Would like to do a full preventative malware/trojan check

[Starbuck]

I will get on that later this evening.

Ok, thanks.

[shawnh]

Hi Starbuck, okay I got the OTL run done. Attached is the logfile. It actually did the CHKDSK (or is that "Scandisk") automatically as it rebooted. It took almost all night, I just let it go.

 

Will carry on with the other steps tonight!

 

All processes killed

========== OTL ==========

Service r_server stopped successfully!

Service r_server deleted successfully!

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71AAABE5-1F0F-11D7-BD6F-004854603DCE} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71AAABE5-1F0F-11D7-BD6F-004854603DCE}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84dada70-46d4-11e0-b00a-00038a000015}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84dada70-46d4-11e0-b00a-00038a000015}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84dada70-46d4-11e0-b00a-00038a000015}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84dada70-46d4-11e0-b00a-00038a000015}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84dada70-46d4-11e0-b00a-00038a000015}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84dada70-46d4-11e0-b00a-00038a000015}\ not found.

File E:\WIN\setup.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{932095b1-1f1b-11de-9eaa-00038a000015}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{932095b1-1f1b-11de-9eaa-00038a000015}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{932095b1-1f1b-11de-9eaa-00038a000015}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{932095b1-1f1b-11de-9eaa-00038a000015}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{932095b1-1f1b-11de-9eaa-00038a000015}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{932095b1-1f1b-11de-9eaa-00038a000015}\ not found.

File C:\WINXP\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AppLaunch.exe AUTORUN=1 not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7e2caf0-59c7-11de-af91-00179a446a75}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7e2caf0-59c7-11de-af91-00179a446a75}\ not found.

File E:\CDGO.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.

File E:\WIN\setup.exe not found.

ADS C:\Documents and Settings\All Users.WINXP\Application Data\TEMP:0B174FAE deleted successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\Moe\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\Moe\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temporary Internet Files folder emptied: 0 bytes

 

User: Administrator.N-66I8K7FUN69C1

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Administrator.N-66I8K7FUN69C1.000

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Administrator.YOUR-QQH4336AXF

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: All Users

 

User: All Users.WINXP

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User.WINXP

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService.NT AUTHORITY

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService.NT AUTHORITY.000

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService.NT AUTHORITY.001

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LogMeInRemoteUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LogMeInRemoteUser.N-66I8K7FUN69C1

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Moe

->Temp folder emptied: 8719691 bytes

->Temporary Internet Files folder emptied: 24217472 bytes

->Java cache emptied: 724496 bytes

->FireFox cache emptied: 107534422 bytes

->Flash cache emptied: 30469 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: NetworkService.NT AUTHORITY

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: NetworkService.NT AUTHORITY.000

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService.NT AUTHORITY.001

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Owner

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Owner.N-66I8K7FUN69C1

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Owner.YOUR-QQH4336AXF

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Shawn

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 17816 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 63515174 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 90011720 bytes

 

Total Files Cleaned = 281.00 mb

 

C:\WINXP\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYFLASH]

 

User: Administrator

 

User: Administrator.N-66I8K7FUN69C1

 

User: Administrator.N-66I8K7FUN69C1.000

 

User: Administrator.YOUR-QQH4336AXF

 

User: All Users

 

User: All Users.WINXP

 

User: Default User

 

User: Default User.WINXP

 

User: LocalService

 

User: LocalService.NT AUTHORITY

 

User: LocalService.NT AUTHORITY.000

 

User: LocalService.NT AUTHORITY.001

 

User: LogMeInRemoteUser

 

User: LogMeInRemoteUser.N-66I8K7FUN69C1

 

User: Moe

->Flash cache emptied: 0 bytes

 

User: NetworkService

 

User: NetworkService.NT AUTHORITY

 

User: NetworkService.NT AUTHORITY.000

 

User: NetworkService.NT AUTHORITY.001

 

User: Owner

 

User: Owner.N-66I8K7FUN69C1

 

User: Owner.YOUR-QQH4336AXF

 

User: Shawn

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0.00 mb

 

 

OTL by OldTimer - Version 3.2.22.3 log created on 04072011_001356

 

Files\Folders moved on Reboot...

C:\Documents and Settings\Moe\Local Settings\Temp\~DF8F93.tmp moved successfully.

File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\X1LS8OCD\2WGZBCAYZT5WTCAMO03ULCA087JKJCAIS41MPCA5AV95ZCA8B9O5CCAZ6AB90CAPJ3DRPCAO9K2AACABROJUECA0J4NNYCA1XBVANCAYA3GXKCAU57YD1CA9QVN0NCA3ANAMZCAEPO8S0CAVVCF7MCAOV6K9KCA2A3JERCAPGQ8C0.htm not found!

File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\X1LS8OCD\c=1952731;met=1;v=1;pid=34117041;aid=212751859;ko=0;cid=31132510;rid=31150386;rv=2;&timestamp=1242337712404;eid1=2;ecn1=1;etm1=13;eid2=3;ecn2=1;etm2=1;eid3=4;ecn3=1;etm3=0;[1].gif not found!

File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\UWHGGVJ5\8QHFJCA3B8F0WCA4M8B2WCASYUKX1CAJM0DSYCA8P6IAQCA08N9CQCA2M7M2XCA3QOWB8CAFYSF2GCA1V0U51CABVZ4LTCAC3SZN4CAQ46ZBSCAN6P94LCA9AWDR3CAHHWE5TCA3LA9THCALW8KU8CA7N35GFCAJUUSGFCAY6M432.htm not found!

File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\UWHGGVJ5\E0E13CAZPTEO2CAG1NY6LCAW8RTY4CAZ5MR2ECAMOAOB9CA2NS1LJCAGYEKG5CAM0Y2FOCARJG82BCAR390MXCA50RZOQCAOZ79Q7CAY2UCY3CANW8296CAQGMK9NCA2JS4EPCADFFM9OCA3RZ59WCAAOG81WCAOZS6Z5CAMJQ9N6.htm not found!

File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\UWHGGVJ5\R85PUCAKZ9FOJCA6WUNM8CA5AQ4CHCA257QB0CAS8RZOZCAPR1XDFCA64RUL8CAN77W7ECAQQ29LHCA19MEPICALN2YK3CAMGQ8XQCAHRSBO8CAI1I1C1CAZIWBXKCAQH9MR8CAIK0I54CAS8YZXGCA85MXDUCAUPZ9DBCANV9MC5.htm not found!

File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\UWHGGVJ5\RHKN1CAN5SDUVCA18IBTTCA3O50TXCAZ5VL53CA1T582NCA0NRUL6CAI23UKHCAKW2TLZCAWQ1HYQCAYHO8LVCAPUFOK4CAJ7RJD7CAQ4WR32CAL1TT8XCA6FWSM6CA3FXU7RCAL7S7ABCAB0J55PCA4NXF25CAF6I3IZCAMXZMDO.htm not found!

File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\UWHGGVJ5\VXRGMCA9QYCTYCAKMB01BCAA43G4LCA2BKNETCAUN0KMKCA8SEOTECA5SEI1ICAU5B4XLCAB1XFT1CAGPSX19CA49R7OQCA076L98CAUGB08PCAMEKNHCCAMP1MWVCAXZGMM8CAQAYU8CCAPX2N6MCACPHKLBCA22XF7FCAMJ3XMD.htm not found!

File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\NI6EIOAK\0A3KJCAMPJLL3CAQ7PL3VCACCTPQJCAD2MQVXCANST1AMCAIBNPN9CA1AXJF6CADB8LJ8CA0VZJ0MCADUSUTICAH3S5FJCA1I2VBLCAA93T1PCATI7IRJCA1DDGP6CAPOD8VSCANLJM9KCA7Z9C6KCAV0GIRCCAGHN4YDCAZSS3AE.htm not found!

File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\NI6EIOAK\4PPVECAY63CU8CA2VGN4KCARUPD2ACAR47482CAI7N0SVCAPKF1TKCAC212L7CA4FW9M7CAIB3KECCAUQ5GWECAO9QAAKCAD153FVCA28GJ7KCA57BI7JCAFZ1B4LCAIEHMXFCAU3W6JPCAQNJ61FCA8WQUVCCASP7TK5CAVIAQVE.htm not found!

File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\NI6EIOAK\LM8IICA61NCV9CA3388Z7CA1M76S8CADURM6VCA8NBXYOCAO8HYMKCAUBUT0JCAJBGQ76CA0T8I0OCAJV6S27CA928OV2CAV9UQB6CA1KBYLYCAEJ111PCA2HP7BZCA634UJ3CA9YHCEGCA177DQPCAYNRQG8CACGRSTPCA8WF8US.htm not found!

File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\HGVO1XVR\59T90CA9TY27KCAS7AV6XCAZJ05A2CAVHDFN2CAEJGDG9CA2EEI77CA2MW2W5CAFIKVLLCAAIVW2ACA2Z8R9BCARHNCVICANLLP6ECA4QJNQPCAT61SW2CAPWZEQBCA84YDF0CAK1967CCAQM3HBBCAVUHPXWCA2TOL3QCAHD4NGN.htm not found!

File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\HGVO1XVR\BIL54CABVXWG3CAP6HGSWCARUJ7IACA3G5HNQCA8KOB1LCA26CUQTCAVW5ZBSCA4EIUXECADEKB27CAH255Q4CA24T6O3CA4CI4DACATSSKYOCAD3J276CAJ112I1CAZP9ZMBCABQHMPLCA3HLZ20CAI9FKBPCA2BR2WBCABXR1IL.htm not found!

File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\HGVO1XVR\T2BVCCAK1I1R1CAG3ZWWBCA6QX6TPCAE3T0SHCAZSBECXCAC0Y1BECAIDLRFACAQ6877KCAVMS7T3CAZDAL7LCAU4L41GCAA4D2JQCA2GKTT6CAP8FT5VCA4FHFCTCAIBFWE7CAK1ZQTGCATHYEYHCAYBX8C6CAMQE0OUCAT15PV1.htm not found!

File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\F2I7K3XL\ag,mod_controls_app,mod_scrollwheel,mod_zoom,mod_extended_dom,mod_keyboard,mod_traffic_app,mod_lyrsctrl,mod_lyrs,mod_quadtree,mod_transitlyr,mod_cb_launchpad,mod_adfetcher%7D[1].js not found!

File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\3YMQC9UX\9XKKFCA8BS96CCAXE268XCAHZA4H1CA075HGHCA1681AKCAITHQE6CAILQQVFCA33DU5FCA60WEDSCAXZA443CAP5UY37CA9TOVF9CA05WVUOCA7V62PPCA16M1SZCAK16GI3CA93PR0HCAJOQNLVCAM7LVC1CA5SVJJUCAJYRGJD.htm not found!

File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\0D5QCNZX\4M947CA22JD92CAHX3EUKCAZE5R42CAYB2KAKCARPQ9EXCAQ4MZLYCAT84ZLUCAQMVHVHCAB6K8ARCAENO0EZCAPJFUFQCABGQG19CAK71EHTCAC6SOEPCA5UYYQVCAY8PTZ0CAR0JPHCCAB3CL86CAB585VTCA0IEDY6CA37J4CT.htm not found!

File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\0D5QCNZX\APWJRCA1F3JZQCA2FLEZ0CALYE2MWCA0WD822CAQW3F62CA3E21ESCA9LK5BQCA1NPLQ0CA3M0GJECAUL0JL9CAO2NYJ4CAQKEBC6CAJVU3R3CA2TB09TCA4IWT6VCAJGT5YJCAN7ZJW4CABYQM11CARUBQYWCA2DIW9TCAOXTPQH.htm not found!

File\Folder C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\0D5QCNZX\Z8AQLCA7EFSMVCAE847M5CA06DJ9ECAAOJSNYCA06YT7KCA9Q2FCTCA1E5DS3CAFHTEJVCAATRSPBCA6JH0PGCAXFF42OCAU1SYHKCAAA1FBHCAAEAICMCAG0SJCQCAU6K5CDCAFNXMAPCABP6ZMZCA66RUTOCANIM7NYCAHHIKH1.htm not found!

C:\WINXP\temp\ZLT01d55.TMP moved successfully.

 

Registry entries deleted on Reboot...

 

 

Thank You![ATTACH]512.vB5-legacyid=1131[/ATTACH]

Shawn

04072011_001356.txt

[Starbuck]

I edited in the contents of the attachment as it's easier to read this way.

[shawnh]

not sure what you mean Starbuck. There was no attachment in your last post....

 

Shawn

[Starbuck]

There was no attachment in your last post....

I added the contents of your attachment to your post.

I then posted to explain that i had edited your previous post.

Sorry if i didn't make it clear.

[shawnh]

Sorry, you kinda lost me Starbuck... what should I be looking for? You put some comments in amongst the OTL log file? I scanned through it actually, but I couldn't really notice.

 

 

 

I added the contents of your attachment to your post.

I then posted to explain that i had edited your previous post.

Sorry if i didn't make it clear.

[Starbuck]

It's nothing to worry about.

I added the contents of the attachment so that i could read the contents easier.... that's all.

 

Run the updated MBAM scan and install the AV.

[shawnh]

OK no worries Starbuck, I'll get on the MBAM run tonight.

 

I'm leery of installing a real-time AV to this computer as it's kind of an old laptop which doesn't have a whole lot of horsepower. It's already slow enough as it is, I think a realtime AV would make it unbearable. Would running something like TrendMicro HouseCall once a week or so be alright instead?

 

Thanks

Shawn

[Starbuck]

Hi shawn,

 

it's kind of an old laptop which doesn't have a whole lot of horsepower.

This would bare out what you have said:

767.00 Mb Total Physical Memory

Drive C: | 27.95 Gb Total Space | 5.56 Gb Free Space | 19.89% Space Free | Partition Type: NTFS

A Ram memory boost would help a lot.

Also the amount you have installed would indicate that 2 Ram chips are installed, but are not a pair.

They should ideally be a matching size:

2 x 256mb

2 x 512mb

etc.

 

The amount you have would indicate:

1 x 256mb

1 x 512mb

The cheapest thing would be to remove the 256mb chip and replace it with a 512mb chip.

 

Also try and create a bit more space on the hard drive by removing any old programs or files etc.

I know it's hard as the hard drive is so small.... but any extra space will help.

 

Would running something like TrendMicro HouseCall once a week or so be alright instead?

I wouldn't recommend it.

I know from personal experience that just doing a google search for something innocent can throw up malware related problems.

Nothing is safe anymore on the internet, so a resident AV is huge help.

I find that 'Microsoft Security Essentials' helps when you don't have a lot of space or speed.

Also remove the Zone Alarm and then turn on the Windows Firewall.... this will help a bit.

After that, run this and see if things improve:

 

Download Puran Disc Defragmenter

Save it to your 'Desktop'.

Run the program.

From the main 'Puran Defrag' screen, click on the 'C' drive to highlight it.

Then click on 'Defrag'.

 

This program is faster than the built in Windows Defrag and is more efficient.

Try not to use the m/c while the defrag is running.

 

See if the system runs any faster afterwards.

[shawnh]

MBAM run was clean! Here's the log Starbuck:

 

 

Malwarebytes' Anti-Malware 1.50.1.1100

http://www.malwarebytes.org

 

Database version: 6321

 

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.11

 

4/10/2011 3:43:57 AM

mbam-log-2011-04-10 (03-43-57).txt

 

Scan type: Full scan (C:\|)

Objects scanned: 482820

Time elapsed: 2 hour(s), 3 minute(s), 59 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

 

... I'll get started on the other stuff you recommended.

