Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System infected: Tidserv Activity/ Tidserv Activity 2


  • Please log in to reply

#1
choongbear

choongbear

    New Member

  • Member
  • Pip
  • 3 posts
Hello,

My Norton anivirus keeps popping up with notifications of attacks to my computer from two sources -1) rollangarr0s.com and 2)f0rtuneroli.com. Norton has identified the name of the virus as Tidserv activity.

notifications generally occur after I make a search on the internet. It is undetectable to my antivirus scans and has failed to have been removed despite using a number of registry cleaners. I dont have a clue what to do!!

Any help would be much appreciated.

Thanks

Choongbear

This is my quick scan OTL log

OTL logfile created on: 25/04/2011 18:50:07 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\pc\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.35 Gb Total Space | 219.53 Gb Free Space | 75.61% Space Free | Partition Type: NTFS
Drive D: | 7.74 Gb Total Space | 1.52 Gb Free Space | 19.69% Space Free | Partition Type: NTFS

Computer Name: PC-PC | User Name: pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/25 18:48:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Downloads\OTL.exe
PRC - [2010/10/18 15:19:50 | 000,457,728 | ---- | M] (Livescribe) -- C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
PRC - [2010/10/07 15:33:32 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe
PRC - [2010/09/20 20:24:40 | 000,377,200 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\mcui32.exe
PRC - [2010/02/26 01:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
PRC - [2010/02/06 04:21:28 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/26 15:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/01/19 08:33:40 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe


========== Modules (SafeList) ==========

MOD - [2011/04/25 18:48:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Downloads\OTL.exe
MOD - [2010/09/20 20:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\asoehook.dll
MOD - [2009/07/12 08:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 08:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\microsoft.vc90.crt\msvcp90.dll
MOD - [2008/01/19 08:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/18 15:19:50 | 000,457,728 | ---- | M] (Livescribe) [Auto | Running] -- C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe -- (PenCommService)
SRV - [2010/02/26 01:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)
SRV - [2008/08/26 15:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/04/15 21:29:05 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110419.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/04/03 14:23:52 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110425.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/03 14:23:52 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110425.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/04/03 14:23:51 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/04/03 14:23:51 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/04/03 13:59:14 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 02:34:54 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110421.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/07/28 13:32:26 | 000,020,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PulseUsb.sys -- (PulseUsb)
DRV - [2010/05/06 05:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/05/06 05:01:44 | 000,044,080 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2010/04/29 06:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1108000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/22 04:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/22 03:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\NIS\1108000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/22 03:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/26 21:34:18 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2010/02/26 21:33:56 | 000,033,848 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/02/26 01:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1108000.005\ccHPx86.sys -- (ccHP)
DRV - [2009/08/30 01:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1108000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/07/24 05:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/02/23 12:25:52 | 003,715,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/10/29 16:43:44 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/08/06 17:26:08 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/20 20:53:02 | 000,100,184 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2011/04/04 10:30:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2011/04/04 10:19:45 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1e930db2-2911-11df-8a92-002186d4182f}\Shell - "" = AutoRun
O33 - MountPoints2\{1e930db2-2911-11df-8a92-002186d4182f}\Shell\AutoRun\command - "" = H:\LaunchU3.exe
O33 - MountPoints2\{77d0ac03-12b6-11df-8d28-002186d4182f}\Shell\AutoRun\command - "" = G:\Toshiba\more4you.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Toshiba\more4you.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Toshiba\more4you.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/24 23:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/04/24 22:06:06 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\AVG
[2011/04/24 22:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2011/04/24 22:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/04/24 21:51:20 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\DriverCure
[2011/04/24 21:51:19 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\ParetoLogic
[2011/04/24 21:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2011/04/24 21:51:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011/04/24 21:44:59 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/04/24 16:12:27 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2011/04/24 15:52:17 | 000,000,000 | ---D | C] -- C:\cf2bd919249af9149d154c5cfb265d0c
[2011/04/24 15:48:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/04/24 15:48:03 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/04/24 15:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/24 15:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/24 15:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/24 15:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/24 14:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/04/24 13:44:40 | 000,044,080 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2011/04/04 10:30:50 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1108000.005\symtdiv.sys
[2011/04/04 10:30:50 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1108000.005\symefa.sys
[2011/04/04 10:30:49 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1108000.005\symds.sys
[2011/04/04 10:30:49 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1108000.005\srtsp.sys
[2011/04/04 10:30:49 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1108000.005\ironx86.sys
[2011/04/04 10:30:49 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1108000.005\srtspx.sys
[2011/04/04 10:30:48 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1108000.005\cchpx86.sys
[2011/04/04 10:30:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1108000.005
[2011/04/03 13:59:15 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/04/03 13:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/04/03 13:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/04/03 13:58:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2011/04/03 13:58:29 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011/04/03 13:58:29 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/04/03 13:58:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/04/03 13:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/04/03 11:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller

========== Files - Modified Within 30 Days ==========

[2011/04/25 18:48:39 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/25 18:48:39 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/25 17:54:09 | 000,603,282 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/25 17:54:09 | 000,106,696 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/25 17:49:14 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\Free File Viewer Update Checker.job
[2011/04/25 17:27:23 | 000,092,770 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/04/25 17:27:22 | 000,092,770 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/04/25 17:26:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/25 17:26:35 | 3218,296,832 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/25 17:16:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/04/25 10:46:15 | 001,592,450 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1108000.005\Cat.DB
[2011/04/24 22:05:28 | 000,000,970 | ---- | M] () -- C:\Users\pc\Desktop\AVG PC Tuneup 2011.lnk
[2011/04/24 21:44:59 | 268,750,739 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/24 16:26:53 | 000,000,943 | ---- | M] () -- C:\Users\pc\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/24 16:19:57 | 000,371,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/24 15:51:01 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/04/24 15:50:22 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2011/04/24 15:50:10 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2011/04/24 15:22:50 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/24 15:11:29 | 000,044,544 | ---- | M] () -- C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/04 14:28:35 | 000,002,204 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/04/03 14:02:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/04/03 14:02:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/04/03 13:59:14 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/04/03 13:59:14 | 000,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/04/03 13:59:14 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/04/03 13:51:26 | 000,000,680 | ---- | M] () -- C:\Users\pc\AppData\Local\d3d9caps.dat
[2011/03/30 17:41:58 | 000,009,696 | -HS- | M] () -- C:\ProgramData\j248wx46r0r6x22pq30q21lof13mh78

========== Files Created - No Company Name ==========

[2011/04/25 17:26:35 | 3218,296,832 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/24 22:05:28 | 000,000,970 | ---- | C] () -- C:\Users\pc\Desktop\AVG PC Tuneup 2011.lnk
[2011/04/24 21:44:28 | 268,750,739 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/24 15:48:53 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/04/24 15:48:53 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/04/24 15:22:49 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/04 14:27:58 | 001,592,450 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\Cat.DB
[2011/04/04 10:30:50 | 000,007,873 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\symefa.cat
[2011/04/04 10:30:50 | 000,007,787 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\symnetv.cat
[2011/04/04 10:30:50 | 000,007,368 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\symnet.cat
[2011/04/04 10:30:50 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\symefa.inf
[2011/04/04 10:30:50 | 000,001,473 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\symnetv.inf
[2011/04/04 10:30:50 | 000,001,445 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\symnet.inf
[2011/04/04 10:30:49 | 000,007,442 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\srtspx.cat
[2011/04/04 10:30:49 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\srtsp.cat
[2011/04/04 10:30:49 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\iron.cat
[2011/04/04 10:30:49 | 000,007,425 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\symds.cat
[2011/04/04 10:30:49 | 000,002,793 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\symds.inf
[2011/04/04 10:30:49 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\srtspx.inf
[2011/04/04 10:30:49 | 000,001,382 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\srtsp.inf
[2011/04/04 10:30:49 | 000,000,741 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\iron.inf
[2011/04/04 10:30:48 | 000,007,396 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\cchpx86.cat
[2011/04/04 10:30:48 | 000,001,754 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\cchpx86.inf
[2011/04/04 10:30:14 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\isolate.ini
[2011/04/03 14:02:22 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/04/03 14:02:22 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/04/03 13:59:15 | 000,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/04/03 13:59:15 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/04/03 13:58:56 | 000,002,204 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/03/21 22:30:29 | 000,009,696 | -HS- | C] () -- C:\ProgramData\j248wx46r0r6x22pq30q21lof13mh78
[2011/01/09 12:42:04 | 000,163,142 | ---- | C] () -- C:\Windows\hpoins28.dat
[2011/01/09 12:42:04 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2010/04/21 10:15:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/06 12:58:41 | 000,034,308 | ---- | C] () -- C:\ProgramData\mazuki.dll
[2010/02/13 00:55:52 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/02/06 06:16:16 | 000,044,544 | ---- | C] () -- C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/06 05:05:33 | 000,092,770 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/02/06 05:05:22 | 000,092,770 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/01/14 03:41:00 | 000,309,248 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2010/01/14 03:38:00 | 000,023,552 | ---- | C] () -- C:\Windows\System32\DirectCOM.dll
[2009/10/15 15:31:48 | 000,000,680 | ---- | C] () -- C:\Users\pc\AppData\Local\d3d9caps.dat
[2009/10/15 11:41:07 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,371,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,603,282 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,106,696 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

========== LOP Check ==========

[2011/02/13 15:15:03 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Alidal
[2011/04/24 22:41:09 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\AVG
[2010/10/04 07:24:01 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Downloaded Installations
[2011/04/24 21:51:20 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\DriverCure
[2011/03/09 10:00:37 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Ergaw
[2011/04/03 11:31:20 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\FreeFileViewer
[2010/10/12 15:27:15 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\NCH Swift Sound
[2011/04/24 21:51:19 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\ParetoLogic
[2011/04/03 11:16:41 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Qoizve
[2010/10/26 12:31:11 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Temp
[2010/03/06 01:57:05 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Thinstall
[2011/01/21 21:23:50 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\TP
[2011/04/25 17:16:17 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\uTorrent
[2011/04/25 17:49:14 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\Free File Viewer Update Checker.job
[2011/04/25 17:48:11 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP