg
    [2010/06/29 13:17:44 | 000,001,632 | ---- | C] () -- C:\WINDOWS\tasks\wrSpySweeper_L85288786C24444F49F2A6E7D2CE4BD98.job
    [2010/06/29 07:28:09 | 012,509,184 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\ntuser.dat
    [2010/06/25 12:24:02 | 000,001,632 | ---- | C] () -- C:\WINDOWS\tasks\wrSpySweeper_L107A1E82D2E74995BB94728F086B491C.job
    [2010/06/24 15:32:11 | 000,231,936 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\marapr10newsletter.doc
    [2010/06/24 13:40:02 | 000,000,915 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\DVDVideoSoft Free Studio.lnk
    [2010/06/23 14:06:37 | 003,112,200 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\PCMatic Ref Guide.PDF
    [2010/06/23 13:51:31 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Matic.lnk
    [2010/06/22 15:47:19 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\H.U.G. Events.doc
    [2010/06/22 15:31:29 | 000,015,558 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\H.U.G. Events.docx
    [2010/06/22 08:51:18 | 000,013,651 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Rx needed June 2010.docx
    [2010/06/21 18:08:48 | 000,624,170 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\MotorolaXTN%20Series%20Accessories.pdf
    [2010/06/20 14:03:34 | 000,110,557 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\monthPSn1-Jul-2010-to-Aug-2010-NgW2.rtf
    [2010/06/20 14:01:45 | 000,107,478 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\monthPSf1-Jul-2010-to-Aug-2010-N93P.rtf
    [2010/06/13 15:26:02 | 001,505,732 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\June newsletter.pdf
    [2010/06/13 15:25:30 | 001,505,732 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\June newsletter-1.pdf
    [2010/06/11 09:52:04 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\EVEREST Home Edition.lnk
    [2010/06/10 10:45:19 | 000,001,155 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\pfp-2.csv
    [2010/06/10 10:45:06 | 000,002,465 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\pfp-1.csv
    [2010/06/10 10:44:52 | 000,013,506 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\pfp.csv
    [2010/06/10 10:25:07 | 000,093,187 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Memories of Zoey.docx
    [2010/06/09 10:06:30 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Copy of Security Team Roster updtd 24May09.xls
    [2010/06/05 11:51:06 | 002,576,379 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1B56DD79d01.pdf
    [2010/06/05 11:50:38 | 000,755,537 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Me_and_Web_Shadow_Excerpt_REV.pdf
    [2010/06/03 13:44:12 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Lynne's Meds List as of 03 Jun 10.doc
    [2010/06/03 13:40:39 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Gary's Meds List1 as of 03 Jun 10.doc
    [2010/05/29 10:14:09 | 000,582,294 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\79CAF680d01.pdf
    [2010/05/28 11:12:35 | 000,013,173 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\2010 Donations.docx
    [2010/05/21 18:42:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sorttbls.nls
    [2010/05/21 18:41:59 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\dllcache\locale.nls
    [2010/05/21 18:41:53 | 000,079,996 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apps.chm
    [2010/05/18 08:48:33 | 000,110,703 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\monthPSn1-Jun-2010-to-Jul-2010-7SD0.rtf
    [2010/05/13 09:15:38 | 002,320,114 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Samsung Intensity User Manual.PDF
    [2010/05/12 15:08:30 | 000,036,223 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\bootable_usb_flash_drive.html
    [2010/05/12 12:15:26 | 000,040,311 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\fix_mbr.html
    [2010/05/07 16:25:18 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Verizon Chat.doc
    [2010/05/07 16:24:53 | 000,014,991 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Verizon Chat.docx
    [2010/05/05 10:29:16 | 001,324,805 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\A45B6D42d01.pdf
    [2010/05/01 10:17:39 | 000,114,226 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jason Lefmann FB.htm
    [2010/04/26 12:24:39 | 000,001,749 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\GoodSync.lnk
    [2010/04/23 10:20:03 | 000,014,626 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Community Bible Church Membership Discount Application(2010).docx
    [2009/11/06 13:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
    [2009/07/14 12:57:38 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2009/05/27 13:51:10 | 000,000,050 | ---- | C] () -- C:\WINDOWS\3D Text Factory.INI
    [2008/11/01 09:18:37 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
    [2008/10/24 09:27:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2007/12/27 15:17:33 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
    [2007/12/19 15:28:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
    [2007/12/04 17:12:37 | 000,000,276 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2007/10/26 10:20:10 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
    [2007/10/17 11:00:14 | 000,000,074 | ---- | C] () -- C:\WINDOWS\hpsjbmgr.ini
    [2007/10/17 10:57:05 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
    [2007/10/17 10:57:05 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
    [2007/10/17 10:57:04 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\hpscan32.dll
    [2007/08/07 19:20:13 | 000,001,432 | ---- | C] () -- C:\WINDOWS\cgzk_hv.ini
    [2007/07/18 13:45:14 | 000,000,132 | ---- | C] () -- C:\WINDOWS\picture-shark.INI
    [2007/07/18 06:20:47 | 000,005,816 | ---- | C] () -- C:\WINDOWS\System32\casigmgr32s.dll
    [2007/06/09 10:52:38 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
    [2007/06/01 13:30:27 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
    [2007/04/30 09:57:43 | 000,046,240 | ---- | C] () -- C:\WINDOWS\Awmodem.ini
    [2007/04/21 09:30:40 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
    [2006/11/27 12:13:05 | 000,626,688 | ---- | C] () -- C:\WINDOWS\System32\dfxg13.dll
    [2006/11/21 11:47:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/11/19 14:02:24 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
    [2006/11/16 21:28:06 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
    [2006/11/02 16:35:36 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\PGPsdk.dll.sig
    [2006/09/22 15:11:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/09/22 14:48:27 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
    [2006/09/22 14:42:20 | 000,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
    [2006/09/22 14:42:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
    [2006/09/22 14:38:09 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2006/09/22 14:25:07 | 000,000,193 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2006/09/22 14:24:30 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
    [2006/09/22 14:17:42 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2006/09/22 14:13:39 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2006/09/22 14:13:39 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2006/09/22 14:12:15 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2006/09/22 13:48:40 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
    [2006/06/16 14:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2005/08/03 02:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
    [2004/09/16 23:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
    [2004/08/10 00:00:00 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
    [2004/08/10 00:00:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
    [2004/08/10 00:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
    [2004/07/26 10:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2003/03/09 16:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
    [1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
    [1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
    [1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