 

Thanks!

Shawn

[shawnh]

Sorry for the long delay Starbuck - got a thousand projects on the go at once!

 

Here's something you probably should know - a few years ago I had some virus trouble with this same computer and I found someone online to help me in a similar anti-virus forum. Ultimately, he suggested I just install a new copy of Windows XP again, but install it to a new directory. So now I have basically a "dual-boot" machine with the old Windows XP in the C:\Windows directory (which of course I never use), and the new copy of XP in C:\WinXP.

Of course, this old non-used copy of XP in C:\Windows is taking up a lot of hard drive space, but I'm kinda scared to just delete it for fear of it somehow mucking up my now-working (but slow) machine. Think it's okay for me to just wipe out that C:\Windows directory altogether? It would sure free up a pile of space.

 

Thanks!

Shawn

[Starbuck]

What is the size of that directory?

[shawnh]

Says:

 

Size: 2.43G

Size on Disk: 1.42G

 

.. so I guess it's just 1.42G eh? Thought it would be more, I'm kinda surprised.

[Starbuck]

Hi shawnh

 

The reason i asked about the size was that it may be best to copy the directory to a usb stick, just so we had a backup before removing it.

Do you have a usb stick that would be able to take that backup?

[shawnh]

I've got an external HD with lots of space that I do backups to regularly (back up my whole laptop to it)... that Windows directory is already saved on there. Think I should go ahead and delete 'er then?

[Starbuck]

If it's all backed up, yes.

If you encounter any problems, you'll have the backup to fall back on.

[shawnh]

ok, will delete it later tonight... fingers crossed!

[shawnh]

RandyL mentioned this (...although I don't see that post anywhere, odd):

 

"That might be a recovery partition. If so it would be best if you left it alone."

 

 

Maybe I shouldn't touch it, Starbuck??

 

Shawn

[Starbuck]

Hi shawnh,

 

"That might be a recovery partition. If so it would be best if you left it alone."

How was the Operating System reinstalled?

Was a separate disc used?

Normally a recovery partition is hidden, so shouldn't normally show.

[RandyL]

I posted that before I noticed that the directory was on drive C. I deleted it 30 seconds after I posted but obviously not fast enough. :D

[shawnh]

Starbuck, the fellow who helped me a few years back actually physically mailed me a recovery CD... and from that CD I installed a fresh copy of XP.

 

If there's a recovery partition on this computer, I haven't seen it. I've just got the C: hard drive and D: is the CD drive.

 

Thanks

Shawn

[Starbuck]

If you physically used a cd to install the OS, there won't be a recovery partition.

I've just got the C: hard drive and D: is the CD drive.

That sounds normal then.

[shawnh]

so green light to go ahead and delete that folder then? I'll get round to that tonight or this weekend.

 

 

Speaking of freeing up HD space, in my C: root folder, there's 2 huge huge files:

 

pagefile.sys - 1.2 gigs

hiberfil.sys - 800 megs

 

Can we do anything with them?

 

Thanks

Shawn

[Starbuck]

Hi shawn,

 

so green light to go ahead and delete that folder then?

Yes, it's all backed up so no worries.

 

Speaking of freeing up HD space, in my C: root folder, there's 2 huge huge files:

 

pagefile.sys - 1.2 gigs

hiberfil.sys - 800 megs

 

Can we do anything with them?

Ok, let me explain:

PAGEFILE.SYS

is normally set to about 1.5 times the amount of installed ram.

you have 767.00 Mb x 1.5 = 1150mb.... so 1.2GB is fairly normal.

 

HIBERFIL.SYS

is a file the system creates when the computer goes into hibernation mode. Windows uses the file when it is turned back on. If you don't need hibernation mode and want to delete the file you need to turn the hibernation option off before Windows will allow you to delete the file.

If you use Hibernation .... leave it alone.

[RandyL]

I would be extremely wary of deleting systems files. You might end up reinstalling Windows.