Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help with nasty opx.bit app virus bad browser redirects


  • Please log in to reply

#1
Bob Jones

Bob Jones

    New Member

  • Member
  • Pip
  • 1 posts
Hi guys I was wondering if you had any useful tips on how to remove opx.bit from my computer it seems to be slowing down a lot redirecting my browsers and just ruining my computer. I have tried everything and nothing seems to work this is my last attempt before i give up. I have used TDSSKiller,Gooredfix and I have scanned my computer several times with many virus scanners any useful ideas on what to do next.some of the files are called brdgcfgwow.exe, cofiredwow.exe, KBDAZEwow.exe and WsmAutowow.exe any help would be appreciated thanks

Bob Jones




OTL logfile created on: 5/26/2011 6:35:32 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Tyler\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.84% Memory free
5.99 Gb Paging File | 4.87 Gb Available in Paging File | 81.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 166.18 Gb Free Space | 57.64% Space Free | Partition Type: NTFS
Drive D: | 5.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: TYLERSLAPTOP | User Name: Tyler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/26 06:35:18 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Tyler\Desktop\OTL.com
PRC - [2011/05/25 18:52:56 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2011/05/25 18:51:21 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2011/05/25 17:29:11 | 000,507,392 | -HS- | M] () -- C:\Windows\KBDAZEwow.exe
PRC - [2011/05/25 16:57:34 | 000,507,392 | -HS- | M] () -- C:\Windows\brdgcfgwow.exe
PRC - [2011/05/21 11:31:44 | 000,520,704 | -HS- | M] () -- C:\Windows\nettracewow.exe
PRC - [2011/05/20 20:18:11 | 000,505,856 | -HS- | M] () -- C:\Windows\wshirdawow.exe
PRC - [2011/05/18 21:01:31 | 001,122,816 | -HS- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\339.tmp
PRC - [2011/05/17 16:49:34 | 000,515,584 | -HS- | M] () -- C:\Windows\WsmAutowow.exe
PRC - [2011/05/17 16:49:34 | 000,515,584 | -HS- | M] () -- C:\Windows\wercplsupportwow.exe
PRC - [2011/05/11 07:26:46 | 000,515,072 | -HS- | M] () -- C:\Windows\wuwebvwow.exe
PRC - [2011/05/08 11:23:06 | 000,513,536 | -HS- | M] () -- C:\Windows\api-ms-win-core-localregistry-l1-1-0wow.exe
PRC - [2011/05/07 15:39:15 | 000,513,536 | -HS- | M] () -- C:\Windows\uxlibwow.exe
PRC - [2011/05/07 15:10:05 | 000,513,536 | -HS- | M] () -- C:\Windows\NlsLexicons000awow.exe
PRC - [2011/05/06 08:24:01 | 000,513,536 | -HS- | M] () -- C:\Windows\wmdrmnetwow.exe
PRC - [2011/05/05 16:14:52 | 000,498,688 | -HS- | M] (opx.bit) -- C:\Windows\cofiredmwow.exe
PRC - [2011/05/05 07:31:47 | 000,498,688 | -HS- | M] (opx.bit) -- C:\Windows\KBDSLwow.exe
PRC - [2011/05/03 17:40:22 | 000,497,152 | -HS- | M] (opx.bit) -- C:\Windows\stobjectwow.exe
PRC - [2011/05/03 15:52:31 | 000,497,152 | -HS- | M] (opx.bit) -- C:\Windows\ipnathlpwow.exe
PRC - [2011/05/03 08:04:48 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/03 07:59:12 | 000,497,152 | -HS- | M] (opx.bit) -- C:\Windows\api-ms-win-service-management-l1-1-0wow.exe
PRC - [2011/05/02 08:15:43 | 000,497,152 | -HS- | M] (opx.bit) -- C:\Windows\napipsecwow.exe
PRC - [2011/05/02 08:15:43 | 000,497,152 | -HS- | M] (opx.bit) -- C:\Windows\KBDWOLwow.exe
PRC - [2011/05/02 07:47:27 | 000,497,152 | -HS- | M] (opx.bit) -- C:\Windows\api-ms-win-service-winsvc-l1-1-0wow.exe
PRC - [2011/04/29 17:58:50 | 000,174,592 | ---- | M] (opx.bit) -- C:\Users\Tyler\AppData\Roaming\SysWin\lsass.exe
PRC - [2011/04/29 17:57:08 | 001,341,440 | ---- | M] (opx.bit) -- C:\Windows\System32\elslad32.exe
PRC - [2011/04/29 17:57:08 | 001,341,440 | ---- | M] (opx.bit) -- C:\ProgramData\api-ms-win-security-sddl-l1-1-032.exe
PRC - [2011/04/05 14:19:16 | 002,692,024 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\NUA.exe
PRC - [2011/02/26 15:03:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/02/26 09:51:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
PRC - [2009/07/14 10:44:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (SafeList) ==========

MOD - [2011/05/26 06:35:18 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Tyler\Desktop\OTL.com
MOD - [2010/08/21 14:51:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/25 18:52:56 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/05/18 16:01:03 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011/04/29 17:57:08 | 001,341,440 | ---- | M] (opx.bit) [Auto | Running] -- C:\Windows\System32\elslad32.exe -- (Fax32)
SRV - [2011/02/06 20:39:21 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/16 16:01:22 | 000,132,464 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\System32\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2010/02/26 09:51:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2009/07/14 10:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 10:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/05/18 16:11:33 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110525.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/18 16:11:33 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110525.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/10 15:58:31 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/10 15:58:31 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/04/16 05:59:05 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110518.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/04/08 23:01:54 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011/03/15 04:28:33 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110518.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/02/06 11:01:45 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/06 13:31:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/29 14:33:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/22 12:32:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/22 11:59:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/22 11:59:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/26 09:52:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2009/11/21 12:04:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/11/12 13:44:28 | 000,066,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/10/15 13:20:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/07/14 09:22:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 07:43:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 07:32:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2009/07/14 07:32:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://iat.ninemsn.c...er/default.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DF 37 E9 56 27 DE CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F5 10 16 13 26 B6 7C 4F B0 C5 1A CE BE BE A4 C3 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/02/06 11:10:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2011/02/06 11:02:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/03 08:05:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/12 19:14:11 | 000,000,000 | ---D | M]

[2011/02/07 15:05:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Extensions
[2011/05/26 06:29:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\vng8r1ju.default\extensions
[2011/02/13 15:28:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\vng8r1ju.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/14 12:05:29 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\vng8r1ju.default\extensions\[email protected]
[2011/02/23 07:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/13 15:27:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/23 07:13:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/06 11:02:01 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\COFFPLGN
[2011/02/06 11:10:09 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/05/26 06:22:19 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {262C21EA-B626-4F7C-B0C5-1ACEBEBEA4C3} - C:\Windows\System32\api-ms-win-core-console-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [api-ms-win-core-localregistry-l1-1-0wow.exe] C:\Windows\api-ms-win-core-localregistry-l1-1-0wow.exe ()
O4 - HKLM..\Run: [api-ms-win-service-management-l1-1-0wow.exe] C:\Windows\api-ms-win-service-management-l1-1-0wow.exe (opx.bit)
O4 - HKLM..\Run: [api-ms-win-service-winsvc-l1-1-0wow.exe] C:\Windows\api-ms-win-service-winsvc-l1-1-0wow.exe (opx.bit)
O4 - HKLM..\Run: [AudioSeswow.exe] File not found
O4 - HKLM..\Run: [brdgcfgwow.exe] C:\Windows\brdgcfgwow.exe ()
O4 - HKLM..\Run: [cofiredmwow.exe] C:\Windows\cofiredmwow.exe (opx.bit)
O4 - HKLM..\Run: [dhcpcorewow.exe] File not found
O4 - HKLM..\Run: [feclientwow.exe] File not found
O4 - HKLM..\Run: [gpapiwow.exe] File not found
O4 - HKLM..\Run: [htuiwow.exe] File not found
O4 - HKLM..\Run: [ieakuiwow.exe] File not found
O4 - HKLM..\Run: [ipnathlpwow.exe] C:\Windows\ipnathlpwow.exe (opx.bit)
O4 - HKLM..\Run: [KBDAZEwow.exe] C:\Windows\KBDAZEwow.exe ()
O4 - HKLM..\Run: [KBDSLwow.exe] C:\Windows\KBDSLwow.exe (opx.bit)
O4 - HKLM..\Run: [KBDWOLwow.exe] C:\Windows\KBDWOLwow.exe (opx.bit)
O4 - HKLM..\Run: [napipsecwow.exe] C:\Windows\napipsecwow.exe (opx.bit)
O4 - HKLM..\Run: [NlsLexicons000awow.exe] C:\Windows\NlsLexicons000awow.exe ()
O4 - HKLM..\Run: [RTHDBPL] C:\Users\Tyler\AppData\Roaming\SysWin\lsass.exe (opx.bit)
O4 - HKLM..\Run: [stobjectwow.exe] C:\Windows\stobjectwow.exe (opx.bit)
O4 - HKLM..\Run: [uxlibwow.exe] C:\Windows\uxlibwow.exe ()
O4 - HKLM..\Run: [wercplsupportwow.exe] C:\Windows\wercplsupportwow.exe ()
O4 - HKLM..\Run: [wmdrmnetwow.exe] C:\Windows\wmdrmnetwow.exe ()
O4 - HKLM..\Run: [wshirdawow.exe] C:\Windows\wshirdawow.exe ()
O4 - HKLM..\Run: [WsmAutowow.exe] C:\Windows\WsmAutowow.exe ()
O4 - HKLM..\Run: [wuwebvwow.exe] C:\Windows\wuwebvwow.exe ()
O4 - HKCU..\Run: [api-ms-win-core-localregistry-l1-1-0wow.exe] C:\Windows\api-ms-win-core-localregistry-l1-1-0wow.exe ()
O4 - HKCU..\Run: [api-ms-win-service-management-l1-1-0wow.exe] C:\Windows\api-ms-win-service-management-l1-1-0wow.exe (opx.bit)
O4 - HKCU..\Run: [api-ms-win-service-winsvc-l1-1-0wow.exe] C:\Windows\api-ms-win-service-winsvc-l1-1-0wow.exe (opx.bit)
O4 - HKCU..\Run: [AudioSeswow.exe] File not found
O4 - HKCU..\Run: [brdgcfgwow.exe] C:\Windows\brdgcfgwow.exe ()
O4 - HKCU..\Run: [cofiredmwow.exe] C:\Windows\cofiredmwow.exe (opx.bit)
O4 - HKCU..\Run: [dhcpcorewow.exe] File not found
O4 - HKCU..\Run: [feclientwow.exe] File not found
O4 - HKCU..\Run: [gpapiwow.exe] File not found
O4 - HKCU..\Run: [htuiwow.exe] File not found
O4 - HKCU..\Run: [ieakuiwow.exe] File not found
O4 - HKCU..\Run: [ipnathlpwow.exe] C:\Windows\ipnathlpwow.exe (opx.bit)
O4 - HKCU..\Run: [KBDAZEwow.exe] C:\Windows\KBDAZEwow.exe ()
O4 - HKCU..\Run: [KBDSLwow.exe] C:\Windows\KBDSLwow.exe (opx.bit)
O4 - HKCU..\Run: [KBDWOLwow.exe] C:\Windows\KBDWOLwow.exe (opx.bit)
O4 - HKCU..\Run: [mferrorwow.exe] File not found
O4 - HKCU..\Run: [napipsecwow.exe] C:\Windows\napipsecwow.exe (opx.bit)
O4 - HKCU..\Run: [nettracewow.exe] C:\Windows\nettracewow.exe ()
O4 - HKCU..\Run: [NlsLexicons000awow.exe] C:\Windows\NlsLexicons000awow.exe ()
O4 - HKCU..\Run: [NortonUpdateAgent] C:\ProgramData\Norton\NUA.exe (Symantec Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [stobjectwow.exe] C:\Windows\stobjectwow.exe (opx.bit)
O4 - HKCU..\Run: [uxlibwow.exe] C:\Windows\uxlibwow.exe ()
O4 - HKCU..\Run: [wercplsupportwow.exe] C:\Windows\wercplsupportwow.exe ()
O4 - HKCU..\Run: [wmdrmnetwow.exe] C:\Windows\wmdrmnetwow.exe ()
O4 - HKCU..\Run: [wshirdawow.exe] C:\Windows\wshirdawow.exe ()
O4 - HKCU..\Run: [WsmAutowow.exe] C:\Windows\WsmAutowow.exe ()
O4 - HKCU..\Run: [wuwebvwow.exe] C:\Windows\wuwebvwow.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\ProgramData\api-ms-win-core-console-l1-1-032.dll) - C:\ProgramData\api-ms-win-core-console-l1-1-032.dll (Borland Software Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/09/11 08:37:31 | 000,000,058 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{499fff52-31ca-11e0-a0ec-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{499fff52-31ca-11e0-a0ec-806e6f6e6963}\Shell\AutoRun\command - "" = D:\FalloutLauncher.exe -- [2008/09/19 04:08:35 | 006,981,048 | R--- | M] (Bethesda Softworks)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/26 06:35:14 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Tyler\Desktop\OTL.com
[2011/05/26 06:31:42 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tyler\Desktop\TDSSKiller.exe
[2011/05/26 06:29:27 | 000,000,000 | ---D | C] -- C:\Users\Tyler\Desktop\GooredFix Backups
[2011/05/26 06:28:59 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Tyler\Desktop\GooredFix.exe
[2011/05/26 06:22:17 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/26 06:21:10 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\Tyler\Desktop\OTM.exe
[2011/05/26 06:19:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/26 06:18:01 | 000,000,000 | ---D | C] -- C:\Users\Tyler\Desktop\New folder
[2011/05/25 19:33:19 | 000,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Roaming\Agics
[2011/05/22 12:30:52 | 000,252,928 | ---- | C] (KryptoDEV) -- C:\Users\Tyler\Desktop\TerrariaInvEdit.exe
[2011/05/22 10:22:31 | 000,000,000 | ---D | C] -- C:\a4cb18414c18e24d809fd04bcc
[2011/05/20 21:01:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2011/05/16 16:29:47 | 000,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Local\PackageAware
[2011/05/15 20:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011/05/15 19:41:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2011/05/15 17:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2011/05/15 17:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2011/05/15 17:26:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2011/05/12 19:13:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/05/12 19:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/05/12 19:09:08 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/05/12 19:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/05/12 19:09:03 | 000,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Local\Adobe
[2011/05/08 10:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011/05/05 20:55:29 | 000,000,000 | ---D | C] -- C:\The Shaft
[2011/05/05 16:14:53 | 000,498,688 | -HS- | C] (opx.bit) -- C:\Windows\cofiredmwow.exe
[2011/05/05 07:31:51 | 000,498,688 | -HS- | C] (opx.bit) -- C:\Windows\KBDSLwow.exe
[2011/05/03 17:48:51 | 000,497,152 | -HS- | C] (opx.bit) -- C:\Windows\stobjectwow.exe
[2011/05/03 16:08:20 | 000,000,000 | ---D | C] -- C:\Duke Nukem 3D Atomic Edition
[2011/05/03 15:52:33 | 000,497,152 | -HS- | C] (opx.bit) -- C:\Windows\ipnathlpwow.exe
[2011/05/03 08:24:28 | 000,497,152 | -HS- | C] (opx.bit) -- C:\Windows\api-ms-win-service-management-l1-1-0wow.exe
[2011/05/03 07:18:36 | 000,497,152 | -HS- | C] (opx.bit) -- C:\Windows\KBDWOLwow.exe
[2011/05/03 07:18:30 | 000,497,152 | -HS- | C] (opx.bit) -- C:\Windows\napipsecwow.exe
[2011/05/02 07:59:15 | 000,497,152 | -HS- | C] (opx.bit) -- C:\Windows\api-ms-win-service-winsvc-l1-1-0wow.exe
[2011/05/02 07:45:24 | 001,341,440 | ---- | C] (opx.bit) -- C:\ProgramData\msiexec.exe
[2011/04/29 18:04:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\686F47EC8F2E96C5EADC668ACEF43D82
[2011/04/29 18:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\895499090
[2011/04/29 18:02:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32
[2011/04/29 18:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\418761130
[2011/04/29 17:58:54 | 001,341,440 | ---- | C] (opx.bit) -- C:\ProgramData\api-ms-win-security-sddl-l1-1-032.exe
[2011/04/29 17:58:54 | 000,253,440 | ---- | C] (Borland Software Corporation) -- C:\ProgramData\api-ms-win-core-console-l1-1-032.dll
[2011/04/29 17:58:52 | 000,000,000 | -HSD | C] -- C:\Users\Tyler\AppData\Roaming\SysWin
[2011/04/29 17:58:50 | 001,341,440 | ---- | C] (opx.bit) -- C:\Windows\System32\elslad32.exe
[2011/04/29 17:58:48 | 000,411,648 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-032.dll
[2011/04/28 19:23:39 | 000,000,000 | ---D | C] -- C:\penumbra black plague
[2011/04/28 13:31:12 | 000,000,000 | ---D | C] -- C:\Users\Tyler\Documents\Penumbra
[2011/04/28 13:01:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox Interactive
[2011/04/28 12:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\Paradox Interactive
[2011/04/27 10:33:58 | 000,000,000 | ---D | C] -- C:\penumbra overture