    ========== LOP Check ==========

    [2009/12/21 12:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
    [2006/09/22 14:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
    [2009/03/20 12:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
    [2010/02/12 14:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easy Duplicate Finder
    [2009/01/21 18:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
    [2010/04/24 15:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoodSync
    [2009/06/12 08:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
    [2010/02/23 10:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
    [2008/04/05 08:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
    [2007/09/16 14:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
    [2009/12/21 12:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\page
    [2010/07/13 15:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
    [2007/02/22 14:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
    [2006/11/17 14:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
    [2007/12/27 11:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2009/01/17 17:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/07/12 17:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TiVo
    [2007/07/03 15:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
    [2008/01/18 11:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2007/08/02 13:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
    [2010/04/19 08:56:14 | 000,001,022 | -H-- | M] () -- C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
    [2010/07/18 18:37:00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6ACC229A-6DB3-4E23-AD97-BCD4B9F544EE}.job
    [2010/07/17 23:00:12 | 000,001,632 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_L107A1E82D2E74995BB94728F086B491C.job
    [2010/07/17 23:00:00 | 000,001,632 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_L85288786C24444F49F2A6E7D2CE4BD98.job

    ========== Purity Check ==========


    < End of report >
     
    writeman47,
    #21
  2. 2010/07/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good :)

    Last scan...

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.


    2. Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
    broni,
    #22


  3. to hide this advert.

  4. 2010/07/19
    writeman47

    writeman47 Inactive Thread Starter

    Joined:
    2006/01/13
    Messages:
    19
    Likes Received:
    0
    FYI, power shut down by itself once yesterday while I was working and again overnight.

    TFC downloaded and run.

    Kaspersky download was running extremely slowly. After an hour and a half, and only about 30% downloaded, internet connection was lost. (I hate Charter :( )

    Will attempt to download Kaspersky again.
     
    writeman47,
    #23
  5. 2010/07/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    If Kaspersky still gives you fits....

    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • IMOPRTANT! UN-check Remove found threats
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
     
    broni,
    #24
  6. 2010/07/19
    writeman47

    writeman47 Inactive Thread Starter

    Joined:
    2006/01/13
    Messages:
    19
    Likes Received:
    0
    Kaspersky downloading for another hour and a half, and only at 28%. Closed program and tried to use ESET. Got message: Unable to load updates. Is proxy configured?

    Beats me.
     
    writeman47,
    #25
  7. 2010/07/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please run a BitDefender Online Scan

    • Disable your antivirus program.
    • Click Start Scanner button.
    • Click Start scan button
    • Allow browser plug-in to be installed when prompted.
    • Click I Agree to agree to the EULA.
    • Please refrain from using the computer until the scan is finished.
    • When the scan is finished, click on View log.
    • Notepad will open with scan results.
    • Save the report to your desktop and post its content in your next reply.
     
    broni,
    #26
  8. 2010/07/19
    writeman47

    writeman47 Inactive Thread Starter

    Joined:
    2006/01/13
    Messages:
    19
    Likes Received:
    0
    The BD scanner ran almost two hours, and then I hit the wrong button, because I didn't print out this page first. I exported the file instead of viewing the file. Hope you can work with this.

    BitDefender Online Scanner

    Scan report generated at: Mon, Jul 19, 2010 - 14:57:38

    Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;K:\;

    Statistics

    Time

    01:50:02

    Files

    638935

    Folders

    15095

    Boot Sectors

    0

    Archives

    63790

    Packed Files

    34919

    Results

    Identified Viruses

    14

    Infected Files

    32

    Suspect Files

    0

    Warnings

    0

    Disinfected

    0

    Deleted Files

    29

    Engines Info

    Virus Definitions

    6559215

    Engine build

    AVCORE v2.1 Windows/i386 11.0.0.33 (Jun 10 2010)

    Scan plugins

    18

    Archive plugins

    44

    Unpack plugins

    10

    E-mail plugins

    6

    System plugins

    4

    Scan Settings

    First Action

    Disinfect

    Second Action

    Delete

    Heuristics

    Yes

    Enable Warnings

    Yes

    Scanned Extensions

    *;

    Exclude Extensions

    Scan Emails

    Yes

    Scan Archives

    Yes

    Scan Packed

    Yes

    Scan Files

    Yes

    Scan Boot

    Yes

    Scanned File

    Status

    C:\Documents and Settings\HP_Administrator\My Documents\Thunderbird\Profiles\s4q4bqwi.default\Mail\Local Folders\Drafts=>(message 11)=>[From: Lynne Lefmann ][Date: Mon, 11 Sep 2006 14:08:21 -0400]=>(MIME part)=>SmileyCentralSetup2.1.50.3-3ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…泪Ñ

    Infected with: Trojan.Isbar.R

    C:\Documents and Settings\HP_Administrator\My Documents\Thunderbird\Profiles\s4q4bqwi.default\Mail\Local Folders\Drafts=>(message 11)=>[From: Lynne Lefmann ][Date: Mon, 11 Sep 2006 14:08:21 -0400]=>(MIME part)=>SmileyCentralSetup2.1.50.3-31.50.3-3ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…泪Ñ

    Deleted

    C:\Documents and Settings\HP_Administrator\My Documents\Thunderbird\Profiles\s4q4bqwi.default\Mail\Local Folders\Drafts=>(message 11)=>[From: Lynne Lefmann ][Date: Mon, 11 Sep 2006 14:08:21 -0400]=>(MIME part)

    Updated

    C:\Documents and Settings\HP_Administrator\My Documents\Thunderbird\Profiles\s4q4bqwi.default\Mail\Local Folders\Drafts=>(message 11)

    Updated

    C:\Documents and Settings\HP_Administrator\My Documents\Thunderbird\Profiles\s4q4bqwi.default\Mail\Local Folders\Drafts

    Updated

    C:\Documents and Settings\HP_Administrator\My Documents\Thunderbird\Profiles\s4q4bqwi.default\Mail\Local Folders\Drafts=>(message 12)=>[From: Lynne Lefmann ][Date: Mon, 11 Sep 2006 14:08:55 -0400]=>(MIME part)=>SmileyCentralSetup2.1.50.3-3ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…泪Ñ

    Infected with: Trojan.Isbar.R

    C:\Documents and Settings\HP_Administrator\My Documents\Thunderbird\Profiles\s4q4bqwi.default\Mail\Local Folders\Drafts=>(message 12)=>[From: Lynne Lefmann ][Date: Mon, 11 Sep 2006 14:08:55 -0400]=>(MIME part)=>SmileyCentralSetup2.1.50.3-31.50.3-3ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…ä…泪Ñ

    Deleted

    C:\Documents and Settings\HP_Administrator\My Documents\Thunderbird\Profiles\s4q4bqwi.default\Mail\Local Folders\Drafts=>(message 12)=>[From: Lynne Lefmann ][Date: Mon, 11 Sep 2006 14:08:55 -0400]=>(MIME part)

    Updated

    C:\Documents and Settings\HP_Administrator\My Documents\Thunderbird\Profiles\s4q4bqwi.default\Mail\Local Folders\Drafts=>(message 12)

    Updated

    C:\Documents and Settings\HP_Administrator\My Documents\Thunderbird\Profiles\s4q4bqwi.default\Mail\Local Folders\Drafts

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 1203)=>[Subject: Happy New Year!][Date: Fri, 29 Dec 2006 23:21:01 -1000]=>(MIME part)

    Infected with: Trojan.Script.171215

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 1203)=>[Subject: Happy New Year!][Date: Fri, 29 Dec 2006 23:21:01 -1000]=>(MIME part)

    Deleted

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 1203)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 1215)=>[Subject: Wish You Smiles And Good Cheer!][Date: Sun, 31 Dec 2006 01:36:55 +0900]=>(MIME part)

    Infected with: Trojan.Script.107775

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 1215)=>[Subject: Wish You Smiles And Good Cheer!][Date: Sun, 31 Dec 2006 01:36:55 +0900]=>(MIME part)

    Deleted

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 1215)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 1220)=>[Subject: Happy 2007!][Date: Sat, 30 Dec 2006 12:51:49 -0700]=>(MIME part)

    Infected with: Trojan.Script.107775

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 1220)=>[Subject: Happy 2007!][Date: Sat, 30 Dec 2006 12:51:49 -0700]=>(MIME part)

    Deleted

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 1220)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 1228)=>[Subject: Welcome 2007!][Date: Sun, 31 Dec 2006 01:39:58 -0600]=>(MIME part)

    Infected with: Trojan.Script.198361

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 1228)=>[Subject: Welcome 2007!][Date: Sun, 31 Dec 2006 01:39:58 -0600]=>(MIME part)

    Deleted

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 1228)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 1737)=>[Subject: Our Love is Free][Date: Mon, 22 Jan 2007 12:43:42 -0800]=>(MIME part)=>Postcard.exe

    Infected with: Trojan.Generic.560650

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 1737)=>[Subject: Our Love is Free][Date: Mon, 22 Jan 2007 12:43:42 -0800]=>(MIME part)=>Postcard.exe

    Deleted

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 1737)=>[Subject: Our Love is Free][Date: Mon, 22 Jan 2007 12:43:42 -0800]=>(MIME part)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 1737)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 1796)=>[Subject: I Think of You][Date: Wed, 24 Jan 2007 12:57:13 -0500]=>(MIME part)=>greeting card.exe

    Infected with: Win32.Generic.496195

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 1796)=>[Subject: I Think of You][Date: Wed, 24 Jan 2007 12:57:13 -0500]=>(MIME part)=>greeting card.exe

    Deleted

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 1796)=>[Subject: I Think of You][Date: Wed, 24 Jan 2007 12:57:13 -0500]=>(MIME part)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 1796)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 1867)=>[Subject: This Day Forward][Date: Sun, 28 Jan 2007 02:51:29 +0800]=>(MIME part)=>Greeting Postcard.exe

    Infected with: Worm.Generic.59513

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 1867)=>[Subject: This Day Forward][Date: Sun, 28 Jan 2007 02:51:29 +0800]=>(MIME part)=>Greeting Postcard.exe

    Deleted

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 1867)=>[Subject: This Day Forward][Date: Sun, 28 Jan 2007 02:51:29 +0800]=>(MIME part)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 1867)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 2027)=>[Subject: When I'm With You][Date: Sat, 3 Feb 2007 17:06:49 -0800]=>(MIME part)=>greeting postcard.exe

    Infected with: Trojan.Generic.557028

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 2027)=>[Subject: When I'm With You][Date: Sat, 3 Feb 2007 17:06:49 -0800]=>(MIME part)=>greeting postcard.exe

    Deleted

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 2027)=>[Subject: When I'm With You][Date: Sat, 3 Feb 2007 17:06:49 -0800]=>(MIME part)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 2027)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 2039)=>[Subject: Full Heart][Date: Mon, 5 Feb 2007 06:55:26 +0800]=>(MIME part)=>postcard.exe

    Infected with: Trojan.Generic.534070

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 2039)=>[Subject: Full Heart][Date: Mon, 5 Feb 2007 06:55:26 +0800]=>(MIME part)=>postcard.exe

    Deleted

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 2039)=>[Subject: Full Heart][Date: Mon, 5 Feb 2007 06:55:26 +0800]=>(MIME part)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 2039)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 2083)=>[Subject: I Think of You][Date: Tue, 6 Feb 2007 10:04:57 -0800]=>(MIME part)=>Flash Postcard.exe

    Infected with: Trojan.Generic.3951887

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 2083)=>[Subject: I Think of You][Date: Tue, 6 Feb 2007 10:04:57 -0800]=>(MIME part)=>Flash Postcard.exe

    Deleted

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 2083)=>[Subject: I Think of You][Date: Tue, 6 Feb 2007 10:04:57 -0800]=>(MIME part)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 2083)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 2147)=>[Subject: Memories][Date: Thu, 8 Feb 2007 09:41:43 -0800]=>(MIME part)=>greeting postcard.exe

    Infected with: Trojan.Generic.3579774

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 2147)=>[Subject: Memories][Date: Thu, 8 Feb 2007 09:41:43 -0800]=>(MIME part)=>greeting postcard.exe

    Deleted

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 2147)=>[Subject: Memories][Date: Thu, 8 Feb 2007 09:41:43 -0800]=>(MIME part)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 2147)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 2153)=>[Subject: A Hug & Roses][Date: Thu, 8 Feb 2007 15:53:08 -0500]=>(MIME part)=>Greeting Postcard.exe

    Infected with: Trojan.Generic.3283650

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 2153)=>[Subject: A Hug & Roses][Date: Thu, 8 Feb 2007 15:53:08 -0500]=>(MIME part)=>Greeting Postcard.exe

    Deleted

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 2153)=>[Subject: A Hug & Roses][Date: Thu, 8 Feb 2007 15:53:08 -0500]=>(MIME part)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox=>(message 2153)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Inbox

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1135)=>[Subject: Happy New Year!][Date: Fri, 29 Dec 2006 23:21:01 -1000]=>(MIME part)

    Infected with: Trojan.Script.171215

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1135)=>[Subject: Happy New Year!][Date: Fri, 29 Dec 2006 23:21:01 -1000]=>(MIME part)

    Deleted

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1135)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1159)=>[Subject: Wish You Smiles And Good Cheer!][Date: Sun, 31 Dec 2006 01:36:55 +0900]=>(MIME part)

    Infected with: Trojan.Script.107775

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1159)=>[Subject: Wish You Smiles And Good Cheer!][Date: Sun, 31 Dec 2006 01:36:55 +0900]=>(MIME part)

    Deleted

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1159)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1169)=>[Subject: Happy 2007!][Date: Sat, 30 Dec 2006 12:51:49 -0700]=>(MIME part)

    Infected with: Trojan.Script.107775

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1169)=>[Subject: Happy 2007!][Date: Sat, 30 Dec 2006 12:51:49 -0700]=>(MIME part)

    Deleted

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1169)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1179)=>[Subject: Welcome 2007!][Date: Sun, 31 Dec 2006 01:39:58 -0600]=>(MIME part)

    Infected with: Trojan.Script.198361

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1179)=>[Subject: Welcome 2007!][Date: Sun, 31 Dec 2006 01:39:58 -0600]=>(MIME part)

    Deleted

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1179)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1703)=>[Subject: Our Love is Free][Date: Mon, 22 Jan 2007 12:43:42 -0800]=>(MIME part)=>Postcard.exe

    Infected with: Trojan.Generic.560650

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1703)=>[Subject: Our Love is Free][Date: Mon, 22 Jan 2007 12:43:42 -0800]=>(MIME part)=>Postcard.exe

    Deleted

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1703)=>[Subject: Our Love is Free][Date: Mon, 22 Jan 2007 12:43:42 -0800]=>(MIME part)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1703)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1748)=>[Subject: I Think of You][Date: Wed, 24 Jan 2007 12:57:13 -0500]=>(MIME part)=>greeting card.exe

    Infected with: Win32.Generic.496195

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1748)=>[Subject: I Think of You][Date: Wed, 24 Jan 2007 12:57:13 -0500]=>(MIME part)=>greeting card.exe

    Deleted

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1748)=>[Subject: I Think of You][Date: Wed, 24 Jan 2007 12:57:13 -0500]=>(MIME part)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1748)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1801)=>[Subject: This Day Forward][Date: Sun, 28 Jan 2007 02:51:29 +0800]=>(MIME part)=>Greeting Postcard.exe

    Infected with: Worm.Generic.59513

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1801)=>[Subject: This Day Forward][Date: Sun, 28 Jan 2007 02:51:29 +0800]=>(MIME part)=>Greeting Postcard.exe

    Deleted

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1801)=>[Subject: This Day Forward][Date: Sun, 28 Jan 2007 02:51:29 +0800]=>(MIME part)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1801)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1955)=>[Subject: Full Heart][Date: Mon, 5 Feb 2007 06:55:26 +0800]=>(MIME part)=>postcard.exe

    Infected with: Trojan.Generic.534070

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1955)=>[Subject: Full Heart][Date: Mon, 5 Feb 2007 06:55:26 +0800]=>(MIME part)=>postcard.exe

    Deleted

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1955)=>[Subject: Full Heart][Date: Mon, 5 Feb 2007 06:55:26 +0800]=>(MIME part)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1955)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1985)=>[Subject: I Think of You][Date: Tue, 6 Feb 2007 10:04:57 -0800]=>(MIME part)=>Flash Postcard.exe

    Infected with: Trojan.Generic.3951887

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1985)=>[Subject: I Think of You][Date: Tue, 6 Feb 2007 10:04:57 -0800]=>(MIME part)=>Flash Postcard.exe

    Deleted

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1985)=>[Subject: I Think of You][Date: Tue, 6 Feb 2007 10:04:57 -0800]=>(MIME part)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 1985)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 2036)=>[Subject: A Hug & Roses][Date: Thu, 8 Feb 2007 15:53:08 -0500]=>(MIME part)=>Greeting Postcard.exe

    Infected with: Trojan.Generic.3283650

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 2036)=>[Subject: A Hug & Roses][Date: Thu, 8 Feb 2007 15:53:08 -0500]=>(MIME part)=>Greeting Postcard.exe

    Deleted

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 2036)=>[Subject: A Hug & Roses][Date: Thu, 8 Feb 2007 15:53:08 -0500]=>(MIME part)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 2036)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 2073)=>[Subject: Memories][Date: Thu, 8 Feb 2007 09:41:43 -0800]=>(MIME part)=>greeting postcard.exe

    Infected with: Trojan.Generic.3579774

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 2073)=>[Subject: Memories][Date: Thu, 8 Feb 2007 09:41:43 -0800]=>(MIME part)=>greeting postcard.exe

    Deleted

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 2073)=>[Subject: Memories][Date: Thu, 8 Feb 2007 09:41:43 -0800]=>(MIME part)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 2073)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 2086)=>[Subject: When I'm With You][Date: Sat, 3 Feb 2007 17:06:49 -0800]=>(MIME part)=>greeting postcard.exe

    Infected with: Trojan.Generic.557028

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 2086)=>[Subject: When I'm With You][Date: Sat, 3 Feb 2007 17:06:49 -0800]=>(MIME part)=>greeting postcard.exe

    Deleted

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 2086)=>[Subject: When I'm With You][Date: Sat, 3 Feb 2007 17:06:49 -0800]=>(MIME part)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash=>(message 2086)

    Updated

    C:\Documents and Settings\Lynne\Application Data\Thunderbird\Profiles\3rf80xzv.default\Mail\Local Folders\Trash

    Updated

    C:\Program Files\MusicMatch\Common\ComponentMgr\HoldingArea\WebSys\WebSys.mmz=>(ZIP Sfx g)=>offline.mmz=>(ZIP Sfx g)=>KillTi.exe

    Detected with: Application.KillTi.A

    C:\Program Files\MusicMatch\Common\ComponentMgr\HoldingArea\WebSys\WebSys.mmz=>(ZIP Sfx g)=>offline.mmz=>(ZIP Sfx g)=>KillTi.exe

    Disinfection failed

    C:\Program Files\MusicMatch\Common\ComponentMgr\HoldingArea\WebSys\WebSys.mmz=>(ZIP Sfx g)=>offline.mmz=>KillTi.exe

    Detected with: Application.KillTi.A

    C:\Program Files\MusicMatch\Common\ComponentMgr\HoldingArea\WebSys\WebSys.mmz=>(ZIP Sfx g)=>offline.mmz=>KillTi.exe

    Disinfection failed

    C:\Program Files\MusicMatch\MusicMatch Jukebox\WebSys\offline.mmz=>(ZIP Sfx g)=>KillTi.exe

    Detected with: Application.KillTi.A

    C:\Program Files\MusicMatch\MusicMatch Jukebox\WebSys\offline.mmz=>(ZIP Sfx g)=>KillTi.exe

    Disinfection failed

    C:\Program Files\MusicMatch\MusicMatch Jukebox\WebSys\offline.mmz=>KillTi.exe

    Detected with: Application.KillTi.A

    C:\Program Files\MusicMatch\MusicMatch Jukebox\WebSys\offline.mmz=>KillTi.exe

    Deleted

    C:\Program Files\MusicMatch\MusicMatch Jukebox\WebSys\offline.mmz

    Update failed

    K:\My Documents\Thunderbird\Profiles\s4q4bqwi.default\Mail\Local Folders\Drafts=>(message 11)=>[From: Lynne Lefmann ][Date: Mon, 11 Sep 2006 14:08:21 -0400]=>(MIME part)=>SmileyCentralSetup2.1.50.3-3.exe

    Infected with: Trojan.Isbar.R

    K:\My Documents\Thunderbird\Profiles\s4q4bqwi.default\Mail\Local Folders\Drafts=>(message 11)=>[From: Lynne Lefmann ][Date: Mon, 11 Sep 2006 14:08:21 -0400]=>(MIME part)=>SmileyCentralSetup2.1.50.3-3.exe

    Deleted

    K:\My Documents\Thunderbird\Profiles\s4q4bqwi.default\Mail\Local Folders\Drafts=>(message 11)=>[From: Lynne Lefmann ][Date: Mon, 11 Sep 2006 14:08:21 -0400]=>(MIME part)

    Updated

    K:\My Documents\Thunderbird\Profiles\s4q4bqwi.default\Mail\Local Folders\Drafts=>(message 11)

    Updated

    K:\My Documents\Thunderbird\Profiles\s4q4bqwi.default\Mail\Local Folders\Drafts

    Updated

    K:\My Documents\Thunderbird\Profiles\s4q4bqwi.default\Mail\Local Folders\Drafts=>(message 12)=>[From: Lynne Lefmann ][Date: Mon, 11 Sep 2006 14:08:55 -0400]=>(MIME part)=>SmileyCentralSetup2.1.50.3-3.exe

    Infected with: Trojan.Isbar.R

    K:\My Documents\Thunderbird\Profiles\s4q4bqwi.default\Mail\Local Folders\Drafts=>(message 12)=>[From: Lynne Lefmann ][Date: Mon, 11 Sep 2006 14:08:55 -0400]=>(MIME part)=>SmileyCentralSetup2.1.50.3-3.exe

    Deleted

    K:\My Documents\Thunderbird\Profiles\s4q4bqwi.default\Mail\Local Folders\Drafts=>(message 12)=>[From: Lynne Lefmann ][Date: Mon, 11 Sep 2006 14:08:55 -0400]=>(MIME part)

    Updated

    K:\My Documents\Thunderbird\Profiles\s4q4bqwi.default\Mail\Local Folders\Drafts=>(message 12)

    Updated

    K:\My Documents\Thunderbird\Profiles\s4q4bqwi.default\Mail\Local Folders\Drafts

    Updated
     
    writeman47,
    #27
  9. 2010/07/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Is that all, or more is coming?
     
    broni,
    #28
  10. 2010/07/19
    writeman47

    writeman47 Inactive Thread Starter

    Joined:
    2006/01/13
    Messages:
    19
    Likes Received:
    0
    That's the entire contents of the HTML file the export action saved the log as.
     
    writeman47,
    #29
  11. 2010/07/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK. Good :)
    As you can see from the report, most of the found infected items come from your mail.
    In the future, you have to be more careful with what you open....


    OTL Clean-Up
    Clean up with OTL:

    * Double-click OTL.exe to start the program.
    * Close all other programs apart from OTL as this step will require a reboot
    * On the OTL main screen, press the CLEANUP button
    * Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    ============================================================

    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

    Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore ".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current.

    [SIZE= "4"]5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run defrag at your convenience.

    8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    9. Please, let me know, how is your computer doing.
     
    broni,
    #30
  12. 2010/07/21
    writeman47

    writeman47 Inactive Thread Starter

    Joined:
    2006/01/13
    Messages:
    19
    Likes Received:
    0
    The power shutdown has not yet re-occurred. I am hopeful that problem has been resolved. I've completed all the recommendations above. The only thing that seems to be happening now is that both Firefox and IE7 are extremely sluggish. I successfully installed XP SP3 which I've never been able to do before. IE8 does not seem to be compatible with my AMD processor, so I'm sticking with IE7 for now.

    Thank you for devoting so much time and effort to helping me solve my issue. I appreciate it greatly.
     
    writeman47,
    #31
  13. 2010/07/21
    writeman47

    writeman47 Inactive Thread Starter

    Joined:
    2006/01/13
    Messages:
    19
    Likes Received:
    0
    Spent the day fine tuning and everything looked great. Then just now the computer turned itself off again. Grrrrrr. Are we back to power supply?
     
    writeman47,
    #32
  14. 2010/07/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    At this point, your computer is totally clean, so you may have some other issues as well.
    I suggest, you start new topic at Windows, or hardware forum.

    Good luck :)
     
    broni,
    #33
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...