Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan horse Agent3.WJV [Solved]


  • This topic is locked This topic is locked

#16
Reddoug

Reddoug

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 291 posts
Hi

Sometimes it runs pretty good for what ram is in it and then other times it runs pretty slow. It is better than when we started, shuts down without holding power button. Sometimes you can watch graphics go away when I close or minimize a program. Can here the hard drive working alot. I have run TFC cleaner and I use Auslogics disk defrag with optimize option. That helped some. Would it be advisable to run OTL or GMER scans that I was unable to run from desktop before? What do you think of Microsoft Secutirty Essentials compared to AVG Free? The biggest thing I like about AVG is the scan logs to know if scans are being done.

Thanks, Doug
  • 0

Advertisements


#17
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts

Would it be advisable to run OTL or GMER scans that I was unable to run from desktop before


No need for them now. We used other programs to get info I needed :)

What do you think of Microsoft Secutirty Essentials compared to AVG Free? The biggest thing I like about AVG is the scan logs to know if scans are being done.


I've become big fan of Microsoft Secutirty Essentials. I would strongly recommend it for this machine because it uses very very low system resources.

Step 1

Please download ResetDMS from the link bellow. You must right click on the link and choose Save as.... Save it as resetdma.vbs on your desktop

ResetDMS

Double click it to run it.

Restart your machine and let me know how is your machine running now.

Step 2

Please try to run Combofix one more time. Post log after the scan.

Step 3

Please don't forget to include these items in your reply:

  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#18
Reddoug

Reddoug

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 291 posts
Hi

Below are the logs for OTL and ComboFix. ComboFix ran for 8 hours. I got up at 5AM this morning and it was just finishing up. I did run ResetDMS before I ran scans.

Thanks, Doug


OTL logfile created on: 5/13/2012 7:56:00 PM - Run 4
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Lazer Graphics\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

494.73 Mb Total Physical Memory | 132.21 Mb Available Physical Memory | 26.72% Memory free
1.13 Gb Paging File | 0.87 Gb Available in Paging File | 76.72% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 89.38 Gb Free Space | 79.95% Space Free | Partition Type: NTFS