========== Files - Modified Within 30 Days ==========

[2011/05/26 06:40:06 | 000,001,265 | ---- | M] () -- C:\ProgramData\1522390449
[2011/05/26 06:35:18 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Tyler\Desktop\OTL.com
[2011/05/26 06:33:17 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/26 06:33:17 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/26 06:32:54 | 000,000,119 | ---- | M] () -- C:\ProgramData\7a47a9ca
[2011/05/26 06:31:19 | 001,301,452 | ---- | M] () -- C:\Users\Tyler\Desktop\tdsskiller.zip
[2011/05/26 06:31:07 | 000,001,940 | ---- | M] () -- C:\Users\Tyler\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/26 06:29:00 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Tyler\Desktop\GooredFix.exe
[2011/05/26 06:25:24 | 000,000,144 | -HS- | M] () -- C:\ProgramData\2056781469
[2011/05/26 06:24:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/26 06:24:25 | 2411,855,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/26 06:22:19 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/26 06:21:18 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\Tyler\Desktop\OTM.exe
[2011/05/26 06:17:37 | 000,513,320 | ---- | M] () -- C:\Users\Tyler\Desktop\erunt.zip
[2011/05/25 21:13:40 | 000,706,092 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/25 21:13:40 | 000,142,810 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/25 20:46:51 | 007,242,713 | ---- | M] () -- C:\Users\Tyler\Desktop\Erectin' a River.mp3
[2011/05/25 20:42:02 | 012,909,304 | ---- | M] () -- C:\Users\Tyler\Desktop\Sidney-Samson-Riverside-Original-Mix-UhOhDisco.com_.mp3
[2011/05/25 18:09:40 | 000,609,248 | ---- | M] () -- C:\Users\Tyler\Desktop\V13_concept.jpg
[2011/05/25 17:29:11 | 000,507,392 | -HS- | M] () -- C:\Windows\KBDAZEwow.exe
[2011/05/25 16:57:34 | 000,507,392 | -HS- | M] () -- C:\Windows\brdgcfgwow.exe
[2011/05/25 07:10:16 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tyler\Desktop\TDSSKiller.exe
[2011/05/23 19:25:58 | 000,146,676 | ---- | M] () -- C:\Users\Tyler\Desktop\m1520296a_2010-11-23_03_873x627.jpg
[2011/05/23 08:23:29 | 000,001,044 | ---- | M] () -- C:\Users\Tyler\Desktop\Terraria - Shortcut.lnk
[2011/05/22 12:30:53 | 000,252,928 | ---- | M] (KryptoDEV) -- C:\Users\Tyler\Desktop\TerrariaInvEdit.exe
[2011/05/21 11:31:44 | 000,520,704 | -HS- | M] () -- C:\Windows\nettracewow.exe
[2011/05/20 20:18:11 | 000,505,856 | -HS- | M] () -- C:\Windows\wshirdawow.exe
[2011/05/17 16:49:34 | 000,515,584 | -HS- | M] () -- C:\Windows\WsmAutowow.exe
[2011/05/17 16:49:34 | 000,515,584 | -HS- | M] () -- C:\Windows\wercplsupportwow.exe
[2011/05/16 16:47:36 | 000,001,175 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/05/15 14:44:18 | 000,001,257 | ---- | M] () -- C:\Users\Tyler\Desktop\left4dead2 - Shortcut.lnk
[2011/05/13 19:41:50 | 000,000,141 | ---- | M] () -- C:\ProgramData\sl460745743
[2011/05/11 07:26:46 | 000,515,072 | -HS- | M] () -- C:\Windows\wuwebvwow.exe
[2011/05/08 21:14:42 | 005,225,727 | ---- | M] () -- C:\ScorpionFortress.zip
[2011/05/08 11:23:06 | 000,513,536 | -HS- | M] () -- C:\Windows\api-ms-win-core-localregistry-l1-1-0wow.exe
[2011/05/07 15:39:15 | 000,513,536 | -HS- | M] () -- C:\Windows\uxlibwow.exe
[2011/05/07 15:10:05 | 000,513,536 | -HS- | M] () -- C:\Windows\NlsLexicons000awow.exe
[2011/05/06 08:24:01 | 000,513,536 | -HS- | M] () -- C:\Windows\wmdrmnetwow.exe
[2011/05/05 16:14:52 | 000,498,688 | -HS- | M] (opx.bit) -- C:\Windows\cofiredmwow.exe
[2011/05/05 07:31:47 | 000,498,688 | -HS- | M] (opx.bit) -- C:\Windows\KBDSLwow.exe
[2011/05/03 17:40:22 | 000,497,152 | -HS- | M] (opx.bit) -- C:\Windows\stobjectwow.exe
[2011/05/03 15:52:31 | 000,497,152 | -HS- | M] (opx.bit) -- C:\Windows\ipnathlpwow.exe
[2011/05/03 08:23:40 | 000,684,187 | ---- | M] () -- C:\the torture game.swf
[2011/05/03 07:59:12 | 000,497,152 | -HS- | M] (opx.bit) -- C:\Windows\api-ms-win-service-management-l1-1-0wow.exe
[2011/05/02 08:15:43 | 000,497,152 | -HS- | M] (opx.bit) -- C:\Windows\napipsecwow.exe
[2011/05/02 08:15:43 | 000,497,152 | -HS- | M] (opx.bit) -- C:\Windows\KBDWOLwow.exe
[2011/05/02 07:47:27 | 000,497,152 | -HS- | M] (opx.bit) -- C:\Windows\api-ms-win-service-winsvc-l1-1-0wow.exe
[2011/04/29 18:02:16 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe
[2011/04/29 17:58:54 | 000,253,440 | ---- | M] (Borland Software Corporation) -- C:\ProgramData\api-ms-win-core-console-l1-1-032.dll
[2011/04/29 17:58:54 | 000,000,128 | ---- | M] () -- C:\Windows\System32\1349106106
[2011/04/29 17:58:48 | 000,411,648 | ---- | M] (Borland Software Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-032.dll
[2011/04/29 17:57:08 | 001,341,440 | ---- | M] (opx.bit) -- C:\ProgramData\msiexec.exe
[2011/04/29 17:57:08 | 001,341,440 | ---- | M] (opx.bit) -- C:\Windows\System32\elslad32.exe
[2011/04/29 17:57:08 | 001,341,440 | ---- | M] (opx.bit) -- C:\ProgramData\api-ms-win-security-sddl-l1-1-032.exe

========== Files Created - No Company Name ==========

[2011/05/26 06:30:48 | 001,301,452 | ---- | C] () -- C:\Users\Tyler\Desktop\tdsskiller.zip
[2011/05/26 06:17:28 | 000,513,320 | ---- | C] () -- C:\Users\Tyler\Desktop\erunt.zip
[2011/05/25 20:45:32 | 007,242,713 | ---- | C] () -- C:\Users\Tyler\Desktop\Erectin' a River.mp3
[2011/05/25 20:38:15 | 012,909,304 | ---- | C] () -- C:\Users\Tyler\Desktop\Sidney-Samson-Riverside-Original-Mix-UhOhDisco.com_.mp3
[2011/05/25 18:09:37 | 000,609,248 | ---- | C] () -- C:\Users\Tyler\Desktop\V13_concept.jpg
[2011/05/25 17:29:13 | 000,507,392 | -HS- | C] () -- C:\Windows\KBDAZEwow.exe
[2011/05/25 16:57:35 | 000,507,392 | -HS- | C] () -- C:\Windows\brdgcfgwow.exe
[2011/05/23 19:25:57 | 000,146,676 | ---- | C] () -- C:\Users\Tyler\Desktop\m1520296a_2010-11-23_03_873x627.jpg
[2011/05/21 11:34:20 | 000,001,044 | ---- | C] () -- C:\Users\Tyler\Desktop\Terraria - Shortcut.lnk
[2011/05/21 11:31:46 | 000,520,704 | -HS- | C] () -- C:\Windows\nettracewow.exe
[2011/05/20 20:18:16 | 000,505,856 | -HS- | C] () -- C:\Windows\wshirdawow.exe
[2011/05/20 19:04:44 | 000,515,584 | -HS- | C] () -- C:\Windows\WsmAutowow.exe
[2011/05/20 19:04:44 | 000,515,584 | -HS- | C] () -- C:\Windows\wercplsupportwow.exe
[2011/05/19 06:25:10 | 000,001,940 | ---- | C] () -- C:\Users\Tyler\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/15 17:30:00 | 000,001,175 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/05/15 14:44:18 | 000,001,257 | ---- | C] () -- C:\Users\Tyler\Desktop\left4dead2 - Shortcut.lnk
[2011/05/13 19:41:50 | 000,000,141 | ---- | C] () -- C:\ProgramData\sl460745743
[2011/05/12 19:14:12 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/05/11 07:26:48 | 000,515,072 | -HS- | C] () -- C:\Windows\wuwebvwow.exe
[2011/05/08 21:14:37 | 005,225,727 | ---- | C] () -- C:\ScorpionFortress.zip
[2011/05/08 11:23:08 | 000,513,536 | -HS- | C] () -- C:\Windows\api-ms-win-core-localregistry-l1-1-0wow.exe
[2011/05/07 15:39:22 | 000,513,536 | -HS- | C] () -- C:\Windows\uxlibwow.exe
[2011/05/07 15:10:05 | 000,513,536 | -HS- | C] () -- C:\Windows\NlsLexicons000awow.exe
[2011/05/06 17:07:07 | 000,513,536 | -HS- | C] () -- C:\Windows\wmdrmnetwow.exe
[2011/05/03 08:23:39 | 000,684,187 | ---- | C] () -- C:\the torture game.swf
[2011/05/02 18:35:12 | 000,000,119 | ---- | C] () -- C:\ProgramData\7a47a9ca
[2011/04/29 18:06:38 | 000,001,265 | ---- | C] () -- C:\ProgramData\1522390449
[2011/04/29 18:02:16 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2011/04/29 18:02:16 | 000,000,144 | -HS- | C] () -- C:\ProgramData\2056781469
[2011/04/29 17:58:50 | 000,000,128 | ---- | C] () -- C:\Windows\System32\1349106106
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/11 20:16:56 | 000,003,306 | ---- | C] () -- C:\Windows\System32\CONFIG.INI
[2011/02/09 15:55:59 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2011/02/09 15:55:13 | 000,282,624 | ---- | C] () -- C:\Windows\System32\DscPnt.dll
[2011/02/09 15:55:13 | 000,260,464 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2011/02/09 15:55:13 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l.dll
[2009/08/02 23:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/07/14 14:27:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 14:03:53 | 000,411,528 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 11:35:48 | 000,706,092 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 11:35:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 11:35:48 | 000,142,810 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 11:35:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 11:35:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 11:34:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 09:25:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 09:21:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 09:12:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 06:56:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/04/21 08:06:18 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\.minecraft
[2011/05/25 19:33:19 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\Agics
[2011/04/24 23:07:42 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\Audacity
[2011/05/16 16:42:18 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\FrostWire
[2011/02/10 18:43:19 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\Subversion
[2011/04/29 17:58:52 | 000,000,000 | -HSD | M] -- C:\Users\Tyler\AppData\Roaming\SysWin
[2011/05/05 20:11:21 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,139 posts
  • MVP
I shouldn't take your case since I'm going on vacation tomorrow but no one else seems to want it and I like new malware.

Copy the text between the lines of stars by highlighting and Ctrl + c


********************************************************************
:Services
Fax32

:OTL
PRC - [2011/05/25 17:29:11 | 000,507,392 | -HS- | M] () -- C:\Windows\KBDAZEwow.exe
PRC - [2011/05/25 16:57:34 | 000,507,392 | -HS- | M] () -- C:\Windows\brdgcfgwow.exe
PRC - [2011/05/21 11:31:44 | 000,520,704 | -HS- | M] () -- C:\Windows\nettracewow.exe
PRC - [2011/05/20 20:18:11 | 000,505,856 | -HS- | M] () -- C:\Windows\wshirdawow.exe
PRC - [2011/05/18 21:01:31 | 001,122,816 | -HS- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\339.tmp
PRC - [2011/05/17 16:49:34 | 000,515,584 | -HS- | M] () -- C:\Windows\WsmAutowow.exe
PRC - [2011/05/17 16:49:34 | 000,515,584 | -HS- | M] () -- C:\Windows\wercplsupportwow.exe
PRC - [2011/05/11 07:26:46 | 000,515,072 | -HS- | M] () -- C:\Windows\wuwebvwow.exe
PRC - [2011/05/08 11:23:06 | 000,513,536 | -HS- | M] () -- C:\Windows\api-ms-win-core-localregistry-l1-1-0wow.exe
PRC - [2011/05/07 15:39:15 | 000,513,536 | -HS- | M] () -- C:\Windows\uxlibwow.exe
PRC - [2011/05/07 15:10:05 | 000,513,536 | -HS- | M] () -- C:\Windows\NlsLexicons000awow.exe
PRC - [2011/05/06 08:24:01 | 000,513,536 | -HS- | M] () -- C:\Windows\wmdrmnetwow.exe
PRC - [2011/05/05 16:14:52 | 000,498,688 | -HS- | M] (opx.bit) -- C:\Windows\cofiredmwow.exe
PRC - [2011/05/05 07:31:47 | 000,498,688 | -HS- | M] (opx.bit) -- C:\Windows\KBDSLwow.exe
PRC - [2011/05/03 17:40:22 | 000,497,152 | -HS- | M] (opx.bit) -- C:\Windows\stobjectwow.exe
PRC - [2011/05/03 15:52:31 | 000,497,152 | -HS- | M] (opx.bit) -- C:\Windows\ipnathlpwow.exe
PRC - [2011/05/03 07:59:12 | 000,497,152 | -HS- | M] (opx.bit) -- C:\Windows\api-ms-win-service-management-l1-1-0wow.exe
PRC - [2011/05/02 08:15:43 | 000,497,152 | -HS- | M] (opx.bit) -- C:\Windows\napipsecwow.exe
PRC - [2011/05/02 08:15:43 | 000,497,152 | -HS- | M] (opx.bit) -- C:\Windows\KBDWOLwow.exe
PRC - [2011/05/02 07:47:27 | 000,497,152 | -HS- | M] (opx.bit) -- C:\Windows\api-ms-win-service-winsvc-l1-1-0wow.exe
PRC - [2011/04/29 17:58:50 | 000,174,592 | ---- | M] (opx.bit) -- C:\Users\Tyler\AppData\Roaming\SysWin\lsass.exe
PRC - [2011/04/29 17:57:08 | 001,341,440 | ---- | M] (opx.bit) -- C:\Windows\System32\elslad32.exe
PRC - [2011/04/29 17:57:08 | 001,341,440 | ---- | M] (opx.bit) -- C:\ProgramData\api-ms-win-security-sddl-l1-1-032.exe
SRV - [2011/04/29 17:57:08 | 001,341,440 | ---- | M] (opx.bit) [Auto | Running] -- C:\Windows\System32\elslad32.exe -- (Fax32)
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
[2011/02/13 15:27:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/23 07:13:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
O2 - BHO: (no name) - {262C21EA-B626-4F7C-B0C5-1ACEBEBEA4C3} - C:\Windows\System32\api-ms-win-core-console-l1-1-032.dll (Borland Software Corporation)
O4 - HKLM..\Run: [api-ms-win-core-localregistry-l1-1-0wow.exe] C:\Windows\api-ms-win-core-localregistry-l1-1-0wow.exe ()
O4 - HKLM..\Run: [api-ms-win-service-management-l1-1-0wow.exe] C:\Windows\api-ms-win-service-management-l1-1-0wow.exe (opx.bit)
O4 - HKLM..\Run: [api-ms-win-service-winsvc-l1-1-0wow.exe] C:\Windows\api-ms-win-service-winsvc-l1-1-0wow.exe (opx.bit)
O4 - HKLM..\Run: [AudioSeswow.exe] File not found
O4 - HKLM..\Run: [brdgcfgwow.exe] C:\Windows\brdgcfgwow.exe ()
O4 - HKLM..\Run: [cofiredmwow.exe] C:\Windows\cofiredmwow.exe (opx.bit)
O4 - HKLM..\Run: [dhcpcorewow.exe] File not found
O4 - HKLM..\Run: [feclientwow.exe] File not found
O4 - HKLM..\Run: [gpapiwow.exe] File not found
O4 - HKLM..\Run: [htuiwow.exe] File not found
O4 - HKLM..\Run: [ieakuiwow.exe] File not found
O4 - HKLM..\Run: [ipnathlpwow.exe] C:\Windows\ipnathlpwow.exe (opx.bit)
O4 - HKLM..\Run: [KBDAZEwow.exe] C:\Windows\KBDAZEwow.exe ()
O4 - HKLM..\Run: [KBDSLwow.exe] C:\Windows\KBDSLwow.exe (opx.bit)
O4 - HKLM..\Run: [KBDWOLwow.exe] C:\Windows\KBDWOLwow.exe (opx.bit)
O4 - HKLM..\Run: [napipsecwow.exe] C:\Windows\napipsecwow.exe (opx.bit)
O4 - HKLM..\Run: [NlsLexicons000awow.exe] C:\Windows\NlsLexicons000awow.exe ()
O4 - HKLM..\Run: [RTHDBPL] C:\Users\Tyler\AppData\Roaming\SysWin\lsass.exe (opx.bit)
O4 - HKLM..\Run: [stobjectwow.exe] C:\Windows\stobjectwow.exe (opx.bit)
O4 - HKLM..\Run: [uxlibwow.exe] C:\Windows\uxlibwow.exe ()
O4 - HKLM..\Run: [wercplsupportwow.exe] C:\Windows\wercplsupportwow.exe ()
O4 - HKLM..\Run: [wmdrmnetwow.exe] C:\Windows\wmdrmnetwow.exe ()
O4 - HKLM..\Run: [wshirdawow.exe] C:\Windows\wshirdawow.exe ()
O4 - HKLM..\Run: [WsmAutowow.exe] C:\Windows\WsmAutowow.exe ()
O4 - HKLM..\Run: [wuwebvwow.exe] C:\Windows\wuwebvwow.exe ()
O4 - HKCU..\Run: [api-ms-win-core-localregistry-l1-1-0wow.exe] C:\Windows\api-ms-win-core-localregistry-l1-1-0wow.exe ()
O4 - HKCU..\Run: [api-ms-win-service-management-l1-1-0wow.exe] C:\Windows\api-ms-win-service-management-l1-1-0wow.exe (opx.bit)
O4 - HKCU..\Run: [api-ms-win-service-winsvc-l1-1-0wow.exe] C:\Windows\api-ms-win-service-winsvc-l1-1-0wow.exe (opx.bit)
O4 - HKCU..\Run: [AudioSeswow.exe] File not found
O4 - HKCU..\Run: [brdgcfgwow.exe] C:\Windows\brdgcfgwow.exe ()
O4 - HKCU..\Run: [cofiredmwow.exe] C:\Windows\cofiredmwow.exe (opx.bit)
O4 - HKCU..\Run: [dhcpcorewow.exe] File not found
O4 - HKCU..\Run: [feclientwow.exe] File not found
O4 - HKCU..\Run: [gpapiwow.exe] File not found
O4 - HKCU..\Run: [htuiwow.exe] File not found
O4 - HKCU..\Run: [ieakuiwow.exe] File not found
O4 - HKCU..\Run: [ipnathlpwow.exe] C:\Windows\ipnathlpwow.exe (opx.bit)
O4 - HKCU..\Run: [KBDAZEwow.exe] C:\Windows\KBDAZEwow.exe ()
O4 - HKCU..\Run: [KBDSLwow.exe] C:\Windows\KBDSLwow.exe (opx.bit)
O4 - HKCU..\Run: [KBDWOLwow.exe] C:\Windows\KBDWOLwow.exe (opx.bit)
O4 - HKCU..\Run: [mferrorwow.exe] File not found
O4 - HKCU..\Run: [napipsecwow.exe] C:\Windows\napipsecwow.exe (opx.bit)
O4 - HKCU..\Run: [nettracewow.exe] C:\Windows\nettracewow.exe ()
O4 - HKCU..\Run: [NlsLexicons000awow.exe] C:\Windows\NlsLexicons000awow.exe ()
O4 - HKCU..\Run: [stobjectwow.exe] C:\Windows\stobjectwow.exe (opx.bit)
O4 - HKCU..\Run: [uxlibwow.exe] C:\Windows\uxlibwow.exe ()
O4 - HKCU..\Run: [wercplsupportwow.exe] C:\Windows\wercplsupportwow.exe ()
O4 - HKCU..\Run: [wmdrmnetwow.exe] C:\Windows\wmdrmnetwow.exe ()
O4 - HKCU..\Run: [wshirdawow.exe] C:\Windows\wshirdawow.exe ()
O4 - HKCU..\Run: [WsmAutowow.exe] C:\Windows\WsmAutowow.exe ()
O4 - HKCU..\Run: [wuwebvwow.exe] C:\Windows\wuwebvwow.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O20 - AppInit_DLLs: (C:\ProgramData\api-ms-win-core-console-l1-1-032.dll) - C:\ProgramData\api-ms-win-core-console-l1-1-032.dll (Borland Software Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
[2011/05/25 17:29:13 | 000,507,392 | -HS- | C] () -- C:\Windows\KBDAZEwow.exe
[2011/05/25 16:57:35 | 000,507,392 | -HS- | C] () -- C:\Windows\brdgcfgwow.exe
[2011/05/21 11:31:46 | 000,520,704 | -HS- | C] () -- C:\Windows\nettracewow.exe
[2011/05/20 20:18:16 | 000,505,856 | -HS- | C] () -- C:\Windows\wshirdawow.exe
[2011/05/20 19:04:44 | 000,515,584 | -HS- | C] () -- C:\Windows\WsmAutowow.exe
[2011/05/20 19:04:44 | 000,515,584 | -HS- | C] () -- C:\Windows\wercplsupportwow.exe
[2011/05/19 06:25:10 | 000,001,940 | ---- | C] () -- C:\Users\Tyler\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/13 19:41:50 | 000,000,141 | ---- | C] () -- C:\ProgramData\sl460745743
[2011/05/11 07:26:48 | 000,515,072 | -HS- | C] () -- C:\Windows\wuwebvwow.exe
[2011/05/08 11:23:08 | 000,513,536 | -HS- | C] () -- C:\Windows\api-ms-win-core-localregistry-l1-1-0wow.exe
[2011/05/07 15:39:22 | 000,513,536 | -HS- | C] () -- C:\Windows\uxlibwow.exe
[2011/05/07 15:10:05 | 000,513,536 | -HS- | C] () -- C:\Windows\NlsLexicons000awow.exe
[2011/05/06 17:07:07 | 000,513,536 | -HS- | C] () -- C:\Windows\wmdrmnetwow.exe
[2011/05/03 08:23:39 | 000,684,187 | ---- | C] () -- C:\the torture game.swf
[2011/05/02 18:35:12 | 000,000,119 | ---- | C] () -- C:\ProgramData\7a47a9ca
[2011/04/29 18:06:38 | 000,001,265 | ---- | C] () -- C:\ProgramData\1522390449
[2011/04/29 18:02:16 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2011/04/29 18:02:16 | 000,000,144 | -HS- | C] () -- C:\ProgramData\2056781469
[2011/04/29 17:58:50 | 000,000,128 | ---- | C] () -- C:\Windows\System32\1349106106
[2011/05/26 06:40:06 | 000,001,265 | ---- | M] () -- C:\ProgramData\1522390449
[2011/05/26 06:32:54 | 000,000,119 | ---- | M] () -- C:\ProgramData\7a47a9ca
[2011/05/26 06:31:07 | 000,001,940 | ---- | M] () -- C:\Users\Tyler\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/26 06:25:24 | 000,000,144 | -HS- | M] () -- C:\ProgramData\2056781469
[2011/05/25 17:29:11 | 000,507,392 | -HS- | M] () -- C:\Windows\KBDAZEwow.exe
[2011/05/25 16:57:34 | 000,507,392 | -HS- | M] () -- C:\Windows\brdgcfgwow.exe
[2011/05/21 11:31:44 | 000,520,704 | -HS- | M] () -- C:\Windows\nettracewow.exe
[2011/05/20 20:18:11 | 000,505,856 | -HS- | M] () -- C:\Windows\wshirdawow.exe
[2011/05/17 16:49:34 | 000,515,584 | -HS- | M] () -- C:\Windows\WsmAutowow.exe
[2011/05/17 16:49:34 | 000,515,584 | -HS- | M] () -- C:\Windows\wercplsupportwow.exe
[2011/05/13 19:41:50 | 000,000,141 | ---- | M] () -- C:\ProgramData\sl460745743
[2011/05/11 07:26:46 | 000,515,072 | -HS- | M] () -- C:\Windows\wuwebvwow.exe
[2011/05/08 21:14:42 | 005,225,727 | ---- | M] () -- C:\ScorpionFortress.zip
[2011/05/08 11:23:06 | 000,513,536 | -HS- | M] () -- C:\Windows\api-ms-win-core-localregistry-l1-1-0wow.exe
[2011/05/07 15:39:15 | 000,513,536 | -HS- | M] () -- C:\Windows\uxlibwow.exe
[2011/05/07 15:10:05 | 000,513,536 | -HS- | M] () -- C:\Windows\NlsLexicons000awow.exe
[2011/05/06 08:24:01 | 000,513,536 | -HS- | M] () -- C:\Windows\wmdrmnetwow.exe
[2011/05/05 16:14:52 | 000,498,688 | -HS- | M] (opx.bit) -- C:\Windows\cofiredmwow.exe
[2011/05/05 07:31:47 | 000,498,688 | -HS- | M] (opx.bit) -- C:\Windows\KBDSLwow.exe
[2011/05/03 17:40:22 | 000,497,152 | -HS- | M] (opx.bit) -- C:\Windows\stobjectwow.exe
[2011/05/03 15:52:31 | 000,497,152 | -HS- | M] (opx.bit) -- C:\Windows\ipnathlpwow.exe
[2011/05/03 08:23:40 | 000,684,187 | ---- | M] () -- C:\the torture game.swf
[2011/05/03 07:59:12 | 000,497,152 | -HS- | M] (opx.bit) -- C:\Windows\api-ms-win-service-management-l1-1-0wow.exe
[2011/05/02 08:15:43 | 000,497,152 | -HS- | M] (opx.bit) -- C:\Windows\napipsecwow.exe
[2011/05/02 08:15:43 | 000,497,152 | -HS- | M] (opx.bit) -- C:\Windows\KBDWOLwow.exe
[2011/05/02 07:47:27 | 000,497,152 | -HS- | M] (opx.bit) -- C:\Windows\api-ms-win-service-winsvc-l1-1-0wow.exe
[2011/04/29 18:02:16 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe
[2011/04/29 17:58:54 | 000,253,440 | ---- | M] (Borland Software Corporation) -- C:\ProgramData\api-ms-win-core-console-l1-1-032.dll
[2011/04/29 17:58:54 | 000,000,128 | ---- | M] () -- C:\Windows\System32\1349106106
[2011/04/29 17:58:48 | 000,411,648 | ---- | M] (Borland Software Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-032.dll
[2011/04/29 17:57:08 | 001,341,440 | ---- | M] (opx.bit) -- C:\ProgramData\msiexec.exe
[2011/04/29 17:57:08 | 001,341,440 | ---- | M] (opx.bit) -- C:\Windows\System32\elslad32.exe
[2011/04/29 17:57:08 | 001,341,440 | ---- | M] (opx.bit) -- C:\ProgramData\api-ms-win-security-sddl-l1-1-032.exe
[2011/05/05 16:14:53 | 000,498,688 | -HS- | C] (opx.bit) -- C:\Windows\cofiredmwow.exe
[2011/05/05 07:31:51 | 000,498,688 | -HS- | C] (opx.bit) -- C:\Windows\KBDSLwow.exe
[2011/05/03 17:48:51 | 000,497,152 | -HS- | C] (opx.bit) -- C:\Windows\stobjectwow.exe
[2011/05/03 15:52:33 | 000,497,152 | -HS- | C] (opx.bit) -- C:\Windows\ipnathlpwow.exe
[2011/05/03 08:24:28 | 000,497,152 | -HS- | C] (opx.bit) -- C:\Windows\api-ms-win-service-management-l1-1-0wow.exe
[2011/05/03 07:18:36 | 000,497,152 | -HS- | C] (opx.bit) -- C:\Windows\KBDWOLwow.exe
[2011/05/03 07:18:30 | 000,497,152 | -HS- | C] (opx.bit) -- C:\Windows\napipsecwow.exe
[2011/05/02 07:59:15 | 000,497,152 | -HS- | C] (opx.bit) -- C:\Windows\api-ms-win-service-winsvc-l1-1-0wow.exe
[2011/05/02 07:45:24 | 001,341,440 | ---- | C] (opx.bit) -- C:\ProgramData\msiexec.exe
[2011/04/29 18:04:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\686F47EC8F2E96C5EADC668ACEF43D82
[2011/04/29 18:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\895499090
[2011/04/29 18:02:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32
[2011/04/29 18:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\418761130
[2011/04/29 17:58:54 | 001,341,440 | ---- | C] (opx.bit) -- C:\ProgramData\api-ms-win-security-sddl-l1-1-032.exe
[2011/04/29 17:58:54 | 000,253,440 | ---- | C] (Borland Software Corporation) -- C:\ProgramData\api-ms-win-core-console-l1-1-032.dll
[2011/04/29 17:58:52 | 000,000,000 | -HSD | C] -- C:\Users\Tyler\AppData\Roaming\SysWin
[2011/04/29 17:58:50 | 001,341,440 | ---- | C] (opx.bit) -- C:\Windows\System32\elslad32.exe
[2011/04/29 17:58:48 | 000,411,648 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-032.dll

:files
C:\Users\Tyler\AppData\Roaming\SysWin
C:\ProgramData\686F47EC8F2E96C5EADC668ACEF43D82
C:\ProgramData\895499090
C:\ProgramData\SysWoW32
C:\ProgramData\418761130

:Commands
[purity]
[emptytemp]
[Reboot]


*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.


If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).



Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it by right clicking and Run As Administrator. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Install the free Avast. Download and Save the install file to your desktop:

http://www.avast.com...ivirus-download

Uninstall Symantec and run the removal tools:
http://us.norton.com...3834EN&ln=en_US
IF this is a paid for version and not a trial follow their instructions to save the license key so you can reinstall it when we are done.

Right click on the avast install file and Run As Administrator

Once you have it installed and it has updated:
Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

Open OTL again (Right click and Run As Admin) and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Are you still getting redirected?
Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP