Jump to content
Sign in to follow this  
lharrison616

Computer Drastically Slower

Recommended Posts

My computer has slowed down drastically.

Sony Vaio Pentium 4 3 GHZ with 1GB Ram

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:11:17 PM, on 3/23/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\LTMSG.exe

C:\PROGRA~1\AIM\AIMWDI~1.EXE

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Beacon GPS Tracking Unit\MonitorSupa.exe

C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

C:\Palm\HOTSYNC.EXE

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\TeamViewer\Version5\TeamViewer.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\LD Harrison\Desktop\HijackThis.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488

R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7

O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\PROGRA~1\AIM\AIMWDI~1.EXE

O4 - HKLM\..\Run: [3c1807pd] C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [GPSTrackingUnit] C:\Program Files\Beacon GPS Tracking Unit\MonitorSupa.exe

O4 - HKLM\..\Run: [VAIO Update 4] "C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [PATHPILOT] C:\Program Files\Hanso Recorder\Hanso Recorder.lnk

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE

O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Picture Package VCD Maker.lnk = ?

O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"

O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab

O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex.com/client/v_mywebex-mwm/mywebex/ieatgpc.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: Google Update Service (gupdate1c8ff664d35f32c) (gupdate1c8ff664d35f32c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - LxrSII1s.exe (file missing)

O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

 

--

End of file - 15434 bytes

Share this post


Link to post
Share on other sites

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

:)

Hello there, lharrison616

 

:wp:

 

I'm Conspire, I'll be glad to help you with your computer problems.

 

Please observe these rules while we work:

  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to.

 

---------------------------------------------------------------------------------------------------

 

You seem to have an awful lot of startups in your PC, but we will first have an in-depth look before I can make any suggestions to you.

 

---------------------------------------------------------------------------------------------------

Share this post


Link to post
Share on other sites

Hello there,

 

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click OK to load a custom scan from a file or Cancel to cancel"
  • Click the OK button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
===================================================

 

Posted Image

  • Please download GMER from one of the following locations, and save it to your desktop:

  • Main Mirror

    This version will download a randomly named file (Recommended)

  • Zip Mirror

    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Extract the contents of the zipped file to desktop (applicable only to Zip mirror) .
  • Double click Posted Image or Posted Image on your desktop.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image

     

    Posted Image

    Click the image to enlarge it

  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

  • Save it where you can easily find it, such as your desktop, and attach it in your reply.
**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

===================================================

 

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===================================================

 

On your next reply please post :

OTL log

GMER log

Checkup log

Let me know if you have any problems in performing with the steps above or any questions you may have.

 

Good Day!

Share this post


Link to post
Share on other sites

OTL logfile created on: 3/24/2011 11:34:47 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\LD Harrison\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1,015.00 Mb Total Physical Memory | 604.00 Mb Available Physical Memory | 60.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 180.30 Gb Total Space | 48.31 Gb Free Space | 26.80% Space Free | Partition Type: NTFS

Drive D: | 11.18 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 141.03 Gb Total Space | 33.19 Gb Free Space | 23.54% Space Free | Partition Type: NTFS

Drive G: | 8.00 Gb Total Space | 1.42 Gb Free Space | 17.74% Space Free | Partition Type: FAT32

 

Computer Name: LD | User Name: LD Harrison | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\LD Harrison\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Pechora\GotoCamera\GotoCam.exe ()

PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Program Files\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH)

PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Program Files\AIM\AIMWDInstall.exe (Wild Tangent)

PRC - C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe (Motorola)

PRC - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe ()

PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()

PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()

PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

PRC - C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Beacon GPS Tracking Unit\MonitorSupa.exe (Digibak)

PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)

PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe (Sony Corporation)

PRC - C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe (Sony Corporation)

PRC - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.)

PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)

PRC - C:\WINDOWS\ltmsg.exe (Agere Systems)

PRC - C:\Palm\HOTSYNC.EXE (Palm, Inc.)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\LD Harrison\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (LxrSII1s) -- File not found

SRV - (AppMgmt) -- File not found

SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (MotoConnect Service) -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe ()

SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)

SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)

SRV - (VAIO Entertainment Task Scheduler) -- C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe (Sony Corporation)

SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)

SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)

SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)

SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)

SRV - (VAIO Entertainment Aggregation and Control Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe (Sony Corporation)

SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)

SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)

SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )

DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )

DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)

DRV - (motport) -- C:\WINDOWS\system32\drivers\motport.sys (Motorola)

DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)

DRV - (motccgp) -- C:\WINDOWS\system32\drivers\motccgp.sys (Motorola)

DRV - (motccgpfl) -- C:\WINDOWS\system32\drivers\motccgpfl.sys (Motorola)

DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)

DRV - (LVUVC) Logitech QuickCam S5500(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)

DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)

DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)

DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)

DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()

DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)

DRV - (MUD) -- C:\WINDOWS\system32\drivers\MUD.sys (Magellan)

DRV - (CH341SER) -- C:\WINDOWS\system32\drivers\CH341SER.SYS (www.winchiphead.com)

DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)

DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)

DRV - (3c1807pd) -- C:\WINDOWS\system32\drivers\3c1807pd.sys (U.S. Robotics Corporation)

DRV - (KS-959) -- C:\WINDOWS\system32\drivers\KS-959.sys (Kingsun Corporation)

DRV - (LxrSII1d) -- C:\WINDOWS\system32\drivers\LxrSII1d.sys ()

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)

DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys (Smart Link)

DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys (Smart Link)

DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys (Smart Link)

DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys (Smart Link)

DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys (Smart Link)

DRV - (RecAgent) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys (Smart Link)

DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys (Smart Link)

DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)

DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (Agere Systems)

DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)

DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.)

DRV - (Myscope) -- C:\Program Files\U.S. Robotics\U.S. Robotics Internet Call Notification\W2k\myscope.sys (U.S. Robotics)

DRV - (Usrserft) -- C:\Program Files\U.S. Robotics\U.S. Robotics Internet Call Notification\W2k\usrserft.sys (U.S. Robotics)

DRV - (sonypvs1) -- C:\WINDOWS\system32\drivers\sonypvs1.sys (Sony Corporation)

DRV - (DCamUSBSQTECH) Dual-Mode DSC(2770) -- C:\WINDOWS\system32\drivers\sqcaptur.sys (Service & Quality Technology.)

DRV - (DoradoPC) -- C:\WINDOWS\system32\drivers\drdvid40.sys (Conexant Systems Inc.)

DRV - (USRpdA) -- C:\WINDOWS\system32\drivers\USRpdA.sys (U.S. Robotics Corporation)

DRV - (w89c940) -- C:\WINDOWS\system32\drivers\w940nd.sys (Winbond Electronics Corporation)

DRV - (wandrv) -- C:\WINDOWS\system32\drivers\wandrv.sys (America Online, Inc.)

DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\URLSearchHook: {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll (NetZero, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1

FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1

FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1

FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.7.82

FF - prefs.js..extensions.enabledItems: meetinglauncher@iconf.net:1.0

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {F51FAA22-2B9D-4CC9-BDD6-28B6BB290FA2}:1.0

FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167

FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

 

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{F51FAA22-2B9D-4CC9-BDD6-28B6BB290FA2}: C:\Documents and Settings\LD Harrison\Local Settings\Application Data\{F51FAA22-2B9D-4CC9-BDD6-28B6BB290FA2} [2009/02/21 02:57:00 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\meetinglauncher@iconf.net: C:\Program Files\Meeting Center\Modules\Firefox [2009/11/04 18:21:46 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/01/05 19:09:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 23:27:17 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 23:27:15 | 000,000,000 | ---D | M]

 

[2010/10/20 17:46:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LD Harrison\Application Data\Mozilla\Extensions

[2010/10/20 17:46:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LD Harrison\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011/03/24 23:22:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LD Harrison\Application Data\Mozilla\Firefox\Profiles\6dlh64pv.default\extensions

[2011/03/10 18:41:44 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\LD Harrison\Application Data\Mozilla\Firefox\Profiles\6dlh64pv.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2010/09/13 18:49:30 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Documents and Settings\LD Harrison\Application Data\Mozilla\Firefox\Profiles\6dlh64pv.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

[2010/05/26 19:01:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\LD Harrison\Application Data\Mozilla\Firefox\Profiles\6dlh64pv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/03/10 18:41:43 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\LD Harrison\Application Data\Mozilla\Firefox\Profiles\6dlh64pv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2011/01/01 19:07:56 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\LD Harrison\Application Data\Mozilla\Firefox\Profiles\6dlh64pv.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

[2011/02/10 18:32:43 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Documents and Settings\LD Harrison\Application Data\Mozilla\Firefox\Profiles\6dlh64pv.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}

[2011/03/24 23:22:36 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\LD Harrison\Application Data\Mozilla\Firefox\Profiles\6dlh64pv.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}

[2010/01/27 19:16:05 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\LD Harrison\Application Data\Mozilla\Firefox\Profiles\6dlh64pv.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}

[2011/01/26 18:47:17 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\LD Harrison\Application Data\Mozilla\Firefox\Profiles\6dlh64pv.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2008/07/22 23:04:11 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\LD Harrison\Application Data\Mozilla\Firefox\Profiles\6dlh64pv.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}(2)

[2011/01/01 19:07:58 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Application Data\Mozilla\Firefox\Profiles\6dlh64pv.default\searchplugins\conduit.xml

[2011/03/24 23:27:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/02/13 10:35:03 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2011/01/11 00:16:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/02/27 17:58:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

File not found (No name found) --

[2009/02/24 19:08:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2009/11/04 18:21:46 | 000,000,000 | ---D | M] (Genesys Meeting Center) -- C:\PROGRAM FILES\MEETING CENTER\MODULES\FIREFOX

[2011/03/18 12:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll

[2008/11/11 02:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2009/02/25 19:42:08 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

 

O1 HOSTS File: ([2006/06/06 21:10:53 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Pop-up Blocker) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (NetZero, Inc.)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)

O4 - HKLM..\Run: [3c1807pd] File not found

O4 - HKLM..\Run: [AIMWDInstallFilename] C:\Program Files\AIM\AIMWDInstall.exe (Wild Tangent)

O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [CreateCD_Reminder] C:\WINDOWS\SONYSYS\VAIO Recovery\Reminder.exe (Sony Electronics, Inc)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [GPSTrackingUnit] C:\Program Files\Beacon GPS Tracking Unit\MonitorSupa.exe (Digibak)

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()

O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)

O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [PATHPILOT] C:\Program Files\Hanso Recorder\Hanso Recorder.lnk ()

O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)

O4 - HKLM..\Run: [VAIO Update 4] C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)

O4 - HKLM..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe (Sony Corporation)

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.)

O4 - Startup: C:\Documents and Settings\LD Harrison\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE (Palm, Inc.)

O4 - Startup: C:\Documents and Settings\LD Harrison\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (Leader Technologies/Logitech)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Display All Images with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll (NetZero, Inc.)

O8 - Extra context menu item: Display Image with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll (NetZero, Inc.)

O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm ()

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)

O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - File not found

O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - File not found

O15 - HKCU\..Trusted Domains: compuserve.com ([]* is out of zone range - 5)

O15 - HKCU\..Trusted Domains: compuserve.com ([objects] * is out of zone range - 6)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)

O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} http://www.mathxl.com/applets/PearsonInstallAsst.cab (PearsonAsstX Control)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab (Windows Live Safety Center Base Module)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} http://www.mathxl.com/applets/DeltaCVX.cab (DeltaCVX Control)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://mwmus.webex.com/client/v_mywebex-mwm/mywebex/ieatgpc.cab (GpcContainer Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\LD Harrison\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\LD Harrison\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/12/25 21:58:30 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/10/09 17:54:15 | 000,000,150 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - G:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2004/04/30 23:01:14 | 000,000,053 | -HS- | M] () - G:\Autorun.inf -- [ FAT32 ]

O33 - MountPoints2\{2c6deb20-62fd-11da-8509-00038a000011}\Shell\AutoRun\command - "" = setupSNK.exe

O33 - MountPoints2\{7070cdb2-22be-11dc-85a8-00038a000011}\Shell - "" = AutoRun

O33 - MountPoints2\{7070cdb2-22be-11dc-85a8-00038a000011}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{7070cdb2-22be-11dc-85a8-00038a000011}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a

O33 - MountPoints2\{7c4eaf90-21d5-11db-8555-00038a000011}\Shell\AutoRun\command - "" = J:\StartPortableApps.exe

O33 - MountPoints2\{acd40646-b96a-11df-ac3c-00a0c9aaee56}\Shell - "" = AutoRun

O33 - MountPoints2\{acd40646-b96a-11df-ac3c-00a0c9aaee56}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{acd40646-b96a-11df-ac3c-00a0c9aaee56}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.garmin.com/agent

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\G\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: AppMgmt - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - C:\WINDOWS\System32\LameACM.acm (http://www.mp3dev.org/)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

Drivers32: vidc.mjpg - C:\WINDOWS\System32\CnxtMJPG.dll (Conexant Systems Inc.)

Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

Drivers32: wave3 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

Drivers32: wave4 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

Drivers32: wave9 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (17183584330711040)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/03/24 23:30:35 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\LD Harrison\Desktop\OTL.exe

[2011/03/24 23:24:42 | 012,580,112 | ---- | C] (Mozilla) -- C:\Documents and Settings\LD Harrison\Desktop\Firefox Setup 4.0.exe

[2011/03/24 03:08:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2011/03/23 20:19:46 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\LD Harrison\Desktop\ATF-Cleaner.exe

[2011/03/23 20:08:23 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\LD Harrison\Desktop\HijackThis.exe

[2011/03/10 22:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\Hanso Recorder

[2011/03/10 22:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hanso Recorder

[2011/03/10 22:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Hanso Recorder

[2011/03/10 20:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\Desktop\Quenshang Dat

[2011/03/10 19:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\PX

[2011/03/10 19:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\PuXing

[2011/03/10 18:44:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\Desktop\Puxing 777

[2011/03/08 22:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\Application Data\Weathersoft

[2011/03/08 22:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\Weather

[2011/03/08 22:40:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WeatherScope

[2011/03/08 22:40:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Weathersoft

[2011/03/08 22:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\Weathersoft

[2011/03/06 23:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\Application Data\Thunderbird

[2011/03/03 21:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\EchoLink

[2011/03/03 21:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\Yaesumemoryfiles

[2011/03/03 21:04:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2011/03/03 21:04:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FTB7900

[2011/03/03 21:04:13 | 000,447,760 | ---- | C] (ComponentOne) -- C:\WINDOWS\System32\Vsflex7L.ocx

[2011/03/03 21:04:13 | 000,311,296 | ---- | C] (ComponenetOne) -- C:\WINDOWS\System32\c1sizer.ocx

[2011/03/03 21:04:13 | 000,143,360 | ---- | C] (ADONTEC Ltd.) -- C:\WINDOWS\System32\scom60.OCX

[2011/03/03 21:04:13 | 000,114,688 | ---- | C] (ADONTEC LTD) -- C:\WINDOWS\System32\supercom.dll

[2011/03/03 21:04:13 | 000,106,496 | ---- | C] (ADONTEC LTD) -- C:\WINDOWS\System32\Protocol.dll

[2011/03/03 21:04:13 | 000,000,000 | ---D | C] -- C:\Program Files\FTB7900

[2011/02/27 17:58:56 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2011/02/27 17:58:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2011/02/27 17:58:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2011/02/27 17:57:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee

[2011/02/27 14:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\GPS Files

[2011/02/27 14:42:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\Computer Boot discs keys

[2011/02/27 14:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\Reciepts

[2011/02/27 14:33:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\My Writing

[2011/02/27 14:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\Virus Malware Removal

[2011/02/27 14:16:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\Windows 7 Beta

[2011/02/27 14:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\Phone Pocket PC

[2011/02/27 14:14:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\Bill of sale etc

[2011/02/27 13:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\Weather Software etc

[2011/02/27 13:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\Self Help Etc

[2011/02/27 13:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\Family Keepsakes

[2011/02/27 13:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\Geneology Forms and blanks

[2011/02/26 10:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\NBEMS.files

[2011/02/26 10:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\fldigi.files

[2011/02/26 10:28:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\Start Menu\Programs\Fldigi

[2011/02/26 10:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Fldigi-3.21.3

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011/03/24 23:30:57 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4597B97F-F354-46AB-8D3B-B7B882A3A2F5}.job

[2011/03/24 23:30:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LD Harrison\Desktop\OTL.exe

[2011/03/24 23:27:23 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/03/24 23:27:23 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/03/24 23:27:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/03/24 23:25:54 | 012,580,112 | ---- | M] (Mozilla) -- C:\Documents and Settings\LD Harrison\Desktop\Firefox Setup 4.0.exe

[2011/03/24 22:12:29 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job

[2011/03/24 19:07:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Local Settings\Application Data\prvlcl.dat

[2011/03/24 18:47:47 | 000,000,203 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Desktop\Land_records_of_Newton_County_Mississipp.ris

[2011/03/24 18:47:41 | 000,000,174 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Desktop\Land_records_of_Newton_County_Mississipp.enw

[2011/03/24 18:47:35 | 000,000,234 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Desktop\Land_records_of_Newton_County_Mississipp.bibtex

[2011/03/24 18:20:30 | 003,932,739 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Desktop\CE000407.jpg

[2011/03/24 17:56:39 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Desktop\Microsoft Office Word 2003.lnk

[2011/03/24 14:08:52 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2011/03/24 06:26:29 | 109,681,776 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2011/03/24 06:23:44 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2011/03/24 01:27:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/03/23 20:19:46 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\LD Harrison\Desktop\ATF-Cleaner.exe

[2011/03/23 20:08:23 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\LD Harrison\Desktop\HijackThis.exe

[2011/03/23 20:04:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/03/23 20:03:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/03/23 20:03:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs

[2011/03/23 20:03:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad

[2011/03/22 08:40:41 | 000,000,067 | ---- | M] () -- C:\WINDOWS\DVDRegionFree.INI

[2011/03/20 18:52:35 | 000,000,048 | ---- | M] () -- C:\WINDOWS\webica.ini

[2011/03/18 09:04:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/03/16 03:35:05 | 000,465,336 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/03/16 03:35:05 | 000,081,246 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/03/16 03:07:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/03/14 19:31:22 | 006,492,096 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Desktop\GotoCameraSetup60203.exe

[2011/03/12 20:26:27 | 000,014,163 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Desktop\7900latest.CSV

[2011/03/10 22:09:08 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Application Data\Microsoft\Internet Explorer\Quick Launch\Hanso Recorder.lnk

[2011/03/10 22:09:08 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hanso Recorder.lnk

[2011/03/10 19:19:02 | 000,001,405 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PX6IN1.lnk

[2011/03/10 19:13:39 | 000,001,443 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PX-777 V5.0.lnk

[2011/03/08 23:12:34 | 000,000,709 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Application Data\WeatherScopePrefs.xml

[2011/03/08 23:12:31 | 000,002,600 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Desktop\Mississippi2.wxscript

[2011/03/08 23:08:46 | 000,002,438 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Desktop\Mississippi.wxscript

[2011/03/08 22:47:46 | 000,001,843 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Desktop\new_orleans.wxscript

[2011/03/05 19:05:51 | 002,898,668 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Desktop\94EF8C96d01.pdf

[2011/02/27 16:28:41 | 000,145,408 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/02/26 10:28:19 | 000,001,579 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Desktop\Fldigi 3.21.3.lnk

[2011/02/26 10:28:19 | 000,001,570 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Desktop\Flarq 4.3.1.lnk

[2011/02/26 09:59:36 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\LD Harrison\g2mdlhlpx.exe

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011/03/24 23:27:23 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2011/03/24 18:47:46 | 000,000,203 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Desktop\Land_records_of_Newton_County_Mississipp.ris

[2011/03/24 18:47:41 | 000,000,174 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Desktop\Land_records_of_Newton_County_Mississipp.enw

[2011/03/24 18:47:35 | 000,000,234 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Desktop\Land_records_of_Newton_County_Mississipp.bibtex

[2011/03/24 18:20:26 | 003,932,739 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Desktop\CE000407.jpg

[2011/03/14 19:31:06 | 006,492,096 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Desktop\GotoCameraSetup60203.exe

[2011/03/12 20:26:27 | 000,014,163 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Desktop\7900latest.CSV

[2011/03/10 22:09:08 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Application Data\Microsoft\Internet Explorer\Quick Launch\Hanso Recorder.lnk

[2011/03/10 22:09:08 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hanso Recorder.lnk

[2011/03/10 19:19:02 | 000,001,405 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PX6IN1.lnk

[2011/03/10 19:19:01 | 000,001,411 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PX6IN1.lnk

[2011/03/10 19:13:39 | 000,001,443 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PX-777 V5.0.lnk

[2011/03/08 23:12:31 | 000,002,600 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Desktop\Mississippi2.wxscript

[2011/03/08 23:08:46 | 000,002,438 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Desktop\Mississippi.wxscript

[2011/03/08 22:47:45 | 000,001,843 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Desktop\new_orleans.wxscript

[2011/03/08 22:42:34 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Application Data\WeatherScopePrefs.xml

[2011/03/05 19:16:24 | 002,898,668 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Desktop\94EF8C96d01.pdf

[2011/02/26 10:28:19 | 000,001,579 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Desktop\Fldigi 3.21.3.lnk

[2011/02/26 10:28:19 | 000,001,570 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Desktop\Flarq 4.3.1.lnk

[2011/02/26 09:59:35 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\LD Harrison\g2mdlhlpx.exe

[2011/02/13 10:36:42 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/11/28 14:15:13 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Application Data\setup_ldm.iss

[2010/04/05 20:39:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Local Settings\Application Data\prvlcl.dat

[2009/01/25 21:49:33 | 000,001,040 | ---- | C] () -- C:\WINDOWS\_ISENV31.INI

[2009/01/13 19:56:53 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2008/12/16 22:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2008/12/16 22:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll

[2008/11/03 19:02:10 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc

[2008/09/06 02:02:49 | 000,000,060 | ---- | C] () -- C:\WINDOWS\pident.ini

[2008/09/06 01:58:37 | 000,000,581 | ---- | C] () -- C:\WINDOWS\pirchutl.ini

[2008/01/18 20:01:48 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2008/01/17 21:00:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2007/09/28 22:45:47 | 000,086,016 | ---- | C] () -- C:\WINDOWS\removeark.exe

[2007/09/28 22:45:47 | 000,028,928 | ---- | C] () -- C:\WINDOWS\System32\drivers\usb2vcom.sys

[2007/09/12 20:14:50 | 000,023,974 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Application Data\Microsoft Access.ADR

[2007/09/12 19:59:29 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini

[2007/09/06 19:46:10 | 000,000,471 | ---- | C] () -- C:\WINDOWS\PowerReg.dat

[2007/03/28 20:36:31 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Application Data\$_hpcst$.hpc

[2007/03/04 17:50:56 | 000,000,577 | ---- | C] () -- C:\WINDOWS\System32\gmsblist.dll

[2007/03/01 19:08:16 | 000,070,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrSII1d.sys

[2007/03/01 19:08:16 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LxrUnplug.exe

[2007/01/07 17:53:09 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys

[2007/01/07 17:53:09 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys

[2006/12/10 01:37:21 | 000,037,961 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat

[2006/09/10 08:45:30 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI

[2006/08/27 13:44:41 | 000,000,290 | ---- | C] () -- C:\WINDOWS\SCRABOUT.INI

[2006/08/11 23:36:24 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\js32.dll

[2006/08/11 23:35:00 | 000,049,664 | ---- | C] () -- C:\WINDOWS\System32\d2jsp.dll

[2006/06/25 20:43:05 | 000,000,143 | ---- | C] () -- C:\WINDOWS\ytlat22b.dat

[2006/06/25 18:42:56 | 000,000,886 | ---- | C] () -- C:\WINDOWS\EntPack.dat

[2006/06/25 18:42:56 | 000,000,175 | ---- | C] () -- C:\WINDOWS\EntPack.ini

[2006/06/14 19:01:37 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini

[2006/06/14 19:01:06 | 000,129,024 | ---- | C] () -- C:\Program Files\UNWISE.EXE

[2006/05/22 17:51:10 | 000,000,048 | ---- | C] () -- C:\WINDOWS\webica.ini

[2006/05/22 14:40:48 | 000,000,131 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini

[2006/04/28 18:38:31 | 000,000,038 | ---- | C] () -- C:\WINDOWS\MARPLOT.INI

[2006/04/28 18:36:49 | 000,048,640 | ---- | C] () -- C:\WINDOWS\NOAA_32.DLL

[2006/04/18 21:35:36 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2006/04/11 17:30:36 | 000,000,048 | ---- | C] () -- C:\WINDOWS\System32\gr6rlzay.dll

[2006/02/23 23:06:39 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006/02/11 10:19:13 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI

[2006/01/23 01:41:13 | 000,002,298 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Application Data\wklnhst.dat

[2005/12/28 21:45:01 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Application Data\ViewerApp.dat

[2005/12/26 23:02:10 | 000,145,408 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2005/12/25 21:55:25 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll

[2005/12/02 01:46:37 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2005/11/09 01:19:18 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Local Settings\Application Data\fusioncache.dat

[2005/11/09 01:03:14 | 000,104,253 | ---- | C] () -- C:\WINDOWS\hpoins04.dat

[2005/11/09 01:03:14 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat

[2005/10/14 02:02:11 | 000,000,016 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2005/10/14 00:23:36 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini

[2005/10/14 00:19:50 | 000,000,178 | ---- | C] () -- C:\WINDOWS\Quicken.ini

[2005/10/14 00:19:04 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2005/10/14 00:19:04 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2005/10/14 00:19:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2005/10/14 00:19:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2005/10/14 00:19:04 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2005/10/14 00:19:04 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2005/10/14 00:17:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/10/14 00:10:43 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll

[2005/03/02 22:39:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/03/02 22:22:55 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtkHDAud.dat

[2005/03/02 22:22:54 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2005/03/02 21:47:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI

[2005/03/02 21:46:33 | 000,610,304 | ---- | C] () -- C:\WINDOWS\System32\lpykrp.exe

[2005/03/02 20:55:52 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat

[2005/03/02 20:00:52 | 000,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2005/03/02 19:58:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2005/03/02 19:55:23 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2005/03/02 18:45:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

[2005/03/02 18:45:11 | 000,000,762 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2005/03/02 18:44:55 | 001,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll

[2005/03/02 18:44:55 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2005/03/02 18:44:54 | 000,465,336 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2005/03/02 18:44:54 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32

Share this post


Link to post
Share on other sites

Please read through these instructions to familarize yourself with what to expect when this tool runs

 

 

Download ComboFix from one of these locations:

 

Link 1

Link 2

 

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs

     

    Regarding AVG - Due to recent changes in AVG and how it interacts with ComboFix, before running ComboFix, AVG must be uninstalled via Start>Control Panel>Add or Remove programs panel.

     

    If you have difficulty uninstalling AVG, download Opswat AppRemover for AVG. The download for the AVG uninstaller can be found here > http://www.appremover.com/appremover/avg/AppRemover.exe

     

    **********************************************

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

Posted Image

 

Click on Yes, to continue scanning for malware.

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

 

Notes:

 

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Share this post


Link to post
Share on other sites

ComboFix 11-03-24.06 - LD Harrison 03/25/2011 17:49:47.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.557 [GMT -5:00]

Running from: c:\documents and settings\LD Harrison\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\LD Harrison\g2mdlhlpx.exe

c:\documents and settings\LD Harrison\Local Settings\Application Data\{F51FAA22-2B9D-4CC9-BDD6-28B6BB290FA2}

c:\documents and settings\LD Harrison\Local Settings\Application Data\{F51FAA22-2B9D-4CC9-BDD6-28B6BB290FA2}\chrome.manifest

c:\documents and settings\LD Harrison\Local Settings\Application Data\{F51FAA22-2B9D-4CC9-BDD6-28B6BB290FA2}\chrome\content\_cfg.js

c:\documents and settings\LD Harrison\Local Settings\Application Data\{F51FAA22-2B9D-4CC9-BDD6-28B6BB290FA2}\chrome\content\c.js

c:\documents and settings\LD Harrison\Local Settings\Application Data\{F51FAA22-2B9D-4CC9-BDD6-28B6BB290FA2}\chrome\content\overlay.xul

c:\documents and settings\LD Harrison\Local Settings\Application Data\{F51FAA22-2B9D-4CC9-BDD6-28B6BB290FA2}\install.rdf

c:\netzeroinstaller\NetZeroInstaller.exe

c:\windows\system32\midas.dll

c:\windows\TEMP\logishrd\LVPrcInj01.dll

G:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2011-02-25 to 2011-03-25 )))))))))))))))))))))))))))))))

.

.

2011-03-25 04:27 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-03-25 04:27 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-03-25 04:27 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-03-25 04:27 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-03-25 04:27 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-03-25 04:27 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-03-25 04:27 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll

2011-03-25 04:27 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll

2011-03-11 03:08 . 2011-03-11 03:09 -------- d-----w- c:\program files\Hanso Recorder

2011-03-11 00:19 . 2011-03-11 00:19 -------- d-----w- c:\program files\PX

2011-03-11 00:13 . 2011-03-11 00:13 -------- d-----w- c:\program files\PuXing

2011-03-09 03:42 . 2011-03-09 03:42 -------- d-----w- c:\documents and settings\LD Harrison\Application Data\Weathersoft

2011-03-09 03:40 . 2011-03-09 03:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Weathersoft

2011-03-09 03:40 . 2011-03-09 03:40 -------- d-----w- c:\program files\Weathersoft

2011-03-07 04:20 . 2011-03-07 04:20 -------- d-----w- c:\documents and settings\LD Harrison\Application Data\Thunderbird

2011-03-04 02:04 . 2011-03-19 15:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2011-03-04 02:04 . 2011-03-04 02:04 -------- d-----w- c:\program files\FTB7900

2011-03-04 02:04 . 2009-02-06 16:41 143360 ----a-w- c:\windows\system32\scom60.OCX

2011-03-04 02:04 . 2009-02-06 16:40 106496 ----a-w- c:\windows\system32\Protocol.dll

2011-03-04 02:04 . 2009-02-06 16:40 114688 ----a-w- c:\windows\system32\supercom.dll

2011-03-04 02:04 . 2004-04-29 20:23 311296 ----a-w- c:\windows\system32\c1sizer.ocx

2011-03-04 02:04 . 2002-12-02 15:03 447760 ----a-w- c:\windows\system32\Vsflex7L.ocx

2011-02-27 22:57 . 2011-02-27 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2011-02-26 15:28 . 2011-03-12 23:30 -------- d-----w- c:\documents and settings\LD Harrison\fldigi.files

2011-02-26 15:28 . 2011-02-26 15:28 -------- d-----w- c:\documents and settings\LD Harrison\NBEMS.files

2011-02-26 15:28 . 2011-02-26 15:28 -------- d-----w- c:\program files\Fldigi-3.21.3

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-09 13:53 . 2005-03-02 23:44 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2005-03-02 23:44 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-03 03:40 . 2011-01-11 05:16 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-03 01:19 . 2008-07-16 19:59 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-02 07:58 . 2005-03-03 00:54 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2005-03-03 00:54 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2005-03-02 23:44 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2005-03-02 23:44 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10 . 2005-03-02 23:44 1854976 ----a-w- c:\windows\system32\win32k.sys

1998-04-30 20:56 . 2006-06-15 00:01 129024 ----a-w- c:\program files\UNWISE.EXE

2011-03-18 17:53 . 2011-03-25 04:27 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-02 1953792]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LTMSG"="LTMSG.exe 7" [X]

"3c1807pd"="c:\windows\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd" [X]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-10 344064]

"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-13 61952]

"CreateCD_Reminder"="c:\windows\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 53248]

"AlcWzrd"="ALCWZRD.EXE" [2004-11-29 2748928]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]

"VZRemoteCommander"="c:\program files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 192512]

"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-01-22 184320]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]

"GPSTrackingUnit"="c:\program files\Beacon GPS Tracking Unit\MonitorSupa.exe" [2007-12-11 36864]

"VAIO Update 4"="c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe" [2008-07-30 870240]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"PATHPILOT"="c:\program files\Hanso Recorder\Hanso Recorder.lnk" [2011-03-11 682]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

c:\documents and settings\LD Harrison\Start Menu\Programs\Startup\

HotSync Manager.lnk - c:\palm\HOTSYNC.EXE [2002-8-9 299008]

Logitech . Product Registration.lnk - c:\program files\Logitech\QuickCam\eReg.exe [2008-11-7 517384]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-25 113664]

Auto Detect.lnk - c:\program files\iConcepts Music Express\MEAutoDetect.exe [2007-12-25 270336]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]

HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]

Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-12-25 106496]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Documents and Settings\\LD Harrison\\Desktop\\emulators\\nes\\nesticleo42\\NESTCL95.EXE"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\K1RFD\\EchoLink\\EchoLink.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Documents and Settings\\LD Harrison\\My Documents\\emulators\\nes\\nesticleo42\\NESTCL95.EXE"=

"c:\\Program Files\\Sony\\VAIO Media 4.0\\Vc.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

"22576:TCP"= 22576:TCP:BitComet 22576 TCP

"22576:UDP"= 22576:UDP:BitComet 22576 UDP

.

R1 Myscope;Myscope;c:\program files\U.S. Robotics\U.S. Robotics Internet Call Notification\W2k\myscope.sys [4/20/2008 3:39 PM 82920]

R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [3/1/2007 7:08 PM 70016]

R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [1/7/2010 5:21 PM 91392]

R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [11/9/2010 10:40 PM 2011944]

S2 gupdate1c8ff664d35f32c;Google Update Service (gupdate1c8ff664d35f32c);c:\program files\Google\Update\GoogleUpdate.exe [8/16/2008 1:06 AM 133104]

S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [9/28/2007 8:25 PM 37488]

S3 DoradoPC;Conexant VGA Camera;c:\windows\system32\drivers\drdvid40.sys [1/22/2007 12:05 AM 106816]

S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [11/16/2006 6:46 PM 19034]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [1/9/2010 12:49 AM 19712]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [1/6/2009 9:27 PM 8320]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]

S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [1/9/2010 12:49 AM 23936]

S3 MUD;Driver for Magellan USB Device;c:\windows\system32\drivers\MUD.sys [2/5/2008 8:51 PM 51200]

S3 Usrserft;Myscope Upper Filter Driver;c:\program files\U.S. Robotics\U.S. Robotics Internet Call Notification\W2k\usrserft.sys [4/20/2008 3:39 PM 65592]

S3 w89c940;Winbond W89C940 PCI Ethernet Adapter Driver;c:\windows\system32\drivers\w940nd.sys [7/6/2008 12:44 PM 16925]

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

2011-03-25 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-16 15:28]

.

2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-16 03:59]

.

2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-16 03:59]

.

2005-10-14 c:\windows\Tasks\Registration reminder 1.job

- c:\windows\system32\OOBE\oobebaln.exe [2005-03-03 00:12]

.

2005-10-14 c:\windows\Tasks\Registration reminder 2.job

- c:\windows\system32\OOBE\oobebaln.exe [2005-03-03 00:12]

.

2005-10-14 c:\windows\Tasks\Registration reminder 3.job

- c:\windows\system32\OOBE\oobebaln.exe [2005-03-03 00:12]

.

2011-03-25 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-10-14 22:26]

.

2011-03-25 c:\windows\Tasks\User_Feed_Synchronization-{4597B97F-F354-46AB-8D3B-B7B882A3A2F5}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch

IE: Display All Images with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/228"

IE: Display Image with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/227"

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Transfer by Image Converter 2 - c:\program files\Sony\Image Converter 2\menu.htm

FF - ProfilePath - c:\documents and settings\LD Harrison\Application Data\Mozilla\Firefox\Profiles\6dlh64pv.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-DVD Decrypter - c:\program files\DVD Decrypter\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-03-25 18:07

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(824)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(2432)

c:\windows\system32\WININET.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\windows\system32\wscntfy.exe

c:\program files\TeamViewer\Version5\TeamViewer.exe

c:\windows\LTMSG.exe

c:\progra~1\AIM\AIMWDI~1.EXE

c:\program files\Microsoft ActiveSync\wcescomm.exe

c:\progra~1\MI3AA1~1\rapimgr.exe

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files\HP\Digital Imaging\bin\hpqgalry.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

c:\windows\system32\HPZipm12.exe

c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

c:\program files\Motorola\MotoConnectService\MotoConnect.exe

.

**************************************************************************

.

Completion time: 2011-03-25 18:15:57 - machine was rebooted

ComboFix-quarantined-files.txt 2011-03-25 23:15

.

Pre-Run: 52,061,257,728 bytes free

Post-Run: 62,421,663,744 bytes free

.

- - End Of File - - DBD651BCD6710B5AD68DA8F8E443D75F

Share this post


Link to post
Share on other sites

How is it running so far?

 

ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan

 

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

 

*Note

It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

 

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin

    scanning your computer. Please be patient as this can take some time.

  • Look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Select Uninstall application on close check box and push Posted Image
===================================================

 

Re-run Malwarebytes' Anti-Malware

  • Double-click MalwareBytes' (Note to Vista users, please right-click and select Run as Administrator.)

    • Go to Update tab to update Malwarebytes' Anti-Malware
  • Then click Check for Updates.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
  • The log can also be found here:

    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.

 

===================================================

 

On your next reply please post :

ESET report

MBAM log

 

Let me know if you have any problems in performing with the steps above or any questions you may have.

 

Good Day!

Share this post


Link to post
Share on other sites

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6425

# api_version=3.0.2

# EOSSerial=8d6e7df687c3ed4a96cd9de91974e696

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-03-26 11:28:22

# local_time=2011-03-26 06:28:22 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 14491442 14491442 0 0

# compatibility_mode=1024 16777215 100 0 12404410 12404410 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=450085

# found=8

# cleaned=8

# scan_time=35940

C:\Documents and Settings\LD Harrison\Application Data\Sun\Java\Deployment\cache\6.0\26\78482bda-7b30ab6b multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\LD Harrison\My Documents\Software and instalation files\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\LD Harrison\My Documents\Software and instalation files\Drivers for usb to serial cable\CH341SER.EXE probably a variant of Win32/Agent.BQHRDXF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

F:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\36\268fb64-25807394 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

F:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\37\330b3de5-392ba355 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

F:\Program Files\Gamevance\gvun.exe Win32/Adware.Gamevance.AE application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

G:\I386\Apps\APP16726\src\SpyInstall_HPPre.exe probably a variant of Win32/Agent.HVEUCPZ trojan (deleted - quarantined) 00000000000000000000000000000000 C

G:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP704\A0119108.exe probably a variant of Win32/Agent.HVEUCPZ trojan (deleted - quarantined) 00000000000000000000000000000000 C

 

 

 

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Database version: 6179

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

3/26/2011 11:22:02 PM

mbam-log-2011-03-26 (23-22-02).txt

 

Scan type: Quick scan

Objects scanned: 151915

Time elapsed: 11 minute(s), 12 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

If you're happy, I'm happy. So I think you're good to go.

 

Follow these steps to uninstall Combofix

  • Click START then RUN
  • Now copy/paste the code into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.
Combofix /Uninstall
Posted Image

 

===================================================

 

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
===================================================

 

I'm pleased to let you know that your log is clean!

 

Thank you for your patience, and performing all of the procedures requested. I would also like to take this opportunity to apologize for any delay that may have occurred.

 

--------------------------------------------------------------------------------------------------------------

 

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

 

 

Passwords

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article

Strong passwords: How to create and use them and consider a password keeper, to keep all your passwords safe.

 

 

SPYWARE PREVENTION

This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an add-on available for both Firefox and IE.

  • SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here

  • Download Host.zip and Save it to your Desktop.
  • Right-click hosts.zip and select 'Extract all files' or 'Extract files...'.
  • Follow the prompts and click 'Finish'.
  • This will open the newly created hosts folder on your Desktop.
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
  • Once updated you should see another prompt that the task was completed.
Follow this list and keep your antivirus program and antispyware programs updated and scan with them on a regular basis. By doing so, your potential for being infected again will reduce dramatically.

 

Hopefully this should take care of your problems! Good luck.

 

Do you have any questions or problems to ask? Please do not hesitate to do so.

 

**Please respond this one more time to ensure it is resolved and close this topic.

Share this post


Link to post
Share on other sites

Than you very much. I appreciate the time you invested to help me out. Everything seems to be zipping right along and a lot better.

 

One more Question. What free antivirus do you recommend?

Share this post


Link to post
Share on other sites

You're welcome :)

 

There are several options that you can consider

Avira, Avast, AVG

 

http://www.avira.com/en/avira-free-antivirus

http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html

http://download.cnet.com/AVG-Anti-Virus-Free-Edition-2011/3000-2239_4-10320142.html?part=dl-10044820&subj=dl&tag=button&cdlPid=11014801

 

Either one of these is fine, you can't go wrong with them. Unless you're not happy with the way they function.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...