Computer Name: JOHN-RJB6SXQFOI | User Name: Lazer Graphics | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/13 19:51:24 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lazer Graphics\Desktop\OTL.scr
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/09/11 16:21:52 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2003/09/03 21:33:54 | 000,106,496 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
PRC - [2003/09/03 21:11:50 | 000,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/12 03:15:00 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_27bc1145\system.drawing.dll
MOD - [2012/04/12 03:14:17 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_5cbcb4f3\system.windows.forms.dll
MOD - [2012/04/12 03:13:19 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2012/01/11 04:09:41 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_6702bffa\mscorlib.dll
MOD - [2012/01/11 04:09:27 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_33884e5d\system.xml.dll
MOD - [2012/01/11 04:09:05 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_21a043f8\system.dll
MOD - [2012/01/11 04:08:54 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/01/11 04:08:52 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2006/08/19 22:27:25 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2006/04/22 00:56:57 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2003/09/03 21:11:58 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 3100 Series\mcrdchkr.dll
MOD - [2003/09/03 21:11:52 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 3100 Series\regutil.dll
MOD - [2003/07/29 04:45:10 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBRPP5C.DLL
MOD - [2002/01/02 20:12:23 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2002/01/02 20:12:23 | 000,006,656 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcprsc.resources.dll
MOD - [2002/01/02 20:12:18 | 000,614,400 | ---- | M] () -- c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll
MOD - [2002/01/02 20:11:55 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2002/01/02 20:11:32 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.66__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2002/01/02 20:11:32 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.66__9cf889f53ea9b907\lead.drawing.dll
MOD - [2002/01/02 20:11:32 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.66__9cf889f53ea9b907\lead.dll
MOD - [2002/01/02 20:11:32 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.66__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2002/01/02 20:11:31 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2002/01/02 20:11:30 | 000,368,640 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2002/01/02 20:11:30 | 000,249,856 | ---- | M] () -- c:\windows\assembly\gac\hpqtray.resources\3.0.0.0_en_a53cf5803f4c3827\hpqtray.resources.dll
MOD - [2002/01/02 20:11:30 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2002/01/02 20:11:30 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2002/01/02 20:11:30 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2002/01/02 20:11:29 | 000,151,552 | ---- | M] () -- c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
MOD - [2002/01/02 20:11:29 | 000,028,672 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2002/01/02 20:11:29 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2002/01/02 20:11:29 | 000,007,168 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqfmrsc.resources.dll
MOD - [2002/01/02 20:09:57 | 000,151,552 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2002/01/02 20:09:57 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
MOD - [2002/01/02 20:09:57 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2002/01/02 20:09:57 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
MOD - [2002/01/02 20:09:56 | 000,557,056 | ---- | M] () -- c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
MOD - [2002/01/02 20:09:56 | 000,192,512 | ---- | M] () -- c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2007/02/27 17:20:22 | 001,204,416 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe -- (SandraTheSrv)
SRV - [2007/02/27 17:19:14 | 000,123,064 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe -- (SandraDataSrv)
SRV - [2005/09/11 16:21:52 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2004/03/18 19:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\dc_enum.sys -- (USBSANDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdobex.sys -- (UsbSADObex)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdmodem.sys -- (USBSADModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbddiag.sys -- (UsbSADDiag)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Lazer Graphics\My Documents\PC Tools\SysinternalsSuite\PORTMSYS.SYS -- (PORTMON)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgcpo.sys -- (lgcpo)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\KATIES~1\LOCALS~1\Temp\ddxgb.sys -- (ddxgb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\LAZERG~1\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\cdc_ecm.sys -- (cdc_ecm)
DRV - [2012/05/12 20:48:49 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2008/12/04 08:17:15 | 000,627,072 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3)
DRV - [2008/09/04 16:03:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/08/22 12:05:42 | 000,026,760 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/04/14 00:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 00:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/07/14 15:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2002/01/11 09:54:54 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2001/08/17 08:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {34e26447-bf30-4c78-a5b9-61dfa8a55e67}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu....q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0662A485-A771-49E1-B4FF-DE4B644E01B5}: "URL" = http://websearch.ask...03-4BA90E68D772
IE - HKCU\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKCU\..\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://findgala.com/...1I7ADRA_enUS446
IE - HKCU\..\SearchScopes\{85BB23C7-0F67-4250-6758-200ACEDDE7FE}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@DailyBibleGuide.com/Plugin: C:\Program Files\DailyBibleGuide\bar\1.bin\NP2vStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\DailyBibleGuide\bar\1.bin [2012/02/26 11:42:18 | 000,000,000 | ---D | M]


Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (US Job Search Toolbar) - {f409caa5-db4f-48aa-a238-ca307c481237} - C:\Program Files\usjobsearchtoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (US Job Search Toolbar) - {f409caa5-db4f-48aa-a238-ca307c481237} - C:\Program Files\usjobsearchtoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Lexmark 3100 Series] C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [LXBRKsk] C:\Program Files\Lexmark 3100 Series\lxbrksk.exe ( )
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &Search - http://tbedits.daily...1B&n=2011110315 File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .pdf - C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll (Adobe Systems Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macrom...tor/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1310159303093 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} http://download.spys...rcabinstall.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A254EC2C-C5C6-476F-A946-90BFCE555F47}: DhcpNameServer = 12.241.16.50 12.241.16.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDF2DCA4-C890-432E-8B7A-0A0C8BDD3BF2}: DhcpNameServer = 74.134.1.164 74.134.1.166
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/11 16:08:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{803fb104-0841-11d6-8abd-c3a146524b30}\Shell - "" = AutoRun
O33 - MountPoints2\{803fb104-0841-11d6-8abd-c3a146524b30}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{803fb104-0841-11d6-8abd-c3a146524b30}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/13 19:51:12 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lazer Graphics\Desktop\OTL.scr
[2012/05/13 06:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SiSoftware
[2012/05/13 06:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\SiSoftware
[2012/05/13 06:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lazer Graphics\My Documents\san1122a
[2012/05/13 06:41:40 | 000,641,975 | ---- | C] (EFD Software ) -- C:\Documents and Settings\Lazer Graphics\My Documents\hdtune_253.exe
[2012/05/12 20:45:40 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/05/12 07:24:09 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Lazer Graphics\Desktop\aswMBR.exe
[2012/05/12 07:11:56 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/12 07:01:02 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Lazer Graphics\Desktop\tdsskiller.exe
[2012/05/11 19:52:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/05/11 19:28:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/11 19:28:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/11 19:28:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/11 19:28:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/11 19:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/05/11 19:21:46 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/05/11 19:13:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/11 18:44:34 | 004,490,638 | R--- | C] (Swearware) -- C:\Documents and Settings\Lazer Graphics\Desktop\ComboFix.exe
[2012/05/10 07:05:30 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012/05/10 07:05:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/09 16:32:37 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2012/05/09 16:32:36 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2012/05/09 16:32:36 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2012/05/09 16:32:35 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2012/05/09 16:32:35 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2012/05/09 16:32:35 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2012/05/09 16:32:27 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2012/05/09 16:32:27 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2012/05/09 16:32:26 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2012/05/09 16:32:26 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2012/05/09 16:32:25 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2012/05/09 16:32:25 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2012/05/09 16:32:25 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2012/05/09 16:32:24 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2012/05/09 16:32:24 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2012/05/09 16:32:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2012/05/09 16:32:18 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2012/05/09 16:31:47 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2012/05/09 16:31:46 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2012/05/09 16:31:46 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2012/05/09 16:31:45 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2012/05/09 16:31:45 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2012/05/09 16:31:44 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2012/05/09 16:31:44 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2012/05/09 16:31:44 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2012/05/09 16:31:42 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2012/05/09 16:31:41 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2012/05/09 16:31:41 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2012/05/09 16:31:40 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2012/05/09 16:31:39 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2012/05/09 16:31:39 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2012/05/09 16:31:39 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2012/05/09 16:31:38 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2012/05/09 16:31:37 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2012/05/09 16:31:37 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2012/05/09 16:31:36 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2012/05/09 16:31:35 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2012/05/09 16:31:35 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2012/05/09 16:31:35 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2012/05/09 16:31:34 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2012/05/09 16:31:10 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2012/05/05 21:33:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lazer Graphics\Start Menu\Programs\Revo Uninstaller
[2012/05/05 21:33:58 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/05/05 15:13:34 | 000,000,000 | ---D | C] -- C:\NBRT
[2012/05/01 18:59:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/01 18:59:37 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/01 18:43:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/05/01 17:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lazer Graphics\My Documents\Denny's
[2012/05/01 12:03:23 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012/04/26 17:55:06 | 000,000,000 | -H-D | C] -- C:\Recycl
[6 C:\Documents and Settings\All Users.WINDOWS\Application Data\*.tmp files -> C:\Documents and Settings\All Users.WINDOWS\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/13 19:55:20 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/05/13 19:54:21 | 000,003,083 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\Desktop\resetdma.vbs
[2012/05/13 19:53:29 | 000,302,592 | ---- | M] () -- C:\efbl1m1j.exe
[2012/05/13 19:51:24 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lazer Graphics\Desktop\OTL.scr
[2012/05/13 19:46:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/13 19:45:24 | 000,000,023 | ---- | M] () -- C:\WINDOWS\FLASHKSK.INI
[2012/05/13 19:45:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/13 06:46:01 | 000,001,013 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SiSoftware Sandra Lite XI.SP1a.lnk
[2012/05/13 06:35:56 | 013,469,937 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\My Documents\san1122a.zip
[2012/05/13 06:33:32 | 000,641,975 | ---- | M] (EFD Software ) -- C:\Documents and Settings\Lazer Graphics\My Documents\hdtune_253.exe
[2012/05/12 20:48:49 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/05/12 19:23:55 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{35E7ABF2-0DA8-4115-A68A-32400ED5601E}.job
[2012/05/12 18:28:08 | 001,031,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/12 14:51:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/12 14:45:06 | 000,444,494 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/12 14:45:06 | 000,072,370 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/12 13:23:32 | 000,000,499 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\My Documents\MBR.zip
[2012/05/12 13:06:54 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\My Documents\MBR.dat
[2012/05/12 07:24:10 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Lazer Graphics\Desktop\aswMBR.exe
[2012/05/12 07:11:52 | 000,001,122 | ---- | M] () -- C:\WINDOWS\System32\C__Documents and Settings_LocalService.NT AUTHORITY_Local Settings_Temporary Internet Files_Content.IE5_MRAV9ZNC_CA41IFVP.HTM
[2012/05/12 07:01:40 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Lazer Graphics\Desktop\tdsskiller.exe
[2012/05/11 19:52:30 | 000,000,418 | RHS- | M] () -- C:\boot.ini
[2012/05/11 18:51:46 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/11 18:44:38 | 004,490,638 | R--- | M] (Swearware) -- C:\Documents and Settings\Lazer Graphics\Desktop\ComboFix.exe
[2012/05/06 17:31:23 | 092,549,811 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\My Documents\Backup 5-5-2012.zip
[2012/05/06 16:41:36 | 010,402,561 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\My Documents\BLACKHAWK TRUCK.zip
[2012/05/05 21:33:59 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\Desktop\Revo Uninstaller.lnk
[2012/05/05 16:23:50 | 085,983,232 | -HS- | M] () -- C:\NBRTPage.sys
[2012/05/05 09:01:06 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/05/01 18:59:42 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/01 18:45:43 | 000,000,302 | ---- | M] () -- C:\Boot.bak
[2012/05/01 17:24:53 | 000,000,030 | ---- | M] () -- C:\WINDOWS\Iedit.INI
[2012/05/01 11:51:07 | 000,140,488 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\My Documents\benson.cst
[2012/04/26 16:14:31 | 000,038,204 | ---- | M] () -- C:\a1ba.reg
[2012/04/26 16:14:31 | 000,014,752 | ---- | M] () -- C:\a2ba.reg
[2012/04/25 18:23:03 | 000,091,915 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\My Documents\hOWE TRAILERS 1.cst
[2012/04/20 17:56:17 | 000,429,207 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\My Documents\blake vangsness.cst
[2012/04/18 10:02:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[6 C:\Documents and Settings\All Users.WINDOWS\Application Data\*.tmp files -> C:\Documents and Settings\All Users.WINDOWS\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/13 19:54:20 | 000,003,083 | ---- | C] () -- C:\Documents and Settings\Lazer Graphics\Desktop\resetdma.vbs
[2012/05/13 19:53:24 | 000,302,592 | ---- | C] () -- C:\efbl1m1j.exe
[2012/05/13 06:46:01 | 000,001,013 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SiSoftware Sandra Lite XI.SP1a.lnk
[2012/05/13 06:41:40 | 013,469,937 | ---- | C] () -- C:\Documents and Settings\Lazer Graphics\My Documents\san1122a.zip
[2012/05/12 13:23:14 | 000,000,499 | ---- | C] () -- C:\Documents and Settings\Lazer Graphics\My Documents\MBR.zip
[2012/05/12 13:06:54 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Lazer Graphics\My Documents\MBR.dat
[2012/05/12 07:11:52 | 000,001,122 | ---- | C] () -- C:\WINDOWS\System32\C__Documents and Settings_LocalService.NT AUTHORITY_Local Settings_Temporary Internet Files_Content.IE5_MRAV9ZNC_CA41IFVP.HTM
[2012/05/11 19:52:30 | 000,000,302 | ---- | C] () -- C:\Boot.bak
[2012/05/11 19:52:26 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/05/11 19:28:40 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/11 19:28:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/11 19:28:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/11 19:28:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/11 19:28:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/06 16:41:27 | 010,402,561 | ---- | C] () -- C:\Documents and Settings\Lazer Graphics\My Documents\BLACKHAWK TRUCK.zip
[2012/05/06 16:40:43 | 092,549,811 | ---- | C] () -- C:\Documents and Settings\Lazer Graphics\My Documents\Backup 5-5-2012.zip
[2012/05/05 21:33:59 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Lazer Graphics\Desktop\Revo Uninstaller.lnk
[2012/05/05 15:13:33 | 085,983,232 | -HS- | C] () -- C:\NBRTPage.sys
[2012/05/05 09:27:55 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/05/05 09:01:04 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/05/01 18:59:42 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/26 16:14:30 | 000,038,204 | ---- | C] () -- C:\a1ba.reg
[2012/04/26 16:14:30 | 000,014,752 | ---- | C] () -- C:\a2ba.reg
[2012/03/30 12:39:38 | 000,130,228 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/07/14 18:46:44 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/07/27 14:21:09 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Lazer Graphics\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/02 17:00:48 | 000,026,760 | R--- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys

< End of report >


ComboFix log

ComboFix 12-05-11.03 - Lazer Graphics 05/14/2012 4:52.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.495.153 [GMT -5:00]
Running from: c:\documents and settings\Lazer Graphics\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\86bd12
c:\documents and settings\All Users.WINDOWS\Application Data\86bd12\21.mof
c:\documents and settings\All Users.WINDOWS\Application Data\86bd12\BackUp\HP Digital Imaging Monitor.lnk
c:\documents and settings\All Users.WINDOWS\Application Data\86bd12\BackUp\HP Image Zone Fast Start.lnk
c:\documents and settings\All Users.WINDOWS\Application Data\86bd12\HSE.ico
c:\documents and settings\All Users.WINDOWS\Application Data\xml3.tmp
c:\documents and settings\All Users.WINDOWS\Application Data\xml4.tmp
c:\documents and settings\All Users.WINDOWS\Application Data\xml5.tmp
c:\documents and settings\All Users.WINDOWS\Application Data\xml7.tmp
c:\documents and settings\All Users.WINDOWS\Application Data\xml8.tmp
c:\documents and settings\All Users.WINDOWS\Application Data\xml9.tmp
c:\documents and settings\Lazer Graphics\Application Data\Home Safety Essentials
c:\documents and settings\Lazer Graphics\Application Data\Home Safety Essentials\Instructions.ini
c:\documents and settings\Owner\WINDOWS
c:\program files\DailyBibleGuideEI
c:\program files\wincmapp
c:\program files\wincmapp\Uninstall.exe
c:\windows\desktop
c:\windows\desktop\Instal~1.lnk
c:\windows\EventSystem.log
c:\windows\help\wmplayer.bak
c:\windows\system32\_005788_.tmp.dll
c:\windows\system32\_005789_.tmp.dll
c:\windows\system32\_005790_.tmp.dll
c:\windows\system32\_005791_.tmp.dll
c:\windows\system32\C__Documents and Settings_LocalService.NT AUTHORITY_Local Settings_Temporary Internet Files_Content.IE5_MRAV9ZNC_CA41IFVP.HTM
c:\windows\system32\dllcache\wmpvis.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-14 to 2012-05-14 )))))))))))))))))))))))))))))))
.
.
2012-05-14 00:53 . 2012-05-14 00:53 302592 ----a-w- C:\efbl1m1j.exe
2012-05-13 11:45 . 2012-05-13 11:45 -------- d-----w- c:\program files\SiSoftware
2012-05-13 02:00 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{92DE101F-7A98-47D2-B3D8-6BA8352241C1}\mpengine.dll
2012-05-13 01:45 . 2012-05-13 01:48 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-05-12 18:32 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-12 12:11 . 2012-05-12 12:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-10 12:05 . 2011-07-13 02:55 2237440 ----a-r- C:\OTLPE.exe
2012-05-10 12:05 . 2012-05-10 12:05 -------- d-----w- C:\_OTL
2012-05-09 21:31 . 2001-08-17 19:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2012-05-06 02:33 . 2012-05-06 02:33 -------- d-----w- c:\program files\VS Revo Group
2012-05-06 02:31 . 2012-05-06 02:31 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2012-05-05 20:13 . 2012-05-05 20:13 -------- d-----w- C:\NBRT
2012-05-05 14:00 . 2012-05-05 14:00 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\PCHealth
2012-05-01 23:59 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-01 23:50 . 2012-05-01 23:51 -------- d-----w- c:\documents and settings\Administrator.JOHN-RJB6SXQFOI
2012-05-01 17:03 . 2012-05-01 17:07 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-04-26 22:55 . 2012-04-26 22:55 -------- d-----w- C:\Recycl
2012-04-26 21:14 . 2012-04-26 21:14 38204 ----a-w- C:\a1ba.reg
2012-04-26 21:14 . 2012-04-26 21:14 14752 ----a-w- C:\a2ba.reg
2012-04-25 02:51 . 2012-04-25 02:51 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-23 23:28 . 2012-04-23 23:28 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:14 . 2003-04-24 13:57 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2003-06-04 15:22 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2003-04-24 13:57 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-21 01:44 . 2011-04-18 18:18 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-01 11:01 . 2005-06-18 06:49 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2003-03-31 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2003-03-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2003-03-31 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2003-03-31 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2012-02-15 17:01 . 2011-09-14 15:13 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 17:01 . 2011-09-14 15:13 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2006-03-03 09:33 . 2007-08-11 20:47 118784 -c--a-w- c:\program files\CutStudioPlugin.aip
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f409caa5-db4f-48aa-a238-ca307c481237}]
2011-06-24 15:13 81920 ----a-w- c:\program files\usjobsearchtoolbar\vmntemplateX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f409caa5-db4f-48aa-a238-ca307c481237}"= "c:\program files\usjobsearchtoolbar\vmntemplateX.dll" [2011-06-24 81920]
.
[HKEY_CLASSES_ROOT\clsid\{f409caa5-db4f-48aa-a238-ca307c481237}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-11-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-11-08 114688]
"Lexmark 3100 Series"="c:\program files\Lexmark 3100 Series\lxbrbmgr.exe" [2003-09-04 106496]
"LXBRKsk"="c:\progra~1\LEXMAR~1\LXBRKsk.exe" [2003-06-13 294912]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ABBYY FineReader 5.0 Sprint\\Sprint.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FrostWire 5\\FrostWire.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP1a\\RpcSandraSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP1a\\Win32\\RpcDataSrv.exe"=
.
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]
S2 !SASCORE;SAS Core Service;"c:\program files\SUPERAntiSpyware\SASCORE.EXE" --> c:\program files\SUPERAntiSpyware\SASCORE.EXE [?]
S3 cdc_ecm;LGE WirelessSA USB NDIS REVD Device Driver;c:\windows\system32\DRIVERS\cdc_ecm.sys --> c:\windows\system32\DRIVERS\cdc_ecm.sys [?]
S3 cpuz135;cpuz135;\??\c:\docume~1\LAZERG~1\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\LAZERG~1\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys [?]
S3 lgcpo;LGE Configuration Policy Owner Service Install;c:\windows\system32\DRIVERS\lgcpo.sys --> c:\windows\system32\DRIVERS\lgcpo.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/12/2012 8:45 PM 40776]
S3 PORTMON;PORTMON;\??\c:\documents and settings\Lazer Graphics\My Documents\PC Tools\SysinternalsSuite\PORTMSYS.SYS --> c:\documents and settings\Lazer Graphics\My Documents\PC Tools\SysinternalsSuite\PORTMSYS.SYS [?]
S3 UsbSADDiag;LGE WirelessSA USB Serial01 REVD Device;c:\windows\system32\DRIVERS\lgusbddiag.sys --> c:\windows\system32\DRIVERS\lgusbddiag.sys [?]
S3 USBSADModem;LGE WirelessSA USB REVD Modem;c:\windows\system32\DRIVERS\lgusbdmodem.sys --> c:\windows\system32\DRIVERS\lgusbdmodem.sys [?]
S3 UsbSADObex;LGE WirelessSA USB Serial02 REVD Device;c:\windows\system32\DRIVERS\lgusbdobex.sys --> c:\windows\system32\DRIVERS\lgusbdobex.sys [?]
S3 USBSANDIS;LGE WirelessSA USB NDIS Device Enumerator REVD Service;c:\windows\system32\DRIVERS\dc_enum.sys --> c:\windows\system32\DRIVERS\dc_enum.sys [?]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [4/30/2002 7:46 AM 627072]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-05-14 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
.
2012-05-14 c:\windows\Tasks\User_Feed_Synchronization-{35E7ABF2-0DA8-4115-A68A-32400ED5601E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKLM-Run-SpySpotter System Defender - c:\program files\SpySpotter3\Defender.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
AddRemove-Roland GX-500 - c:\docume~1\1JOHNS~1\LOCALS~1\Temp\RolandRDGX500.INF\SETUP.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-14 05:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-05-14 05:09:08
ComboFix-quarantined-files.txt 2012-05-14 10:09
.
Pre-Run: 96,032,718,848 bytes free
Post-Run: 95,789,416,448 bytes free
.
- - End Of File - - F9F323C4E0A4F1E5386EAD5FD4BC2197
  • 0

#19
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Everything is looking good. Any changes on PC speed?

System is using paging file on your HDD in order to compensate low RAM memory. That is why you see a lot of HDD usage. I think that only RAM update will speed your PC.

If you don't have any problems I'll prepare some cleanup for you and finish this cleanup.
  • 0

#20
Reddoug

Reddoug

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 291 posts
Hi

Seems to run okay. The one question I still have is when the computer shuts down I get a message the a program is still running. Same message when Crtl,Alt,Delete to end a stuck program. Other than that it run okay. Do not understand why when I ran memtest86 and showed memory okay with four sticks of memory and then I shut it down and the next time I restarted it would not boot untill I remove three sticks of memory. The one stick is in channel A DIMM 0. What do you use to sort through the logs that I have posted to tell what is wrong. I tried looking through one of the first ones and I could not see which on is bad.

Thanks again for your help, Doug
  • 0

#21
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts

Do not understand why when I ran memtest86 and showed memory okay with four sticks of memory and then I shut it down and the next time I restarted it would not boot untill I remove three sticks of memory.


This one is strange. Memtest should show you that something is wrong with your memory. I use it too and it didn't failed so far. I don't know what could it be on your system.

What do you use to sort through the logs that I have posted to tell what is wrong. I tried looking through one of the first ones and I could not see which on is bad.


We don't use any automated tools what so ever. That could lead us to wrong trail. I use my experience and searching skills :). I do this every day so I could say I have a lot of practice too.

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#22
Reddoug

Reddoug

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 291 posts
Thanks for all of your help cleaning out this computer. I gave it back to my friend and he brought me an old P3 with 320mb of ram running XP SP2. Talk about slow. Let the fun begin. Told him not a lot of hope for it but I like a challenge.

Thanks again, Doug
  • 0

#23
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP