Computer Infected Not Sure what it is

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Computer Infected Not Sure what it is

Post by MJ1 on Mon 20 Sep 2010, 12:21 pm

First topic message reminder :

Hello,
I was on this site once in March and was helped with an older computer. I now have a Windows 7 64 bit computer and what is on here seems very similar to what I had on my old computer. The symptoms are almost identical. Here is the past thread for reference. [You must be registered and logged in to see this link.]

I am coming here for help much sooner than with the last computer - so the symptoms are not as yet as severe.
Symptoms:
1.Turns off antivirus - AVG will start a scan but then it turns it off - same with Malware bites and Super Antispyware and spyware doctor - won't let me run anything
2. It lights up only one program icon on my desktop and will only open that particular one - if I go into the right click menu then press open - it will open
3.firefox browser gets stuck at the bottom of the page and won't move - it just flashes when I try to move the curser up

HERE IS MY OTL SCAN:
OTL logfile created on: 9/19/2010 6:52:53 PM - Run 1
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Users\LA\Desktop\Documents\ABC14
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.41 Gb Total Space | 208.82 Gb Free Space | 73.17% Space Free | Partition Type: NTFS
Drive D: | 12.49 Gb Total Space | 2.08 Gb Free Space | 16.69% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LA-PC
Current User Name: LA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/19 18:46:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\LA\Desktop\Documents\ABC14\OTL.exe
PRC - [2010/09/09 20:52:05 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/09/09 20:43:38 | 000,488,968 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\realplay.exe
PRC - [2010/09/09 20:43:34 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/07/20 11:25:53 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/07/15 11:04:40 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/07/15 11:04:37 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 11:04:11 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2009/12/25 21:44:37 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/11/18 13:47:14 | 001,243,088 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
PRC - [2009/11/06 15:29:22 | 001,141,712 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
PRC - [2009/10/30 12:18:16 | 000,359,624 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
PRC - [2009/08/17 12:13:44 | 001,486,848 | ---- | M] (Mortal Universe) -- C:\Program Files (x86)\POP Peeper\POPPeeper.exe
PRC - [2007/01/19 12:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe


========== Modules (SafeList) ==========

MOD - [2010/09/19 18:46:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\LA\Desktop\Documents\ABC14\OTL.exe
MOD - [2010/09/09 20:44:05 | 000,040,960 | ---- | M] () -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/09/09 20:43:37 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcp71.dll
MOD - [2010/09/09 20:43:37 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr71.dll
MOD - [2009/07/13 19:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 19:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
MOD - [2009/07/13 19:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/07/20 11:25:53 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/15 11:04:37 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/06 15:29:22 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 12:18:16 | 000,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/06/24 11:53:32 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV:64bit: - [2010/07/15 11:04:40 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/07/15 11:04:11 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/06/02 09:24:06 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/01/13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/11/09 12:20:10 | 000,218,056 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2009/10/09 20:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/20 17:33:42 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw1v64.sys -- (NETw1v64) Intel(R)
DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 11:53:34 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/06/24 11:53:14 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/06/24 11:52:52 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2009/06/24 11:52:46 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/06/24 11:52:32 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/06/23 18:28:22 | 000,684,544 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/06/18 22:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 18:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/03 13:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/26 06:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009/05/23 00:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/04/29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2007/08/16 14:50:06 | 000,688,640 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV - [2010/05/30 17:09:45 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/30 17:09:45 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/05/30 17:09:45 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1QQ?МI{WyI{I{HC>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.5.4
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.7.5
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.05
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.3.8
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.33
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.31
FF - prefs.js..extensions.enabledItems: searchsite@DW-dev:1.8


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/19 14:34:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/09/19 09:24:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/19 09:25:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/19 09:25:38 | 000,000,000 | ---D | M]

[2010/07/20 21:05:32 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Mozilla\Extensions
[2010/07/20 21:05:32 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/09/19 09:49:47 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions
[2010/09/19 09:24:54 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/09/19 09:24:54 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/19 09:25:47 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010/07/25 16:06:25 | 000,000,000 | ---D | M] (InFormEnter) -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
[2010/08/26 14:00:07 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/06/23 15:23:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2010/05/07 10:27:31 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\firebug@software.joehewitt.com
[2010/09/11 09:15:13 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\rankchecker@seobook.com
[2010/03/08 15:23:31 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\robsbacklinkbuilder@robwhisonant.com
[2010/09/19 09:24:54 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\searchsite@DW-dev
[2010/09/19 09:24:54 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\seo4firefox@seobook.com
[2010/09/05 22:02:32 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\seotoolbar@seobook.com
[2010/06/19 22:31:16 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\yslow@yahoo-inc.com
[2010/08/07 07:32:32 | 000,002,887 | ---- | M] () -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\searchplugins\domainsbotcom.xml
[2010/08/25 11:55:05 | 000,001,635 | ---- | M] () -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\searchplugins\firefox-add-ons.xml
[2010/09/17 06:57:10 | 000,005,090 | ---- | M] () -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\searchplugins\youtube.xml
[2010/09/19 09:49:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/07 13:38:14 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/07/21 13:04:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/08 21:43:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/09 08:40:11 | 000,000,931 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.2 licensing.intellimon.com
O1 - Hosts: 127.0.0.2 mailserver.intellimon.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [POP Peeper] C:\Program Files (x86)\POP Peeper\POPPeeper.exe (Mortal Universe)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89C30F0F8BD011D2.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89C30F0F8BD011D2.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} [You must be registered and logged in to see this link.] (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/10 05:19:41 | 000,000,000 | ---D | M] - C:\Auto Blogging Software WSO $47 -- [ NTFS ]
O33 - MountPoints2\{098f22de-2632-11df-b270-001e642cddd0}\Shell - "" = AutoRun
O33 - MountPoints2\{098f22de-2632-11df-b270-001e642cddd0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{1d34a1de-fcf1-11de-b741-001e642cddd0}\Shell - "" = AutoRun
O33 - MountPoints2\{1d34a1de-fcf1-11de-b741-001e642cddd0}\Shell\AutoRun\command - "" = F:\laucher.exe -- File not found
O33 - MountPoints2\{5b27dd8d-3cc4-11df-8396-001f16eb01ae}\Shell - "" = AutoRun
O33 - MountPoints2\{5b27dd8d-3cc4-11df-8396-001f16eb01ae}\Shell\AutoRun\command - "" = G:\MediaManager.exe -- File not found
O33 - MountPoints2\{7317175c-fb42-11de-aab9-001e642cddd0}\Shell - "" = AutoRun
O33 - MountPoints2\{7317175c-fb42-11de-aab9-001e642cddd0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9e268d9b-f330-11de-b68a-001f16eb01ae}\Shell - "" = AutoRun
O33 - MountPoints2\{9e268d9b-f330-11de-b68a-001f16eb01ae}\Shell\AutoRun\command - "" = F:\StormF1.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/18 17:51:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio
[2010/09/10 00:28:51 | 000,000,000 | ---D | C] -- C:\Dad Problems
[2010/09/09 20:43:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2010/09/09 20:43:37 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010/09/09 20:43:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2010/09/09 20:43:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2010/09/09 20:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/09/09 20:43:30 | 000,000,000 | ---D | C] -- C:\Users\LA\AppData\Roaming\Real
[2010/09/03 01:00:02 | 000,000,000 | ---D | C] -- C:\Users\LA\AppData\Local\QuickPlay
[2010/08/30 08:43:56 | 000,000,000 | ---D | C] -- C:\Articles ReWritten
[2010/08/29 13:24:04 | 000,000,000 | ---D | C] -- C:\2f806cd18b85ca8ab1d747b5abafb770
[2010/08/29 13:16:51 | 000,000,000 | ---D | C] -- C:\2845b24da2fd5da100
[2010/08/29 13:15:15 | 000,000,000 | ---D | C] -- C:\ee13e07ee3ddeb0500eb075b990614
[2010/08/28 13:22:22 | 000,000,000 | ---D | C] -- C:\Users\LA\Documents\My Domain Records
[2010/08/28 13:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Softnik Technologies
[2010/08/27 17:58:10 | 000,000,000 | ---D | C] -- C:\Users\LA\dwhelper
[2010/08/25 20:52:17 | 000,000,000 | ---D | C] -- C:\Users\LA\Desktop\upressv5
[2010/08/24 13:17:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IBP 11
[2010/08/24 13:17:17 | 000,000,000 | ---D | C] -- C:\Users\LA\AppData\Roaming\IBP
[2010/08/23 00:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VLS Media
[2010/08/09 08:41:08 | 000,000,000 | ---D | C] -- C:\Users\LA\Documents\Micro Niche Finder
[2010/08/09 08:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Micro Niche Finder
[2010/08/09 08:37:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Micro Niche Finder
[2010/08/09 08:32:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EasyPHP-5.3.3
[2010/08/07 13:40:55 | 000,000,000 | ---D | C] -- C:\Users\LA\AppData\Roaming\skypePM
[2010/08/07 13:39:36 | 000,000,000 | ---D | C] -- C:\Users\LA\AppData\Roaming\Skype
[2010/08/07 13:37:57 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010/08/07 13:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/08/07 13:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/08/07 13:34:25 | 001,704,744 | ---- | C] (Skype Technologies S.A.) -- C:\SkypeSetup.exe
[2010/07/20 21:05:32 | 000,000,000 | ---D | C] -- C:\Users\LA\AppData\Local\MozSwing
[2010/07/20 21:04:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SEO PowerSuite
[2010/07/17 15:30:37 | 003,396,176 | ---- | C] (Piriform Ltd) -- C:\ccsetup233.exe
[2010/07/15 11:04:39 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/07/04 12:51:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Incansoft
[2010/07/04 12:46:30 | 000,000,000 | ---D | C] -- C:\IS0034
[2010/07/04 02:45:05 | 000,032,824 | ---- | C] (Resplendence Software Projects Sp) -- C:\Windows\SysWow64\rrMon.sys
[2010/07/04 02:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Registrar Registry Manager
[2010/07/04 02:42:51 | 002,764,720 | ---- | C] (Resplendence Software Projects Sp. ) -- C:\RegistrarLite.exe
[2010/07/03 23:07:18 | 000,000,000 | ---D | C] -- C:\ScrubTmp
[2010/07/03 22:40:29 | 000,000,000 | ---D | C] -- C:\343870be3367ffa420e42b30e4
[2010/07/03 21:42:21 | 000,000,000 | ---D | C] -- C:\Users\LA\AppData\Local\IsolatedStorage
[2010/07/02 17:59:49 | 000,000,000 | ---D | C] -- C:\WordFlood Activ code
[2010/07/02 17:58:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WordFlood 2.0
[2010/06/28 15:43:38 | 000,740,432 | ---- | C] (Data Dynamics) -- C:\Windows\SysWow64\sg20o.ocx
[2010/06/28 15:43:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Niche Research Commando
[2010/06/28 15:16:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Check Version
[2010/06/28 13:28:11 | 000,000,000 | ---D | C] -- C:\Users\LA\AppData\Roaming\Affilorama
[2010/06/28 13:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Traffic Travis v3
[2010/06/28 11:20:08 | 000,000,000 | ---D | C] -- C:\8f30480d3b7097bb0c5f7ef7b8467535
[2010/06/28 02:13:31 | 000,000,000 | ---D | C] -- C:\1cb88b731fdd5f4a1010254e4c
[2010/06/27 06:40:51 | 000,000,000 | ---D | C] -- C:\325f060c6272aac42ccb89
[2010/06/27 00:32:24 | 000,000,000 | ---D | C] -- C:\c6c673037c9abcea6af5a979f0bb2b
[2010/06/25 12:02:18 | 000,000,000 | ---D | C] -- C:\8bc0ebb71a6bd7f2c6b506f6
[2010/06/25 02:50:25 | 000,000,000 | ---D | C] -- C:\099c4b18e9624e2b4728
[2010/06/24 00:13:41 | 000,000,000 | ---D | C] -- C:\Users\LA\AppData\Local\SubmissionTool
[2010/06/24 00:13:13 | 000,000,000 | ---D | C] -- C:\Users\LA\AppData\Local\SocialSubmitter
[2010/06/23 16:38:58 | 000,000,000 | ---D | C] -- C:\Articles
[2010/06/23 15:44:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SNV Infotech
[2010/06/23 15:20:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2010/06/23 14:35:50 | 000,000,000 | -HSD | C] -- C:\Users\LA\AppData\Roaming\.#
[2010/06/23 14:35:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2010/06/23 14:35:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Action Machine
[2010/06/23 14:35:20 | 000,000,000 | ---D | C] -- C:\theactionmachine2
[1 C:\Users\LA\*.tmp files -> C:\Users\LA\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/19 18:53:18 | 005,505,024 | -HS- | M] () -- C:\Users\LA\ntuser.dat
[2010/09/19 18:43:42 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/19 18:43:42 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/19 18:40:19 | 000,727,362 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/19 18:40:19 | 000,628,410 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/19 18:40:19 | 000,111,818 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/19 18:39:45 | 065,036,688 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/09/19 18:38:48 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/09/19 18:35:59 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/19 18:35:59 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/09/19 18:35:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/19 18:35:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/19 18:35:36 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/19 18:31:10 | 005,001,404 | -H-- | M] () -- C:\Users\LA\AppData\Local\IconCache.db
[2010/09/19 18:06:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/19 18:01:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-14408874-1626793267-1475201148-1000UA.job
[2010/09/19 17:44:59 | 002,742,959 | ---- | M] () -- C:\Users\LA\.websiteauditor.properties
[2010/09/19 09:39:00 | 000,023,611 | ---- | M] () -- C:\Users\LA\Desktop\BUNCH of Downloads.odt
[2010/09/17 10:47:45 | 000,130,048 | ---- | M] () -- C:\Users\LA\Desktop\Zfindit2 .doc
[2010/09/17 07:59:24 | 001,993,420 | ---- | M] () -- C:\Launch Manager 1.00.1e.zip
[2010/09/17 07:51:24 | 000,038,691 | ---- | M] () -- C:\Users\LA\Desktop\KEYBOARD DRIVER DETAILS.JPG
[2010/09/16 11:09:35 | 000,043,028 | ---- | M] () -- C:\Users\LA\Documents\live chat.JPG
[2010/09/15 14:00:40 | 000,423,345 | ---- | M] () -- C:\Users\LA\Desktop\MEETINGList.pdf
[2010/09/14 22:49:43 | 000,083,748 | ---- | M] () -- C:\Users\LA\Documents\Site Flipping2.pdf
[2010/09/14 22:48:30 | 001,054,331 | ---- | M] () -- C:\Users\LA\Documents\Site Flipping Manual.pdf
[2010/09/14 22:39:33 | 000,171,051 | ---- | M] () -- C:\Users\LA\Documents\Awakening-the-Dream.pdf
[2010/09/13 23:01:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-14408874-1626793267-1475201148-1000Core1cab6c160c20022.job
[2010/09/09 20:44:35 | 000,000,025 | ---- | M] () -- C:\Windows\cdplayer.ini
[2010/09/09 20:44:05 | 000,001,224 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/09/09 20:43:37 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010/09/09 20:39:14 | 000,000,839 | ---- | M] () -- C:\kvno_audio.mov
[2010/09/09 18:13:56 | 000,000,063 | ---- | M] () -- C:\kvno.rm
[2010/09/03 21:32:54 | 000,099,473 | ---- | M] () -- C:\Users\LA\Desktop\ALLDomains-77278727.csv
[2010/09/01 01:01:02 | 000,003,367 | ---- | M] () -- C:\history.data
[2010/08/29 21:37:06 | 000,000,061 | ---- | M] () -- C:\Windows\s2t.ini
[2010/08/29 13:07:36 | 000,002,090 | ---- | M] () -- C:\Users\LA\Desktop\Auto Blogging - Shortcut.lnk
[2010/08/29 12:31:17 | 000,003,117 | ---- | M] () -- C:\Users\LA\Desktop\ABS-UserManual.pdf.lnk
[2010/08/28 23:37:44 | 000,022,016 | ---- | M] () -- C:\Users\LA\Desktop\ZSiteMakerDoc.doc
[2010/08/28 13:22:20 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\Domain Name Analyzer v5.lnk
[2010/08/25 19:54:40 | 000,000,923 | ---- | M] () -- C:\Users\LA\Desktop\ABC14 - Shortcut.lnk
[2010/08/25 11:41:09 | 000,001,923 | ---- | M] () -- C:\Users\LA\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/25 11:41:09 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/25 01:36:13 | 000,006,225 | ---- | M] () -- C:\Users\LA\Desktop\ToDoList - Shortcut.lnk
[2010/08/23 00:28:49 | 000,002,605 | ---- | M] () -- C:\Users\Public\Desktop\BlogSlammer!.lnk
[2010/08/21 00:05:55 | 000,461,377 | ---- | M] () -- C:\Users\LA\.spyglass.properties
[2010/08/20 23:24:46 | 000,000,923 | ---- | M] () -- C:\Users\LA\Desktop\ABC11 - Shortcut.lnk
[2010/08/20 17:03:09 | 000,002,344 | ---- | M] () -- C:\Users\LA\Desktop\Google Chrome.lnk
[2010/08/20 00:20:03 | 000,001,876 | ---- | M] () -- C:\Users\LA\Desktop\ABC12 - Shortcut.lnk
[2010/08/19 17:14:34 | 000,029,184 | ---- | M] () -- C:\Users\LA\Desktop\Photoshoplinkns.doc
[2010/08/17 17:43:03 | 004,198,724 | ---- | M] () -- C:\FileZilla_3.3.4.1_win32-setup.exe
[2010/08/13 08:10:02 | 000,363,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/09 19:34:50 | 000,018,703 | ---- | M] () -- C:\Users\LA\Desktop\Text for Ads Odesk.odt
[2010/08/09 08:58:59 | 000,001,899 | ---- | M] () -- C:\Users\LA\Desktop\EasyPHP 5.3.3.lnk
[2010/08/09 08:37:17 | 000,002,045 | ---- | M] () -- C:\Users\Public\Desktop\Micro Niche Finder.lnk
[2010/08/09 08:37:17 | 000,001,967 | ---- | M] () -- C:\Users\LA\Desktop\Micro Niche Finder.lnk
[2010/08/09 00:33:12 | 001,344,512 | ---- | M] () -- C:\Users\LA\Documents\writer.dsam
[2010/08/07 15:03:09 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/08/07 13:40:55 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/08/07 13:34:29 | 001,704,744 | ---- | M] (Skype Technologies S.A.) -- C:\SkypeSetup.exe
[2010/07/25 03:20:25 | 000,014,635 | ---- | M] () -- C:\Users\LA\Desktop\resume-sample-lawyer-legal1.gif
[2010/07/24 01:07:41 | 000,224,598 | ---- | M] () -- C:\Users\LA\Desktop\Deb FPBSC_kit.pdf
[2010/07/20 21:05:07 | 000,002,272 | ---- | M] () -- C:\Users\LA\Desktop\LinkAssistant.lnk
[2010/07/20 21:04:55 | 000,002,301 | ---- | M] () -- C:\Users\LA\Desktop\WebSite Auditor.lnk
[2010/07/20 21:04:43 | 000,002,247 | ---- | M] () -- C:\Users\LA\Desktop\Rank Tracker.lnk
[2010/07/20 21:04:27 | 000,002,247 | ---- | M] () -- C:\Users\LA\Desktop\SEO SpyGlass.lnk
[2010/07/17 15:42:55 | 000,456,306 | ---- | M] () -- C:\Users\LA\Documents\cc_20100717_154225.reg
[2010/07/17 15:37:52 | 000,000,967 | ---- | M] () -- C:\Users\LA\Desktop\CCleaner.lnk
[2010/07/17 15:31:09 | 003,396,176 | ---- | M] (Piriform Ltd) -- C:\ccsetup233.exe
[2010/07/15 11:04:40 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/07/15 11:04:39 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/07/15 11:04:11 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/07/04 13:02:12 | 000,001,853 | ---- | M] () -- C:\Users\LA\Desktop\WEB20Bot_Client - Shortcut.lnk
[2010/07/04 02:42:54 | 002,764,720 | ---- | M] (Resplendence Software Projects Sp. ) -- C:\RegistrarLite.exe
[2010/07/03 21:40:54 | 000,005,160 | ---- | M] () -- C:\Users\LA\Desktop\ABC10 - Shortcut.lnk
[2010/07/03 21:32:48 | 000,012,416 | ---- | M] () -- C:\Users\LA\Desktop\StressDomains.csv
[2010/07/02 17:58:01 | 000,001,029 | ---- | M] () -- C:\Users\LA\Desktop\WordFlood 2.0.lnk
[2010/06/30 23:42:18 | 000,000,973 | ---- | M] () -- C:\Users\LA\Desktop\Traffic Travis.lnk
[2010/06/28 13:30:12 | 000,000,997 | ---- | M] () -- C:\Users\LA\Application Data\Microsoft\Internet Explorer\Quick Launch\Traffic Travis.lnk
[2010/06/23 16:02:56 | 000,001,744 | ---- | M] () -- C:\Users\LA\Desktop\DesktipApp - Shortcut.lnk
[2010/06/23 15:21:20 | 000,735,290 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/23 14:35:48 | 000,001,898 | ---- | M] () -- C:\Users\LA\Desktop\The Action Machine.lnk
[2010/06/23 11:54:37 | 005,327,844 | ---- | M] () -- C:\theactionmachine2.zip
[2010/06/22 02:17:14 | 000,163,955 | ---- | M] () -- C:\Windows\XHeader Bonus Download Uninstaller.exe
[1 C:\Users\LA\*.tmp files -> C:\Users\LA\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/19 17:43:49 | 002,742,959 | ---- | C] () -- C:\Users\LA\.websiteauditor.properties
[2010/09/17 07:59:20 | 001,993,420 | ---- | C] () -- C:\Launch Manager 1.00.1e.zip
[2010/09/17 07:51:24 | 000,038,691 | ---- | C] () -- C:\Users\LA\Desktop\KEYBOARD DRIVER DETAILS.JPG
[2010/09/16 11:09:35 | 000,043,028 | ---- | C] () -- C:\Users\LA\Documents\live chat.JPG
[2010/09/15 14:00:40 | 000,423,345 | ---- | C] () -- C:\Users\LA\Desktop\MEETINGList.pdf
[2010/09/14 22:49:43 | 000,083,748 | ---- | C] () -- C:\Users\LA\Documents\Site Flipping2.pdf
[2010/09/14 22:48:30 | 001,054,331 | ---- | C] () -- C:\Users\LA\Documents\Site Flipping Manual.pdf
[2010/09/14 22:39:33 | 000,171,051 | ---- | C] () -- C:\Users\LA\Documents\Awakening-the-Dream.pdf
[2010/09/09 20:44:35 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/09/09 20:44:05 | 000,001,224 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/09/09 20:39:14 | 000,000,839 | ---- | C] () -- C:\kvno_audio.mov
[2010/09/09 18:13:55 | 000,000,063 | ---- | C] () -- C:\kvno.rm
[2010/09/03 15:23:16 | 000,000,084 | ---- | C] () -- C:\Users\LA\AppData\Local\DVDPATH.TXT
[2010/09/03 01:00:02 | 000,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt
[2010/08/29 13:07:36 | 000,002,090 | ---- | C] () -- C:\Users\LA\Desktop\Auto Blogging - Shortcut.lnk
[2010/08/29 12:27:43 | 000,003,117 | ---- | C] () -- C:\Users\LA\Desktop\ABS-UserManual.pdf.lnk
[2010/08/28 13:22:20 | 000,001,132 | ---- | C] () -- C:\Users\Public\Desktop\Domain Name Analyzer v5.lnk
[2010/08/27 22:48:29 | 000,099,473 | ---- | C] () -- C:\Users\LA\Desktop\ALLDomains-77278727.csv
[2010/08/25 19:54:40 | 000,000,923 | ---- | C] () -- C:\Users\LA\Desktop\ABC14 - Shortcut.lnk
[2010/08/25 11:41:09 | 000,001,899 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/25 01:36:13 | 000,006,225 | ---- | C] () -- C:\Users\LA\Desktop\ToDoList - Shortcut.lnk
[2010/08/23 00:28:49 | 000,002,605 | ---- | C] () -- C:\Users\Public\Desktop\BlogSlammer!.lnk
[2010/08/22 11:32:45 | 000,023,611 | ---- | C] () -- C:\Users\LA\Desktop\BUNCH of Downloads.odt
[2010/08/20 00:20:03 | 000,001,876 | ---- | C] () -- C:\Users\LA\Desktop\ABC12 - Shortcut.lnk
[2010/08/19 17:14:32 | 000,029,184 | ---- | C] () -- C:\Users\LA\Desktop\Photoshoplinkns.doc
[2010/08/17 17:42:52 | 004,198,724 | ---- | C] () -- C:\FileZilla_3.3.4.1_win32-setup.exe
[2010/08/09 10:24:22 | 000,018,703 | ---- | C] () -- C:\Users\LA\Desktop\Text for Ads Odesk.odt
[2010/08/09 08:58:59 | 000,001,899 | ---- | C] () -- C:\Users\LA\Desktop\EasyPHP 5.3.3.lnk
[2010/08/09 08:40:58 | 000,001,967 | ---- | C] () -- C:\Users\LA\Desktop\Micro Niche Finder.lnk
[2010/08/09 08:37:17 | 000,002,045 | ---- | C] () -- C:\Users\Public\Desktop\Micro Niche Finder.lnk
[2010/08/08 16:11:24 | 001,344,512 | ---- | C] () -- C:\Users\LA\Documents\writer.dsam
[2010/08/07 13:40:55 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/08/07 13:37:57 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/08/04 22:06:25 | 000,000,061 | ---- | C] () -- C:\Windows\s2t.ini
[2010/08/03 22:51:35 | 000,130,048 | ---- | C] () -- C:\Users\LA\Desktop\Zfindit2 .doc
[2010/07/25 03:20:25 | 000,014,635 | ---- | C] () -- C:\Users\LA\Desktop\resume-sample-lawyer-legal1.gif
[2010/07/24 01:07:41 | 000,224,598 | ---- | C] () -- C:\Users\LA\Desktop\Deb FPBSC_kit.pdf
[2010/07/20 22:12:34 | 000,461,377 | ---- | C] () -- C:\Users\LA\.spyglass.properties
[2010/07/20 21:05:07 | 000,002,272 | ---- | C] () -- C:\Users\LA\Desktop\LinkAssistant.lnk
[2010/07/20 21:04:55 | 000,002,301 | ---- | C] () -- C:\Users\LA\Desktop\WebSite Auditor.lnk
[2010/07/20 21:04:43 | 000,002,247 | ---- | C] () -- C:\Users\LA\Desktop\Rank Tracker.lnk
[2010/07/20 21:04:27 | 000,002,247 | ---- | C] () -- C:\Users\LA\Desktop\SEO SpyGlass.lnk
[2010/07/17 15:42:31 | 000,456,306 | ---- | C] () -- C:\Users\LA\Documents\cc_20100717_154225.reg
[2010/07/17 15:37:52 | 000,000,967 | ---- | C] () -- C:\Users\LA\Desktop\CCleaner.lnk
[2010/07/04 13:02:12 | 000,001,853 | ---- | C] () -- C:\Users\LA\Desktop\WEB20Bot_Client - Shortcut.lnk
[2010/07/04 02:45:01 | 000,120,376 | ---- | C] () -- C:\Windows\SysWow64\rrsec.dll
[2010/07/04 02:45:01 | 000,097,888 | ---- | C] () -- C:\Windows\SysWow64\rrsec2k.exe
[2010/07/03 21:32:48 | 000,012,416 | ---- | C] () -- C:\Users\LA\Desktop\StressDomains.csv
[2010/07/03 16:20:06 | 000,000,923 | ---- | C] () -- C:\Users\LA\Desktop\ABC11 - Shortcut.lnk
[2010/07/02 17:58:01 | 000,001,029 | ---- | C] () -- C:\Users\LA\Desktop\WordFlood 2.0.lnk
[2010/06/28 13:28:11 | 000,000,997 | ---- | C] () -- C:\Users\LA\Application Data\Microsoft\Internet Explorer\Quick Launch\Traffic Travis.lnk
[2010/06/28 13:28:11 | 000,000,973 | ---- | C] () -- C:\Users\LA\Desktop\Traffic Travis.lnk
[2010/06/23 16:02:56 | 000,001,744 | ---- | C] () -- C:\Users\LA\Desktop\DesktipApp - Shortcut.lnk
[2010/06/23 15:21:18 | 000,735,290 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/23 14:35:48 | 000,001,898 | ---- | C] () -- C:\Users\LA\Desktop\The Action Machine.lnk
[2010/06/23 11:53:38 | 005,327,844 | ---- | C] () -- C:\theactionmachine2.zip
[2010/03/26 07:22:50 | 000,001,023 | ---- | C] () -- C:\Windows\seRapid.INI
[2010/02/03 17:38:28 | 000,000,047 | ---- | C] () -- C:\Windows\s2f.ini
[2010/01/19 23:18:20 | 000,233,472 | ---- | C] () -- C:\Windows\SysWow64\WlanApp.dll
[2010/01/19 23:18:20 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\JJAKEn.dll
[2010/01/18 09:35:50 | 000,000,000 | ---- | C] () -- C:\Users\LA\AppData\Roaming\wklnhst.dat
[2010/01/14 15:55:10 | 000,000,664 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/12/25 21:06:47 | 000,000,177 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/12/25 21:06:33 | 000,000,000 | ---- | C] () -- C:\Users\LA\AppData\Local\QSwitch.txt
[2009/12/25 21:06:33 | 000,000,000 | ---- | C] () -- C:\Users\LA\AppData\Local\DSwitch.txt
[2009/12/25 21:06:33 | 000,000,000 | ---- | C] () -- C:\Users\LA\AppData\Local\AtStart.txt
[2009/09/20 06:37:17 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/09/20 06:37:09 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/09/20 06:36:51 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/09/20 06:36:28 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/09/20 06:35:47 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/09/20 06:35:23 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/08/21 12:55:19 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/08/21 12:51:03 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/08/21 12:49:17 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/08/21 12:48:35 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/07/15 18:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/08/20 02:03:59 | 000,000,000 | -HSD | M] -- C:\Users\LA\AppData\Roaming\.#
[2010/06/28 13:28:11 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Affilorama
[2010/02/06 12:20:22 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Auslogics
[2010/01/19 00:39:36 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\AVG9
[2010/03/31 22:47:36 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/09/19 18:31:04 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\FileZilla
[2009/12/27 14:45:43 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Hyperionics
[2010/08/24 21:51:09 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\IBP
[2010/04/30 22:14:46 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\IObit
[2010/06/07 12:16:08 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\KompoZer
[2010/02/25 22:19:34 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/01/01 20:44:57 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\OpenOffice.org
[2010/09/14 13:04:57 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\POP Peeper
[2010/01/18 09:35:51 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Template
[2010/02/14 01:33:01 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\ubot
[2010/09/19 18:35:59 | 000,000,388 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/08/22 10:33:07 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C

MJ1

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2010-01-22
Operating System : Windows 8 64 bit

View user profile

Back to top Go down


Re: Computer Infected Not Sure what it is

Post by MJ1 on Wed 29 Sep 2010, 2:00 pm

Yes, there seems to be a Repair your computer option.
And I can find disc 1 and 2 of recovery discs that I made but there is a third missing (should I be looking for that one? ). I'm not even sure if recovery discs and bootable discs are the same thing?

MJ1

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2010-01-22
Operating System : Windows 8 64 bit

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by DragonMaster Jay on Thu 30 Sep 2010, 8:48 pm

When booting, select the Repair your computer option.

Then, select Command Prompt.

Type in bootrec.exe /FixMbr and press Enter.

Once done, type in exit and it should reboot your computer.

When you have finished that, please post a new MBRCheck log.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Fri 01 Oct 2010, 2:42 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G60 Notebook PC
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 236):
0x0341B000 \SystemRoot\system32\ntoskrnl.exe
0x039F7000 \SystemRoot\system32\hal.dll
0x00BBD000 \SystemRoot\system32\kdcom.dll
0x00CB3000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CF7000 \SystemRoot\system32\PSHED.dll
0x00D0B000 \SystemRoot\system32\CLFS.SYS
0x00EA2000 \SystemRoot\system32\CI.dll
0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F62000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F71000 \SystemRoot\system32\drivers\fltmgr.sys
0x00E00000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00E57000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00E60000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E6A000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FBD000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FCA000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x00FD3000 \SystemRoot\system32\DRIVERS\mpio.sys
0x00D69000 \SystemRoot\System32\drivers\partmgr.sys
0x00D7E000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00D87000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00D93000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x010CA000 \SystemRoot\System32\drivers\volmgrx.sys
0x01126000 \SystemRoot\system32\DRIVERS\intelide.sys
0x0112E000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x0113E000 \SystemRoot\system32\DRIVERS\aliide.sys
0x01145000 \SystemRoot\system32\DRIVERS\amdide.sys
0x0114C000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x01154000 \SystemRoot\System32\drivers\mountmgr.sys
0x0116E000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x01194000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x011BD000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x011ED000 \SystemRoot\system32\drivers\pavboot64.sys
0x011F8000 \SystemRoot\system32\DRIVERS\pciide.sys
0x01000000 \SystemRoot\system32\DRIVERS\viaide.sys
0x01265000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x01383000 \SystemRoot\system32\DRIVERS\atapi.sys
0x0138C000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x013B6000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x01200000 \SystemRoot\system32\DRIVERS\storport.sys
0x013D3000 \SystemRoot\system32\DRIVERS\msahci.sys
0x013DE000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x01008000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x00DA8000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x01083000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x014AC000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x014CA000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x01511000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0151C000 \SystemRoot\system32\DRIVERS\arc.sys
0x01535000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x01550000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x015D7000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x01400000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x0141F000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x01432000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x01451000 \SystemRoot\system32\DRIVERS\megasas.sys
0x0167F000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x01723000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x01733000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x0181B000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x0175E000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x019BF000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x019CD000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x019E5000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x017BD000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x01800000 \SystemRoot\system32\drivers\fileinfo.sys
0x01600000 \SystemRoot\system32\drivers\PCTCore64.sys
0x01638000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x01A33000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01C83000 \SystemRoot\System32\Drivers\msrpc.sys
0x01CE1000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01CFB000 \SystemRoot\System32\Drivers\cng.sys
0x01D6E000 \SystemRoot\System32\drivers\pcw.sys
0x01D7F000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01EE9000 \SystemRoot\system32\drivers\ndis.sys
0x01E00000 \SystemRoot\system32\drivers\NETIO.SYS
0x01E60000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x02001000 \SystemRoot\System32\drivers\tcpip.sys
0x01E8B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01ED5000 \SystemRoot\system32\DRIVERS\wd.sys
0x01D89000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01EDD000 \SystemRoot\System32\Drivers\spldr.sys
0x01FDB000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x01C00000 \SystemRoot\System32\drivers\rdyboost.sys
0x01C3A000 \SystemRoot\System32\Drivers\mup.sys
0x01C4C000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0145D000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01C55000 \SystemRoot\system32\DRIVERS\disk.sys
0x01DD5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01C6B000 \SystemRoot\System32\Drivers\Null.SYS
0x01FF8000 \SystemRoot\System32\Drivers\Beep.SYS
0x01C74000 \SystemRoot\System32\drivers\vga.sys
0x01BD6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01A00000 \SystemRoot\System32\drivers\watchdog.sys
0x01A10000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01A19000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01A22000 \SystemRoot\system32\drivers\rdprefmp.sys
0x019EF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0164D000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0165E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x017E7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03472000 \SystemRoot\System32\Drivers\avgtdia.sys
0x034C3000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03508000 \SystemRoot\system32\drivers\afd.sys
0x03592000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0359B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x035C1000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x035D7000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0341D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03438000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0423A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0428B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04297000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x042A2000 \SystemRoot\System32\drivers\discache.sys
0x042B1000 \SystemRoot\System32\Drivers\dfsc.sys
0x042CF000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x042E0000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x042E8000 \SystemRoot\System32\Drivers\avgldx64.sys
0x0432F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04355000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0436B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x044A3000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x04C91000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04D85000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04DCB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04C00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04C56000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04C67000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04BA2000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x05051000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
0x057B0000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x057BD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x057DB000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x057E7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05000000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x05049000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04DD8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0504B000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04DE7000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04BDB000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04400000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04424000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04430000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0445F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0447A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04374000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x057F6000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0438E000 \SystemRoot\system32\DRIVERS\ks.sys
0x043D1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05A64000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05ABE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05AD3000 \SystemRoot\system32\drivers\CHDRT64.sys
0x05B7F000 \SystemRoot\system32\drivers\portcls.sys
0x05BBC000 \SystemRoot\system32\drivers\drmk.sys
0x05BDE000 \SystemRoot\system32\drivers\ksthunk.sys
0x05A00000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
0x07C4F000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys
0x07EAF000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
0x07F7A000 \SystemRoot\system32\drivers\modem.sys
0x07F89000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x00060000 \SystemRoot\System32\win32k.sys
0x07FB0000 \SystemRoot\System32\drivers\Dxapi.sys
0x07FCA000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x07E00000 \SystemRoot\System32\Drivers\usbvideo.sys
0x07E2E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x07E49000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x07E57000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x07E70000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x07E79000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x07E87000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x07E94000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004C0000 \SystemRoot\System32\TSDDD.dll
0x00620000 \SystemRoot\System32\cdd.dll
0x00950000 \SystemRoot\System32\ATMFD.DLL
0x07DC3000 \SystemRoot\system32\drivers\luafv.sys
0x07C00000 \SystemRoot\system32\drivers\WudfPf.sys
0x07FE7000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02E6D000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02EC0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02ED3000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02EEB000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x02EF5000 \SystemRoot\system32\drivers\HTTP.sys
0x02FBD000 \SystemRoot\System32\Drivers\fastfat.SYS
0x02E00000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02E1E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02E36000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0324B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03299000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x032BC000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x032C1000 \SystemRoot\system32\drivers\peauth.sys
0x03367000 \SystemRoot\System32\Drivers\secdrv.SYS
0x03372000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0339F000 \SystemRoot\System32\drivers\tcpipreg.sys
0x033B1000 \SystemRoot\system32\DRIVERS\XAudio64.sys
0x04E49000 \SystemRoot\System32\DRIVERS\srv2.sys
0x04EB1000 \SystemRoot\System32\DRIVERS\srv.sys
0x04F47000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x76FC0000 \Windows\System32\ntdll.dll
0x48530000 \Windows\System32\smss.exe
0xFF2E0000 \Windows\System32\apisetschema.dll
0xFF650000 \Windows\System32\autochk.exe
0x76EA0000 \Windows\System32\kernel32.dll
0xFF150000 \Windows\System32\urlmon.dll
0xFF070000 \Windows\System32\oleaut32.dll
0xFF020000 \Windows\System32\Wldap32.dll
0x76DA0000 \Windows\System32\user32.dll
0x77190000 \Windows\System32\normaliz.dll
0xFEEF0000 \Windows\System32\wininet.dll
0xFEED0000 \Windows\System32\sechost.dll
0xFEEB0000 \Windows\System32\imagehlp.dll
0xFEDE0000 \Windows\System32\usp10.dll
0xFED60000 \Windows\System32\shlwapi.dll
0x77180000 \Windows\System32\psapi.dll
0xFED10000 \Windows\System32\ws2_32.dll
0xFEC00000 \Windows\System32\msctf.dll
0xFEBF0000 \Windows\System32\lpk.dll
0xFEB10000 \Windows\System32\advapi32.dll
0xFEA70000 \Windows\System32\msvcrt.dll
0xFEA60000 \Windows\System32\nsi.dll
0xFE9C0000 \Windows\System32\clbcatq.dll
0xFE760000 \Windows\System32\iertutil.dll
0xFE6F0000 \Windows\System32\gdi32.dll
0xFE5C0000 \Windows\System32\rpcrt4.dll
0xFE590000 \Windows\System32\imm32.dll
0xFE380000 \Windows\System32\ole32.dll
0xFE1A0000 \Windows\System32\setupapi.dll
0xFD410000 \Windows\System32\shell32.dll
0xFD390000 \Windows\System32\difxapi.dll
0xFD2F0000 \Windows\System32\comdlg32.dll
0xFD250000 \Windows\System32\comctl32.dll
0xFD0E0000 \Windows\System32\crypt32.dll
0xFD0A0000 \Windows\System32\cfgmgr32.dll
0xFD080000 \Windows\System32\devobj.dll
0xFD040000 \Windows\System32\wintrust.dll
0xFCFD0000 \Windows\System32\KernelBase.dll
0xFCFC0000 \Windows\System32\msasn1.dll
0x75FA0000 \Windows\SysWOW64\normaliz.dll

Processes (total 59):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
400 csrss.exe
484 C:\Windows\System32\wininit.exe
492 csrss.exe
504 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
512 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
592 C:\Windows\System32\services.exe
612 C:\Windows\System32\winlogon.exe
628 C:\Windows\System32\lsass.exe
636 C:\Windows\System32\lsm.exe
704 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
800 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\svchost.exe
1392 C:\Windows\System32\svchost.exe
1512 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
1676 C:\Windows\System32\spoolsv.exe
1712 C:\Windows\System32\svchost.exe
1840 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
1936 C:\Windows\System32\svchost.exe
1984 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1260 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
1412 C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
1888 C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
2052 C:\Windows\System32\svchost.exe
2340 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
2396 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
2480 unsecapp.exe
2540 WmiPrvSE.exe
2676 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
3048 C:\Windows\System32\taskhost.exe
2148 C:\Windows\System32\dwm.exe
1192 C:\Windows\explorer.exe
2120 C:\Program Files\Java\jre6\bin\jusched.exe
2476 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2620 C:\Program Files (x86)\POP Peeper\POPPeeper.exe
3204 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
3244 C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
3260 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3300 C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
3316 C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
3916 C:\Windows\System32\SearchIndexer.exe
4052 C:\Windows\System32\svchost.exe
2468 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
3980 WUDFHost.exe
3752 C:\Program Files\Windows Media Player\wmpnetwk.exe
1216 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1500 C:\Windows\System32\svchost.exe
4420 C:\Windows\System32\SearchProtocolHost.exe
1664 C:\Windows\System32\SearchFilterHost.exe
1420 C:\Program Files (x86)\Real\RealPlayer\realplay.exe
4120 C:\Users\LA\Desktop\MBRCheck.exe
4528 C:\Windows\System32\conhost.exe
4488 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`66b00000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543232L9A300, Rev: FB4OC40J

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

MJ1

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2010-01-22
Operating System : Windows 8 64 bit

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by DragonMaster Jay on Fri 01 Oct 2010, 1:58 pm

Yay!

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Mon 04 Oct 2010, 5:19 am

Sorry for the delay, I ran the scan and everything came out clean. I think we got it!!:-) So can probably close off.

Thanks for all your expert help!

MJ1

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2010-01-22
Operating System : Windows 8 64 bit

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by DragonMaster Jay on Tue 05 Oct 2010, 12:45 pm

Hiya! Your logs appear to be clean. If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Tell me in your next reply, if you have completed these tasks:
  • Cleaned System Restore
  • Ran OTC
  • Ran TFC
  • Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by DragonMaster Jay on Tue 19 Oct 2010, 4:20 pm

Still with us?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Wed 20 Oct 2010, 4:25 pm

Hi,

I am very sorry. Had a problem getting back onto this site. I did all of the above. So here is the log

Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG Free 9.0
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
AVG9 successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
CCleaner
Eusing Free Registry Cleaner
Auslogics Registry Cleaner
Java(TM) 6 Update 22
Java(TM) 6 Update 16
Java(TM) 6 Update 17
Out of date Java installed!
Adobe Flash Player 10.1.82.76
Adobe Reader 9.3
Adobe Reader 9.1 MUI
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgemc.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

MJ1

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2010-01-22
Operating System : Windows 8 64 bit

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by DragonMaster Jay on Wed 20 Oct 2010, 7:36 pm

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

  • Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  • Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  • PC Tools Firewall Plus: free and excellent firewall.


AntiSpyware

  • SpywareBlaster
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  • Spybot - Search & Destroy.
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Securing your computer

  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


See [You must be registered and logged in to see this link.] for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Tue 26 Oct 2010, 6:10 am

Thanks very much. I do have windows firewall so do I need to also put on another firewall? If I use a different firewall should I then turn off windows firewall?

Also am having a small problem and ran all anti-spyware and only gmer found a problem which I am posting below. Is it a problem and if so how do I fix it?

GMER 1.0.15.15477 - [You must be registered and logged in to see this link.]
Rootkit scan 2010-10-25 12:38:23
Windows 6.1.7600
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7B1BDBB9-CA66-4A0A-BAF2-CAC9E292D1DB}@LeaseObtainedTime 1288027595
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7B1BDBB9-CA66-4A0A-BAF2-CAC9E292D1DB}@T1 1288027649
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7B1BDBB9-CA66-4A0A-BAF2-CAC9E292D1DB}@T2 1288027694
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7B1BDBB9-CA66-4A0A-BAF2-CAC9E292D1DB}@LeaseTerminatesTime 1288027715

---- EOF - GMER 1.0.15 ----

thanks

MJ1

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2010-01-22
Operating System : Windows 8 64 bit

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by DragonMaster Jay on Tue 26 Oct 2010, 7:40 am

That is no problem. Looks safe.

Not everything GMER finds (luckily) is bad.

Also, choosing a different firewall from the list will be better, because Windows Firewall is a bit lacking, it seems. A third party firewall will be stronger.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by Sponsored content Today at 2:58 pm


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum