hijackthis and OTL log - please check for virus/spyware

Status
Not open for further replies.
(part 5)

--------------------
Kodak EasyShare software.lnk - links to C:\PROGRA~2\Kodak\KODAKE~1\bin\EASYSH~1.EXE
C:\PROGRA~2\Kodak\KODAKE~1\bin\EASYSH~1.EXE
282624 bytes
Created: 5/10/2008 6:15 AM
Modified: 5/10/2008 6:15 AM
Company: Eastman Kodak Company
--------------------
Microsoft Office.lnk - links to C:\PROGRA~2\MICROS~1\Office\OSA9.EXE
C:\PROGRA~2\MICROS~1\Office\OSA9.EXE
65588 bytes
Created: 2/17/1999 5:05 PM
Modified: 2/17/1999 5:05 PM
Company: Microsoft Corporation
--------------------

************************************************************
11:52:47 AM: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: ************
[C:\Users\************\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
Adobe Gamma.lnk - links to C:\PROGRA~2\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
C:\PROGRA~2\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
110592 bytes
Created: 3/17/2008 7:30 PM
Modified: 10/18/2001 10:09 PM
Company: Adobe Systems, Inc.
----------
C:\Users\************\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 3/15/2008 8:14 PM
Modified: 3/20/2008 9:00 PM
Company: [no info]
----------
HotSync Manager.lnk - links to C:\PROGRA~2\Palm\Hotsync.exe
C:\PROGRA~2\Palm\Hotsync.exe
-R- 1392640 bytes
Created: 1/3/2008 6:28 PM
Modified: 1/3/2008 6:28 PM
Company: PalmSource, Inc
----------
--------------------

************************************************************
11:52:48 AM: Scanning ----- SCHEDULED TASKS -----
Taskname: {4A952BC3-384F-4B1C-8B7F-889276FB2703}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a C:\Users\************\AppData\Local\Temp\Temp1_pbsetup[1].zip\pbsetup.exe
----------
Taskname: {BFC63824-E9D9-4396-9606-6036F594D7FE}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a "C:\Users\************\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DM34570\LimeWireWin[1].exe" -d C:\Users\************\Desktop
----------
Taskname: {C328ED2B-C732-4677-8C20-600C47A70998}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a "C:\Users\************\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HMNR7OIT\epson318534eu[1].exe" -d C:\Windows\system32
----------
Taskname: {D1E938ED-6761-40D8-A366-C06958BD6FB6}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a "E:\drivers\3in1 - Buslink L40 driver (not found windows vista).exe" -d E:\drivers
----------
Taskname: EasyShare Registration Task
File: C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_7.8.20.2.sxt
C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_7.8.20.2.sxt
815104 bytes
Created: 5/11/2009 6:39 PM
Modified: 5/11/2009 6:39 PM
Company: Eastman Kodak Company
Parameters: C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_7.8.20.2.sxt _RegistrationOffer@16
Schedule: At 7:41:00 PM every 14 days
Next Run Time: 1/18/2010 7:41:00 PM
Status: Ready
Status: ************
Comments:
----------
Taskname: GoogleUpdateTaskMachineCore
File: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 4/5/2009 10:08 AM
Modified: 4/5/2009 10:08 AM
Company: Google Inc.
Parameters: /c
Schedule: Multiple schedule times
Next Run Time: 1/9/2010 9:45:00 PM
Status: Ready
Status: SYSTEM
Comments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
----------
Taskname: GoogleUpdateTaskMachineUA
File: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 4/5/2009 10:08 AM
Modified: 4/5/2009 10:08 AM
Company: Google Inc.
Parameters: /ua /installsource scheduler
Schedule: At 9:45:00 PM every day
Next Run Time: 1/9/2010 12:45:00 PM
Status: Ready
Status: SYSTEM
Comments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
----------
Taskname: RunAsStdUser Task
File: C:\Program Files (x86)\Veoh Networks\Veoh\VeohClient.exe
Parameters: /VistaRunAsStdUser
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Status: RunAsStdUser
Comments:
C:\Program Files (x86)\Veoh Networks\Veoh\VeohClient.exe - [file not found to scan]
----------
Taskname: User_Feed_Synchronization-{8E4C43AE-E10A-45E7-AC38-7F566F835EE5}
File: C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\msfeedssync.exe
13312 bytes
Created: 12/9/2009 11:46 AM
Modified: 11/20/2009 10:59 PM
Company: Microsoft Corporation
Parameters: sync
Schedule: Multiple schedule times
Next Run Time: 1/9/2010 12:25:00 PM
Status: Ready
Status: ************
Comments: Updates out-of-date system feeds.
----------

************************************************************
11:52:49 AM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
11:52:49 AM: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: msacm.l3acm
File: C:\Windows\SysWOW64\l3codeca.acm
C:\Windows\SysWOW64\l3codeca.acm
62464 bytes
Created: 4/13/2008 9:09 AM
Modified: 1/19/2008 1:33 AM
Company: Fraunhofer Institut Integrierte Schaltungen IIS
----------

************************************************************
11:52:50 AM: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\************\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
C:\Users\************\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
106213 bytes
Created: 10/15/2009 12:22 PM
Modified: 10/15/2009 12:22 PM
Company: [no info]
----------
Web Desktop Wallpaper: %APPDATA%\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
C:\Users\************\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
106213 bytes
Created: 10/15/2009 12:22 PM
Modified: 10/15/2009 12:22 PM
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed

************************************************************
11:52:51 AM: Scanning ----- RUNNING PROCESSES -----

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe - file already scanned
--------------------
C:\Users\************\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe - file already scanned
--------------------
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
282624 bytes
Created: 5/10/2008 6:15 AM
Modified: 5/10/2008 6:15 AM
Company: Eastman Kodak Company
--------------------
C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe - file already scanned
--------------------
C:\Program Files (x86)\Acer Display\eDisplay Management\dthtml.exe - file already scanned
--------------------
C:\Program Files (x86)\SBC\update\SST.exe - file already scanned
--------------------
C:\Program Files (x86)\Java\jre6\bin\jusched.exe - file already scanned
--------------------
C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
694008 bytes
Created: 3/15/2008 8:51 PM
Modified: 2/9/2007 11:17 AM
Company: Portrait Displays, Inc.
--------------------
C:\Program Files (x86)\Palm\Hotsync.exe
-R- 1392640 bytes
Created: 1/3/2008 6:28 PM
Modified: 1/3/2008 6:28 PM
Company: PalmSource, Inc
--------------------
C:\Program Files (x86)\Bonjour\mDNSResponder.exe - file already scanned
--------------------
C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe - file already scanned
--------------------
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe - file already scanned
--------------------
C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\ccSvcHst.exe - file already scanned
--------------------
C:\Windows\SysWOW64\PnkBstrA.exe
75064 bytes
Created: 9/6/2008 2:37 PM
Modified: 5/18/2009 6:19 PM
Company: [no info]
--------------------
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe - file already scanned
--------------------
C:\Windows\SysWOW64\DllHost.exe
7168 bytes
Created: 11/2/2006 6:14 AM
Modified: 11/2/2006 3:45 AM
Company: Microsoft Corporation
--------------------
C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\ccSvcHst.exe - file already scanned
--------------------
C:\Program Files (x86)\Internet Explorer\iexplore.exe
638232 bytes
Created: 12/9/2009 11:46 AM
Modified: 11/21/2009 12:42 AM
Company: Microsoft Corporation
--------------------
C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
224632 bytes
Created: 2/6/2009 5:21 PM
Modified: 2/6/2009 5:21 PM
Company: Microsoft Corporation
--------------------
C:\Program Files (x86)\Internet Explorer\iexplore.exe - file already scanned
--------------------
C:\Program Files (x86)\Internet Explorer\iexplore.exe - file already scanned
--------------------
C:\Program Files (x86)\Internet Explorer\iexplore.exe - file already scanned
--------------------
C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe
FileSize: 3613560
[This is a Trojan Remover component]
--------------------

************************************************************
11:52:52 AM: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
MSN.com
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\SysWOW64\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
Bing
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
MSN.com
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
Bing
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
MSN.com
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
Bing
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
MSN.com

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 11:52:52 AM 09 Jan 2010
Total Scan time: 00:00:19
****************************************
 
yes indeed, my computer is not dragging anymore. It seems these 2 programs you recommended me to run has fixed it. when i ran the malwarebytes i hit the delete button for all the viruses it was able to find and it seems it has worked, but we'll see.
Solaris, i wanna thank you for your assistance, i will keep you posted of any updates.

Thank you,

Sal
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
3K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
N
Your computer appears to be correctly configured, but the device or resource (DNS server) is not responding"
Replies
0
Views
4K
nev
N
Back
Top Bottom