Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible malware. Need help please.


  • Please log in to reply

#1
Ryan Keyes

Ryan Keyes

    New Member

  • Member
  • Pip
  • 1 posts
I'm helping a friend with their computer that has been going very slow lately. I have done a few minor things, such as free up hard drive space, defragment, and disabled a few startup processes such as Vid.exe. However, the System process is still using up to 150 MB of Memory. Booting into safe mode, this is reduced to 208 KB. I know it could just be extra stuff appearing as the System process, but I haven't been able to find anything. Here is the OTL log. Thank you in advance for any help.

OTL logfile created on: 9/10/2011 11:56:15 AM - Run 2

OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Don Rojo\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy



509.98 Mb Total Physical Memory | 114.37 Mb Available Physical Memory | 22.43% Memory free

1.64 Gb Paging File | 1.27 Gb Available in Paging File | 77.52% Paging File free

Paging file location(s): C:\pagefile.sys 1200 2000 [binary data]



%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.50 Gb Total Space | 26.34 Gb Free Space | 35.36% Space Free | Partition Type: NTFS

Drive F: | 7.44 Gb Total Space | 1.19 Gb Free Space | 16.04% Space Free | Partition Type: FAT32



Computer Name: COMPUTER-3CB41C | User Name: Don Rojo | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days



========== Processes (SafeList) ==========



PRC - [2011/09/10 09:42:18 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Don Rojo\Desktop\OTL.exe

PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe

PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe

PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe

PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe

PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe

PRC - [2010/04/14 20:45:22 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxeacoms.exe

PRC - [2010/04/13 21:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe

PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2005/03/08 19:46:12 | 000,061,440 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe





========== Modules (No Company Name) ==========



MOD - [2010/04/13 21:11:16 | 000,077,624 | ---- | M] () -- C:\Program Files\McAfee Online Backup\librs2.dll

MOD - [2010/04/01 17:24:30 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark\S300-S400 Series\lxeadrs.dll

MOD - [2009/12/16 11:42:14 | 000,167,936 | ---- | M] () -- C:\Program Files\Lexmark\S300-S400 Series\lxeamicro.dll

MOD - [2009/11/04 13:14:20 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxeadrpp.dll

MOD - [2009/03/10 05:43:50 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark\S300-S400 Series\lxeacaps.dll





========== Win32 Services (SafeList) ==========



SRV - File not found [Unknown | Stopped] -- -- (McMPFSvc)

SRV - [2011/07/26 10:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2010/04/14 20:45:22 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxeacoms.exe -- (lxea_device)

SRV - [2010/04/13 21:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)

SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2005/03/08 19:46:12 | 000,061,440 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)





========== Driver Services (SafeList) ==========



DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)

DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2010/07/27 01:15:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)

DRV - [2010/07/27 01:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam C210(UVC)

DRV - [2010/07/27 01:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)

DRV - [2010/07/27 01:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)

DRV - [2010/05/26 11:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks)

DRV - [2010/04/13 21:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MOBK.sys -- (MOBKFilter)

DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)

DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)

DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

DRV - [2003/04/24 15:21:50 | 000,006,025 | R--- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)





========== Standard Registry (SafeList) ==========





========== Internet Explorer ==========



IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com



IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Don Rojo\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Don Rojo\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Don Rojo\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Don Rojo\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)



FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/11 20:10:27 | 000,000,000 | ---D | M]





O1 HOSTS File: ([2010/11/25 18:13:05 | 000,000,787 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 74.208.10.249 gs.apple.com

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - File not found

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1284167128703 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9751AB7-71A3-4292-AB1B-FD282523F280}: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Don Rojo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Don Rojo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/09/09 21:29:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*



========== Files/Folders - Created Within 30 Days ==========



[2011/09/10 10:38:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2011/09/10 10:05:56 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Don Rojo\Desktop\OTL.exe

[2011/08/23 16:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don Rojo\My Documents\Econ12

[2011/08/17 19:02:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don Rojo\Application Data\MSNInstaller

[2011/08/11 21:44:28 | 000,000,000 | -H-D | C] -- C:\$AVG

[2011/08/11 20:29:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don Rojo\Application Data\AVG10

[2011/08/11 20:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2011/08/11 20:17:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011

[2011/08/11 19:52:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2011/08/11 19:52:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG

[2011/08/11 19:15:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2011/08/11 19:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2010/04/14 20:45:24 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeaih.exe

[2010/04/14 20:45:22 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacoms.exe

[2010/04/14 20:45:22 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacfg.exe

[2010/04/13 19:41:34 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacoin.dll

[2009/12/09 19:47:50 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeapmui.dll

[2009/12/09 19:43:14 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeaserv.dll

[2009/12/09 19:41:22 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeahbn3.dll

[2009/12/09 19:40:12 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeausb1.dll

[2009/12/09 19:37:34 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeahcp.dll

[2009/12/09 19:36:32 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxealmpm.dll

[2009/12/09 19:35:50 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeaiesc.dll

[2009/12/09 19:35:44 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacomc.dll

[2009/12/09 19:35:32 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeainpa.dll

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]



========== Files - Modified Within 30 Days ==========



[2011/09/10 11:55:43 | 000,000,321 | -HS- | M] () -- C:\boot.ini

[2011/09/10 11:51:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/09/10 11:21:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/09/10 11:21:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad

[2011/09/10 11:07:51 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\Don Rojo\Desktop\Google Chrome.lnk

[2011/09/10 10:05:51 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Don Rojo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/09/10 09:42:18 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Don Rojo\Desktop\OTL.exe

[2011/09/10 08:36:22 | 131,720,957 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2011/09/08 11:15:16 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/09/04 07:47:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/09/02 05:37:18 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/08/30 17:54:21 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\Don Rojo\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/08/24 05:45:00 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Don Rojo\Desktop\Microsoft Office Word 2003.lnk

[2011/08/24 03:02:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/08/23 20:23:56 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2011/08/11 20:17:27 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]



========== Files Created - No Company Name ==========



[2011/09/10 08:36:22 | 131,720,957 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2011/08/18 07:49:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/08/11 20:17:27 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk

[2010/12/14 18:48:56 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\Don Rojo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/25 11:01:46 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/10/09 11:14:57 | 000,000,415 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2010/10/07 18:43:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010/10/06 19:00:49 | 000,050,596 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/09/10 18:07:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/09/10 17:54:06 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

[2010/09/09 21:32:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/09/09 21:26:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010/09/09 14:21:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/09/09 14:20:49 | 000,244,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/07/27 01:03:20 | 010,829,656 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll

[2010/07/27 01:03:20 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe

[2010/07/27 01:03:18 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll

[2010/07/27 00:56:04 | 000,090,411 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2009/11/09 08:06:52 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxeainsr.dll

[2009/11/09 08:06:50 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxeacur.dll

[2009/11/09 08:06:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxeajswr.dll

[2009/11/09 08:06:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxeainsb.dll

[2009/11/09 08:06:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxeacub.dll

[2009/11/09 08:06:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxeagrd.dll

[2009/11/09 08:06:06 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxeacu.dll

[2009/11/09 08:05:54 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxeains.dll

[2009/11/09 07:59:58 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxeagcfg.dll

[2009/10/21 10:06:22 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxeacuir.dll

[2009/10/21 10:06:20 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxeacui.dll

[2009/02/20 08:48:44 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\lxeasmr.dll

[2009/02/20 08:48:04 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\lxeasm.dll

[2008/03/05 02:55:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxeavs.dll

[2005/03/21 18:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2005/03/21 18:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/04 05:00:00 | 000,444,450 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/04 05:00:00 | 000,072,326 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI



========== LOP Check ==========



[2010/10/14 05:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2011/08/11 20:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2011/08/11 20:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2010/10/14 05:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2010/11/24 10:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\clp

[2011/08/11 19:15:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2010/11/24 10:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FullSpeedPC

[2010/10/28 15:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark S300-S400 Series

[2011/08/11 20:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2010/09/10 19:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011/03/22 16:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don Rojo\Application Data\.minecraft

[2011/08/11 20:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don Rojo\Application Data\AVG10

[2010/09/13 18:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don Rojo\Application Data\AVG9

[2010/11/26 09:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don Rojo\Application Data\Leadertech

[2011/08/17 19:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don Rojo\Application Data\MSNInstaller

[2010/11/28 07:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don Rojo\Application Data\Unity

[2010/09/11 18:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don Rojo\Application Data\Windows Desktop Search



========== Purity Check ==========







< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP