My Norton anivirus keeps popping up with notifications of attacks to my computer from two sources -1) rollangarr0s.com and 2)f0rtuneroli.com. Norton has identified the name of the virus as Tidserv activity.
notifications generally occur after I make a search on the internet. It is undetectable to my antivirus scans and has failed to have been removed despite using a number of registry cleaners. I dont have a clue what to do!!
Any help would be much appreciated.
Thanks
Choongbear
This is my quick scan OTL log
OTL logfile created on: 25/04/2011 18:50:07 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\pc\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.35 Gb Total Space | 219.53 Gb Free Space | 75.61% Space Free | Partition Type: NTFS
Drive D: | 7.74 Gb Total Space | 1.52 Gb Free Space | 19.69% Space Free | Partition Type: NTFS
Computer Name: PC-PC | User Name: pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/04/25 18:48:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Downloads\OTL.exe
PRC - [2010/10/18 15:19:50 | 000,457,728 | ---- | M] (Livescribe) -- C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
PRC - [2010/10/07 15:33:32 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe
PRC - [2010/09/20 20:24:40 | 000,377,200 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\mcui32.exe
PRC - [2010/02/26 01:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
PRC - [2010/02/06 04:21:28 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/26 15:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/01/19 08:33:40 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
========== Modules (SafeList) ==========
MOD - [2011/04/25 18:48:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Downloads\OTL.exe
MOD - [2010/09/20 20:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\asoehook.dll
MOD - [2009/07/12 08:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 08:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\microsoft.vc90.crt\msvcp90.dll
MOD - [2008/01/19 08:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/10/18 15:19:50 | 000,457,728 | ---- | M] (Livescribe) [Auto | Running] -- C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe -- (PenCommService)
SRV - [2010/02/26 01:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)
SRV - [2008/08/26 15:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - [2011/04/15 21:29:05 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110419.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/04/03 14:23:52 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110425.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/03 14:23:52 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110425.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/04/03 14:23:51 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/04/03 14:23:51 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/04/03 13:59:14 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 02:34:54 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110421.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/07/28 13:32:26 | 000,020,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PulseUsb.sys -- (PulseUsb)
DRV - [2010/05/06 05:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/05/06 05:01:44 | 000,044,080 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2010/04/29 06:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1108000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/22 04:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/22 03:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\NIS\1108000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/22 03:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/26 21:34:18 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2010/02/26 21:33:56 | 000,033,848 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/02/26 01:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1108000.005\ccHPx86.sys -- (ccHP)
DRV - [2009/08/30 01:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1108000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/07/24 05:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/02/23 12:25:52 | 003,715,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/10/29 16:43:44 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/08/06 17:26:08 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/20 20:53:02 | 000,100,184 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2011/04/04 10:30:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2011/04/04 10:19:45 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1e930db2-2911-11df-8a92-002186d4182f}\Shell - "" = AutoRun
O33 - MountPoints2\{1e930db2-2911-11df-8a92-002186d4182f}\Shell\AutoRun\command - "" = H:\LaunchU3.exe
O33 - MountPoints2\{77d0ac03-12b6-11df-8d28-002186d4182f}\Shell\AutoRun\command - "" = G:\Toshiba\more4you.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Toshiba\more4you.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Toshiba\more4you.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/04/24 23:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/04/24 22:06:06 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\AVG
[2011/04/24 22:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2011/04/24 22:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/04/24 21:51:20 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\DriverCure
[2011/04/24 21:51:19 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\ParetoLogic
[2011/04/24 21:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2011/04/24 21:51:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011/04/24 21:44:59 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/04/24 16:12:27 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2011/04/24 15:52:17 | 000,000,000 | ---D | C] -- C:\cf2bd919249af9149d154c5cfb265d0c
[2011/04/24 15:48:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/04/24 15:48:03 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/04/24 15:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/24 15:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/24 15:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/24 15:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/24 14:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/04/24 13:44:40 | 000,044,080 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2011/04/04 10:30:50 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1108000.005\symtdiv.sys
[2011/04/04 10:30:50 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1108000.005\symefa.sys
[2011/04/04 10:30:49 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1108000.005\symds.sys
[2011/04/04 10:30:49 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1108000.005\srtsp.sys
[2011/04/04 10:30:49 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1108000.005\ironx86.sys
[2011/04/04 10:30:49 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1108000.005\srtspx.sys
[2011/04/04 10:30:48 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1108000.005\cchpx86.sys
[2011/04/04 10:30:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1108000.005
[2011/04/03 13:59:15 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/04/03 13:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/04/03 13:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/04/03 13:58:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2011/04/03 13:58:29 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011/04/03 13:58:29 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/04/03 13:58:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/04/03 13:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/04/03 11:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
========== Files - Modified Within 30 Days ==========
[2011/04/25 18:48:39 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/25 18:48:39 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/25 17:54:09 | 000,603,282 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/25 17:54:09 | 000,106,696 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/25 17:49:14 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\Free File Viewer Update Checker.job
[2011/04/25 17:27:23 | 000,092,770 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/04/25 17:27:22 | 000,092,770 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/04/25 17:26:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/25 17:26:35 | 3218,296,832 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/25 17:16:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/04/25 10:46:15 | 001,592,450 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1108000.005\Cat.DB
[2011/04/24 22:05:28 | 000,000,970 | ---- | M] () -- C:\Users\pc\Desktop\AVG PC Tuneup 2011.lnk
[2011/04/24 21:44:59 | 268,750,739 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/24 16:26:53 | 000,000,943 | ---- | M] () -- C:\Users\pc\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/24 16:19:57 | 000,371,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/24 15:51:01 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/04/24 15:50:22 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2011/04/24 15:50:10 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2011/04/24 15:22:50 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/24 15:11:29 | 000,044,544 | ---- | M] () -- C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/04 14:28:35 | 000,002,204 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/04/03 14:02:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/04/03 14:02:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/04/03 13:59:14 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/04/03 13:59:14 | 000,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/04/03 13:59:14 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/04/03 13:51:26 | 000,000,680 | ---- | M] () -- C:\Users\pc\AppData\Local\d3d9caps.dat
[2011/03/30 17:41:58 | 000,009,696 | -HS- | M] () -- C:\ProgramData\j248wx46r0r6x22pq30q21lof13mh78
========== Files Created - No Company Name ==========
[2011/04/25 17:26:35 | 3218,296,832 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/24 22:05:28 | 000,000,970 | ---- | C] () -- C:\Users\pc\Desktop\AVG PC Tuneup 2011.lnk
[2011/04/24 21:44:28 | 268,750,739 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/24 15:48:53 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/04/24 15:48:53 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/04/24 15:22:49 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/04 14:27:58 | 001,592,450 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\Cat.DB
[2011/04/04 10:30:50 | 000,007,873 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\symefa.cat
[2011/04/04 10:30:50 | 000,007,787 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\symnetv.cat
[2011/04/04 10:30:50 | 000,007,368 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\symnet.cat
[2011/04/04 10:30:50 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\symefa.inf
[2011/04/04 10:30:50 | 000,001,473 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\symnetv.inf
[2011/04/04 10:30:50 | 000,001,445 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\symnet.inf
[2011/04/04 10:30:49 | 000,007,442 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\srtspx.cat
[2011/04/04 10:30:49 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\srtsp.cat
[2011/04/04 10:30:49 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\iron.cat
[2011/04/04 10:30:49 | 000,007,425 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\symds.cat
[2011/04/04 10:30:49 | 000,002,793 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\symds.inf
[2011/04/04 10:30:49 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\srtspx.inf
[2011/04/04 10:30:49 | 000,001,382 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\srtsp.inf
[2011/04/04 10:30:49 | 000,000,741 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\iron.inf
[2011/04/04 10:30:48 | 000,007,396 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\cchpx86.cat
[2011/04/04 10:30:48 | 000,001,754 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\cchpx86.inf
[2011/04/04 10:30:14 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\isolate.ini
[2011/04/03 14:02:22 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/04/03 14:02:22 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/04/03 13:59:15 | 000,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/04/03 13:59:15 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/04/03 13:58:56 | 000,002,204 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/03/21 22:30:29 | 000,009,696 | -HS- | C] () -- C:\ProgramData\j248wx46r0r6x22pq30q21lof13mh78
[2011/01/09 12:42:04 | 000,163,142 | ---- | C] () -- C:\Windows\hpoins28.dat
[2011/01/09 12:42:04 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2010/04/21 10:15:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/06 12:58:41 | 000,034,308 | ---- | C] () -- C:\ProgramData\mazuki.dll
[2010/02/13 00:55:52 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/02/06 06:16:16 | 000,044,544 | ---- | C] () -- C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/06 05:05:33 | 000,092,770 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/02/06 05:05:22 | 000,092,770 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/01/14 03:41:00 | 000,309,248 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2010/01/14 03:38:00 | 000,023,552 | ---- | C] () -- C:\Windows\System32\DirectCOM.dll
[2009/10/15 15:31:48 | 000,000,680 | ---- | C] () -- C:\Users\pc\AppData\Local\d3d9caps.dat
[2009/10/15 11:41:07 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,371,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,603,282 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,106,696 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
========== LOP Check ==========
[2011/02/13 15:15:03 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Alidal
[2011/04/24 22:41:09 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\AVG
[2010/10/04 07:24:01 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Downloaded Installations
[2011/04/24 21:51:20 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\DriverCure
[2011/03/09 10:00:37 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Ergaw
[2011/04/03 11:31:20 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\FreeFileViewer
[2010/10/12 15:27:15 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\NCH Swift Sound
[2011/04/24 21:51:19 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\ParetoLogic
[2011/04/03 11:16:41 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Qoizve
[2010/10/26 12:31:11 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Temp
[2010/03/06 01:57:05 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Thinstall
[2011/01/21 21:23:50 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\TP
[2011/04/25 17:16:17 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\uTorrent
[2011/04/25 17:49:14 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\Free File Viewer Update Checker.job
[2011/04/25 17:48:11 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4