Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Browser Redirect Virus

Started by Inpurisnatura , Aug 01 2011 04:29 PM

This topic is locked

#1
Inpurisnatura

Posted 01 August 2011 - 04:29 PM

Member

Member
12 posts

I recently acquired the XP Internet Security 2012 virus. Luckily, I was able to follow the removal instructions I found online and it was removed. However, I still seem to have a browser redirect virus that I am unable to get rid of. I have used Malwarebytes, TDSSKiller and HitManPro - all with no luck. I have Norton 360 which has been of no help, either. Previously, I could not run Malwarebytes, but using TDSSKiller fixed that.

I am pasting the OTL logs below and appreciate any help you can offer.

Thanks in advance!

OTL logfile created on: 8/1/2011 6:07:04 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\LC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.23 Mb Total Physical Memory | 200.01 Mb Available Physical Memory | 19.55% Memory free
1.66 Gb Paging File | 1.00 Gb Available in Paging File | 60.47% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.28 Gb Total Space | 26.44 Gb Free Space | 69.07% Space Free | Partition Type: NTFS
Drive D: | 3.74 Gb Total Space | 0.96 Gb Free Space | 25.80% Space Free | Partition Type: FAT32

Computer Name: BREACHED-NET | User Name: LC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/01 17:49:43 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LC\Desktop\OTL.exe
PRC - [2011/07/27 19:46:30 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/08/01 17:49:43 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LC\Desktop\OTL.exe
MOD - [2011/04/28 20:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\asOEHook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 03:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\Microsoft.VC90.CRT\msvcr90.dll
MOD - [2009/07/12 03:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\Microsoft.VC90.CRT\msvcp90.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WUSB54GSCSVC)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (EraserSvc11113)

========== Driver Services (SafeList) ==========

DRV - [2011/08/01 15:00:34 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/07/31 01:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110801.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/07/31 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/31 01:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110801.005\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/29 07:58:06 | 000,355,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110729.030\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/07/23 00:32:12 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110723.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/30 23:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 20:39:49 | 000,369,784 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 22:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2005/09/15 12:07:38 | 000,157,824 | R--- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-823518204-1035525444-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.tuxend...353e26c&aff=189
IE - HKU\S-1-5-21-823518204-1035525444-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.tuxend...353e26c&aff=189
IE - HKU\S-1-5-21-823518204-1035525444-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://search.tuxend...353e26c&aff=189
IE - HKU\S-1-5-21-823518204-1035525444-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.tuxend...353e26c&aff=189
IE - HKU\S-1-5-21-823518204-1035525444-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.tuxend...353e26c&aff=189
IE - HKU\S-1-5-21-823518204-1035525444-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.5.10.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.0.8
FF - prefs.js..keyword.URL: "http://search.intern...10101138100&s="

FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..browser.search.order.1: "Search"
FF - user.js..keyword.URL: "http://search.intern...10101138100&s="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/08/01 15:29:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_0_8 [2011/08/01 15:28:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/27 19:46:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/27 19:46:47 | 000,000,000 | ---D | M]

[2008/08/31 02:18:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LC\Application Data\Mozilla\Extensions
[2011/08/01 16:45:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LC\Application Data\Mozilla\Firefox\Profiles\53hdbwgn.default\extensions
[2010/09/25 11:37:50 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\LC\Application Data\Mozilla\Firefox\Profiles\53hdbwgn.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/04/29 02:24:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\LC\Application Data\Mozilla\Firefox\Profiles\53hdbwgn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/28 11:12:58 | 000,000,000 | ---D | M] ("Tree Style Tab") -- C:\Documents and Settings\LC\Application Data\Mozilla\Firefox\Profiles\53hdbwgn.default\extensions\[email protected]
[2011/08/01 15:44:14 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\LC\Application Data\Mozilla\Firefox\Profiles\53hdbwgn.default\searchplugins\safesearch.xml
[2011/07/31 21:20:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/01 15:28:52 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\COFFPLGN_2011_7_0_8
[2011/08/01 15:29:16 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN
[2010/01/06 18:11:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/15 23:30:12 | 000,002,223 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\websearch.xml

Hosts file not found
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-823518204-1035525444-725345543-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-1035525444-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\LC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\LC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/31 01:40:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (bootdelete) - C:\WINDOWS\System32\bootdelete.exe (SurfRight B.V.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Documents and Settings\LC\Local Settings\Application Data\sar.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Documents and Settings\LC\Local Settings\Application Data\sar.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/01 17:50:01 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\LC\Desktop\aswMBR.exe
[2011/08/01 17:49:43 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\LC\Desktop\OTL.exe
[2011/08/01 16:08:57 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/08/01 16:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/08/01 15:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\My Documents\Symantec
[2011/08/01 15:00:34 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/08/01 15:00:34 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/08/01 15:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/08/01 15:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/08/01 14:59:25 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymEFA.sys
[2011/08/01 14:59:25 | 000,369,784 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdi.sys
[2011/08/01 14:59:25 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymDS.sys
[2011/08/01 14:59:25 | 000,331,384 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdiv.sys
[2011/08/01 14:59:25 | 000,296,568 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnets.sys
[2011/08/01 14:59:24 | 000,516,216 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.sys
[2011/08/01 14:59:24 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Ironx86.sys
[2011/08/01 14:59:24 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.sys
[2011/08/01 14:58:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2011/08/01 14:58:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0501000.01D
[2011/08/01 14:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/08/01 14:58:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360
[2011/08/01 14:53:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2011/07/31 22:24:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Application Data\GameInvest
[2011/07/31 21:31:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Application Data\Games
[2011/07/31 20:23:24 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\LC\Desktop\TDSSKiller.exe
[2011/07/31 20:21:29 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/31 20:21:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/31 20:21:25 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/31 20:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/31 20:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Tool
[2011/07/28 16:20:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/07/28 15:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Desktop\Downloads
[2011/07/28 15:29:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Desktop\Demonoid
[2011/07/28 13:08:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/07/28 12:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Application Data\Malwarebytes
[2011/07/28 12:51:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/28 00:35:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WSTB
[2011/07/27 20:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/27 19:59:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/07/27 19:58:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/07/24 21:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Application Data\Friday's games
[2011/07/24 21:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AlawarWrapper
[2011/07/24 21:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2011/07/24 21:16:12 | 000,000,000 | ---D | C] -- C:\Program Files\PuTTY
[2011/07/24 20:49:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Gourmania 3 - Zoo Zoom
[2011/07/24 20:47:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Silent Evil - Kates Rescue
[2011/07/24 20:46:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Something Wicked - A Ghastly Glen Mystery
[2011/07/24 20:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\LeeGT-Games
[2011/07/24 20:45:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Crop Busters
[2011/07/24 20:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Desktop\Games
[2011/07/24 20:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Calibre Library
[2011/07/24 20:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Application Data\calibre
[2011/07/24 20:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2011/07/24 20:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\calibre - E-book Management
[2011/07/24 20:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/07/24 20:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Local Settings\Application Data\uTorrent
[2011/07/24 20:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Application Data\uTorrent
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/01 17:51:00 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\LC\Desktop\aswMBR.exe
[2011/08/01 17:49:43 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LC\Desktop\OTL.exe
[2011/08/01 17:35:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\VersionCheck.job
[2011/08/01 16:08:58 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/08/01 16:08:57 | 000,000,190 | ---- | M] () -- C:\WINDOWS\System32\bootdelete.lst
[2011/08/01 16:01:05 | 000,021,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/08/01 15:29:44 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/08/01 15:29:25 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/08/01 15:28:49 | 000,002,048 | -HS- | M] () -- C:\WINDOWS\System32\c_65621.nl_
[2011/08/01 15:28:37 | 000,000,302 | -HS- | M] () -- C:\WINDOWS\tasks\DTZWZG.job
[2011/08/01 15:28:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/01 15:28:26 | 1073,008,640 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/01 15:01:57 | 000,663,562 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB
[2011/08/01 15:00:34 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/08/01 15:00:34 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/08/01 15:00:34 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/08/01 15:00:33 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/08/01 14:59:31 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2011/08/01 14:58:02 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\LC\Desktop\Norton Installation Files.lnk
[2011/07/31 22:24:11 | 000,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
[2011/07/31 20:21:31 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/31 19:20:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/29 17:26:08 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\LC\Desktop\TDSSKiller.exe
[2011/07/28 15:26:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/28 14:42:35 | 000,015,650 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\y1bey2j6x1n8n3i061280ivc5rn3p1o6c4h5e147k467
[2011/07/28 14:42:34 | 000,015,650 | -HS- | M] () -- C:\Documents and Settings\LC\Local Settings\Application Data\y1bey2j6x1n8n3i061280ivc5rn3p1o6c4h5e147k467
[2011/07/28 13:24:41 | 000,015,646 | -HS- | M] () -- C:\Documents and Settings\LC\Local Settings\Application Data\1202346271
[2011/07/28 13:24:35 | 000,015,680 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2837452202
[2011/07/28 13:24:35 | 000,015,638 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1202346271
[2011/07/28 13:24:34 | 000,015,680 | -HS- | M] () -- C:\Documents and Settings\LC\Local Settings\Application Data\2837452202
[2011/07/28 12:59:21 | 000,063,488 | RHS- | M] () -- C:\WINDOWS\System32\OpenCL1.dll
[2011/07/28 12:43:57 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/26 17:08:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/24 22:18:09 | 000,435,304 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/24 22:18:09 | 000,068,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/24 20:25:17 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2011/07/24 20:19:31 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\LC\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/07/24 20:19:29 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2011/07/24 20:09:15 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2011/07/24 20:09:12 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2011/07/22 19:24:30 | 000,074,292 | ---- | M] () -- C:\Documents and Settings\LC\Application Data\Setup.1.2.exe
[2011/07/08 07:55:36 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/08 07:55:36 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/01 16:08:57 | 000,000,190 | ---- | C] () -- C:\WINDOWS\System32\bootdelete.lst
[2011/08/01 16:01:04 | 000,021,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/08/01 15:01:45 | 000,663,562 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB
[2011/08/01 15:00:34 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/08/01 15:00:34 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/08/01 14:59:31 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2011/08/01 14:59:25 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymDS.cat
[2011/08/01 14:58:30 | 000,001,474 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymNetV.inf
[2011/08/01 14:58:29 | 000,003,373 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymEFA.inf
[2011/08/01 14:58:29 | 000,002,792 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymDS.inf
[2011/08/01 14:58:29 | 000,001,446 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymNet.inf
[2011/08/01 14:58:29 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.inf
[2011/08/01 14:58:29 | 000,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.inf
[2011/08/01 14:58:29 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Iron.inf
[2011/08/01 14:58:20 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnetv.cat
[2011/08/01 14:58:20 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\iron.cat
[2011/08/01 14:58:20 | 000,007,458 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymNet.cat
[2011/08/01 14:58:20 | 000,007,456 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymEFA.cat
[2011/08/01 14:58:20 | 000,007,454 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.cat
[2011/08/01 14:58:20 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.cat
[2011/08/01 14:58:18 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\isolate.ini
[2011/08/01 14:50:07 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\LC\Desktop\Norton Installation Files.lnk
[2011/07/31 22:24:11 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/07/31 20:29:26 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\System32\c_65621.nl_
[2011/07/31 20:21:31 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/28 15:26:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/28 12:59:26 | 000,000,302 | -HS- | C] () -- C:\WINDOWS\tasks\DTZWZG.job
[2011/07/28 12:59:21 | 000,063,488 | RHS- | C] () -- C:\WINDOWS\System32\OpenCL1.dll
[2011/07/28 12:44:51 | 000,015,656 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\y1bey2j6x1n8n3i061280ivc5rn3p1o6c4h5e147k467
[2011/07/28 01:07:39 | 000,015,646 | -HS- | C] () -- C:\Documents and Settings\LC\Local Settings\Application Data\1202346271
[2011/07/28 01:07:39 | 000,015,638 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1202346271
[2011/07/28 00:58:29 | 000,015,680 | -HS- | C] () -- C:\Documents and Settings\LC\Local Settings\Application Data\2837452202
[2011/07/28 00:58:29 | 000,015,680 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2837452202
[2011/07/28 00:35:46 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\VersionCheck.job
[2011/07/28 00:35:42 | 000,015,650 | -HS- | C] () -- C:\Documents and Settings\LC\Local Settings\Application Data\y1bey2j6x1n8n3i061280ivc5rn3p1o6c4h5e147k467
[2011/07/28 00:35:42 | 000,015,650 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\y1bey2j6x1n8n3i061280ivc5rn3p1o6c4h5e147k467
[2011/07/24 20:25:13 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2011/07/24 20:19:29 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\LC\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/07/24 20:19:28 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2011/07/24 20:09:15 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2011/07/24 20:09:12 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2011/07/22 19:24:30 | 000,074,292 | ---- | C] () -- C:\Documents and Settings\LC\Application Data\Setup.1.2.exe
[2010/09/01 00:42:02 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\LC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/31 06:19:00 | 000,134,116 | ---- | C] () -- C:\WINDOWS\ColorPic Uninstaller.exe
[2010/01/06 18:55:25 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2010/01/06 18:55:23 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2010/01/06 18:55:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2010/01/06 18:55:17 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2010/01/06 18:55:17 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2010/01/06 18:55:16 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2010/01/06 18:55:16 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2010/01/06 18:55:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2010/01/06 17:28:51 | 002,293,286 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008/08/31 18:18:18 | 000,103,509 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2008/08/31 18:18:18 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2008/08/31 17:34:21 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2008/08/31 17:31:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2008/08/31 17:20:37 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/08/31 17:20:20 | 000,000,609 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/08/31 02:18:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/08/31 01:43:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/08/31 01:36:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/31 00:59:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/31 00:56:06 | 000,264,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,435,304 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,068,200 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/07/24 21:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2011/08/01 16:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/08/01 14:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2011/07/27 20:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/28 15:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WSTB
[2010/06/22 14:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Windows Desktop Search
[2011/07/24 20:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LC\Application Data\calibre
[2010/01/06 18:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LC\Application Data\DAEMON Tools
[2011/07/24 21:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LC\Application Data\Friday's games
[2011/07/31 22:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LC\Application Data\GameInvest
[2011/07/31 21:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LC\Application Data\Games
[2011/08/01 14:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LC\Application Data\uTorrent
[2011/08/01 15:28:37 | 000,000,302 | -HS- | M] () -- C:\WINDOWS\Tasks\DTZWZG.job
[2011/08/01 17:35:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\VersionCheck.job
[2011/08/01 15:29:25 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 8/1/2011 6:07:04 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\LC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.23 Mb Total Physical Memory | 200.01 Mb Available Physical Memory | 19.55% Memory free
1.66 Gb Paging File | 1.00 Gb Available in Paging File | 60.47% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.28 Gb Total Space | 26.44 Gb Free Space | 69.07% Space Free | Partition Type: NTFS
Drive D: | 3.74 Gb Total Space | 0.96 Gb Free Space | 25.80% Space Free | Partition Type: FAT32

Computer Name: BREACHED-NET | User Name: LC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- "C:\Documents and Settings\LC\Local Settings\Application Data\sar.exe" -a "%1" %*

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- "C:\Documents and Settings\LC\Local Settings\Application Data\sar.exe" -a "%1" %*

[HKEY_USERS\S-1-5-21-823518204-1035525444-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{157F58B7-9109-406C-B0FE-C511F06FBF2E}" = calibre
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{5EA4DF76-40AA-483C-8918-9FE0ED8D36DB}" = Crop Busters
"{65563451-00B6-458C-9F9A-03A7757355A6}" = Compact Wireless-G USB Network Adapter with SpeedBooster
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EF1F85F1-CF00-4928-9D36-B300D3EA7011}" = Gourmania 3 - Zoo Zoom
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"C-Media Audio" = C-Media 3D Audio
"ColorPic" = ColorPic
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"N360" = Norton 360
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"uTorrent" = µTorrent
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ OSession Events ]
Error - 2/27/2010 4:01:09 AM | Computer Name = BREACHED-NET | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 192046
seconds with 5160 seconds of active time. This session ended with a crash.

Error - 5/5/2010 1:09:20 PM | Computer Name = BREACHED-NET | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 94239
seconds with 7920 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/26/2010 11:27:04 PM | Computer Name = BREACHED-NET | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
FLOPPY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F1EBAE73-65D8-4E1C-BF.
The
master browser is stopping or an election is being forced.

Error - 8/27/2010 12:30:14 AM | Computer Name = BREACHED-NET | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
FLOPPY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F1EBAE73-65D8-4E1C-BF.
The
master browser is stopping or an election is being forced.

Error - 8/27/2010 1:31:19 AM | Computer Name = BREACHED-NET | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
FLOPPY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F1EBAE73-65D8-4E1C-BF.
The
master browser is stopping or an election is being forced.

Error - 8/27/2010 3:19:31 AM | Computer Name = BREACHED-NET | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
FLOPPY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F1EBAE73-65D8-4E1C-BF.
The
master browser is stopping or an election is being forced.

Error - 8/27/2010 9:44:53 AM | Computer Name = BREACHED-NET | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
FLOPPY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F1EBAE73-65D8-4E1C-BF.
The
master browser is stopping or an election is being forced.

Error - 8/27/2010 11:34:13 AM | Computer Name = BREACHED-NET | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
FLOPPY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F1EBAE73-65D8-4E1C-BF.
The
master browser is stopping or an election is being forced.

Error - 8/27/2010 12:45:10 PM | Computer Name = BREACHED-NET | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
FLOPPY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F1EBAE73-65D8-4E1C-BF.
The
master browser is stopping or an election is being forced.

Error - 8/28/2010 1:11:05 AM | Computer Name = BREACHED-NET | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
FLOPPY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F1EBAE73-65D8-4E1C-BF.
The
master browser is stopping or an election is being forced.

Error - 8/28/2010 2:13:11 AM | Computer Name = BREACHED-NET | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
FLOPPY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F1EBAE73-65D8-4E1C-BF.
The
master browser is stopping or an election is being forced.

Error - 8/30/2010 11:50:16 PM | Computer Name = BREACHED-NET | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
FLOPPY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F1EBAE73-65D8-4E1C-BF.
The
master browser is stopping or an election is being forced.

< End of report >

#2
Homburg

Posted 02 August 2011 - 04:14 AM

Trusted Helper

Malware Removal
665 posts

Hello Inpurisnatura and welcome to GeeksToGo

I'm Homburg and I'm going to help you fix your problem.

Note that I'm currently in training and my posts have to be approved by an expert before I reply.

Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
Please do not try to fix anything without being asked
Please continue to follow my instructions until I tell you your machine is clean. Absence of symptoms does not mean that everything is clear.
I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
I am currently reviewing your logs.

#3
Homburg

Posted 02 August 2011 - 01:01 PM

Trusted Helper

Malware Removal
665 posts

Hi,

Can you please do the following:

Step 1:

Run OTL Posted Image

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Documents and Settings\LC\Local Settings\Application Data\sar.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Documents and Settings\LC\Local Settings\Application Data\sar.exe" -a "%1" %*
[2011/07/28 14:42:35 | 000,015,650 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\y1bey2j6x1n8n3i061280ivc5rn3p1o6c4h5e147k467
[2011/07/28 14:42:34 | 000,015,650 | -HS- | M] () -- C:\Documents and Settings\LC\Local Settings\Application Data\y1bey2j6x1n8n3i061280ivc5rn3p1o6c4h5e147k467
[2011/07/28 13:24:41 | 000,015,646 | -HS- | M] () -- C:\Documents and Settings\LC\Local Settings\Application Data\1202346271
[2011/07/28 13:24:35 | 000,015,680 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2837452202
[2011/07/28 13:24:35 | 000,015,638 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1202346271
[2011/07/28 13:24:34 | 000,015,680 | -HS- | M] () -- C:\Documents and Settings\LC\Local Settings\Application Data\2837452202

:Services

:Reg

:Files
ipconfig /flushdns /c
C:\Documents and Settings\LC\Local Settings\Application Data\sar.exe
[2011/08/01 15:28:37 | 000,000,302 | -HS- | M] () -- C:\WINDOWS\tasks\DTZWZG.job
C:\Documents and Settings\All Users\Application Data\y1bey2j6x1n8n3i061280ivc5rn3p1o6c4h5e147k467
C:\Documents and Settings\LC\Local Settings\Application Data\y1bey2j6x1n8n3i061280ivc5rn3p1o6c4h5e147k467
C:\Documents and Settings\LC\Local Settings\Application Data\1202346271
C:\Documents and Settings\All Users\Application Data\2837452202
C:\Documents and Settings\All Users\Application Data\1202346271
C:\Documents and Settings\LC\Local Settings\Application Data\2837452202

:Commands
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done and post the fix log
Open OTL again
Select All users
Click the Quick Scan button. Post the log it produces in your next reply.

Step 2:

I see that you have downloaded aswMBR, if you have ran it please post the log, if not follow these instructions:

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Step 3:

Please remember to post:

The OTL fix log
New OTL QuickScan log
aswMBR check log

Homburg

#4
Inpurisnatura

Posted 06 August 2011 - 09:40 PM

Member

Topic Starter
Member
12 posts

Thank you so much for your response. I have been sick with strep throat and am just now back on my feet. I will follow your suggestions now and post the results as requested ASAP.

Thanks again!

#5
Inpurisnatura

Posted 06 August 2011 - 10:03 PM

Member

Topic Starter
Member
12 posts

Here is the OTL Fix Log:

All processes killed
========== OTL ==========
Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Classes\.exe\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Documents and Settings\All Users\Application Data\y1bey2j6x1n8n3i061280ivc5rn3p1o6c4h5e147k467 moved successfully.
C:\Documents and Settings\LC\Local Settings\Application Data\y1bey2j6x1n8n3i061280ivc5rn3p1o6c4h5e147k467 moved successfully.
C:\Documents and Settings\LC\Local Settings\Application Data\1202346271 moved successfully.
C:\Documents and Settings\All Users\Application Data\2837452202 moved successfully.
C:\Documents and Settings\All Users\Application Data\1202346271 moved successfully.
C:\Documents and Settings\LC\Local Settings\Application Data\2837452202 moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\LC\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\LC\Desktop\cmd.txt deleted successfully.
File\Folder C:\Documents and Settings\LC\Local Settings\Application Data\sar.exe not found.
Invalid Switch: 01 15:28:37 | 000,000,302 | -HS- | M] () -- C:\WINDOWS\tasks\DTZWZG.job
File\Folder C:\Documents and Settings\All Users\Application Data\y1bey2j6x1n8n3i061280ivc5rn3p1o6c4h5e147k467 not found.
File\Folder C:\Documents and Settings\LC\Local Settings\Application Data\y1bey2j6x1n8n3i061280ivc5rn3p1o6c4h5e147k467 not found.
File\Folder C:\Documents and Settings\LC\Local Settings\Application Data\1202346271 not found.
File\Folder C:\Documents and Settings\All Users\Application Data\2837452202 not found.
File\Folder C:\Documents and Settings\All Users\Application Data\1202346271 not found.
File\Folder C:\Documents and Settings\LC\Local Settings\Application Data\2837452202 not found.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: LC
->Temp folder emptied: 206042227 bytes
->Temporary Internet Files folder emptied: 3978426 bytes
->Java cache emptied: 31764888 bytes
->FireFox cache emptied: 76961068 bytes
->Flash cache emptied: 29353 bytes

User: LocalService
->Temp folder emptied: 3596 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 3596 bytes
->Temporary Internet Files folder emptied: 200411824 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 17630 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 39498 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3175872 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 65346716 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1051637998 bytes

Total Files Cleaned = 1,566.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: Guest

User: LC
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.26.1 log created on 08062011_234544

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_d4.dat not found!

Registry entries deleted on Reboot...

#6
Inpurisnatura

Posted 06 August 2011 - 10:04 PM

Member

Topic Starter
Member
12 posts

Here is the OTL Scan:

OTL logfile created on: 8/6/2011 11:56:30 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\LC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.23 Mb Total Physical Memory | 525.38 Mb Available Physical Memory | 51.34% Memory free
1.66 Gb Paging File | 1.31 Gb Available in Paging File | 79.20% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.28 Gb Total Space | 27.39 Gb Free Space | 71.55% Space Free | Partition Type: NTFS
Drive D: | 3.74 Gb Total Space | 0.96 Gb Free Space | 25.80% Space Free | Partition Type: FAT32

Computer Name: BREACHED-NET | User Name: LC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/01 17:49:43 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LC\Desktop\OTL.exe
PRC - [2011/08/01 15:40:28 | 000,065,536 | ---- | M] (GEMTEKS) -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
PRC - [2011/07/27 19:46:30 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/08/01 17:49:43 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LC\Desktop\OTL.exe
MOD - [2011/04/28 20:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\asOEHook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 03:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\Microsoft.VC90.CRT\msvcr90.dll
MOD - [2009/07/12 03:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\Microsoft.VC90.CRT\msvcp90.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WUSB54GSCSVC)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)

========== Driver Services (SafeList) ==========

DRV - [2011/08/01 15:00:34 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/07/31 01:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110801.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/07/31 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/31 01:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/31 01:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110801.020\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/29 07:58:06 | 000,355,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110729.030\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/07/23 00:32:12 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110723.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/30 23:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 20:39:49 | 000,369,784 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 22:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2005/09/15 12:07:38 | 000,157,824 | R--- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-823518204-1035525444-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.tuxend...353e26c&aff=189
IE - HKU\S-1-5-21-823518204-1035525444-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.tuxend...353e26c&aff=189
IE - HKU\S-1-5-21-823518204-1035525444-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://search.tuxend...353e26c&aff=189
IE - HKU\S-1-5-21-823518204-1035525444-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.tuxend...353e26c&aff=189
IE - HKU\S-1-5-21-823518204-1035525444-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-823518204-1035525444-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.5.10.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.0.8
FF - prefs.js..keyword.URL: "http://search.intern...10101138100&s="

FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..browser.search.order.1: "Search"
FF - user.js..keyword.URL: "http://search.intern...10101138100&s="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/08/01 15:29:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_0_8 [2011/08/06 23:51:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/27 19:46:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/27 19:46:47 | 000,000,000 | ---D | M]

[2008/08/31 02:18:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LC\Application Data\Mozilla\Extensions
[2011/08/01 21:34:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LC\Application Data\Mozilla\Firefox\Profiles\53hdbwgn.default\extensions
[2010/09/25 11:37:50 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\LC\Application Data\Mozilla\Firefox\Profiles\53hdbwgn.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/04/29 02:24:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\LC\Application Data\Mozilla\Firefox\Profiles\53hdbwgn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/28 11:12:58 | 000,000,000 | ---D | M] ("Tree Style Tab") -- C:\Documents and Settings\LC\Application Data\Mozilla\Firefox\Profiles\53hdbwgn.default\extensions\[email protected]
[2011/08/01 21:34:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/06 23:51:09 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\COFFPLGN_2011_7_0_8
[2011/08/01 15:29:16 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN
[2010/01/06 18:11:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/15 23:30:12 | 000,002,223 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\websearch.xml

O1 HOSTS File: ([2011/08/06 23:45:47 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-823518204-1035525444-725345543-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-823518204-1035525444-725345543-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-1035525444-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\LC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\LC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/31 01:40:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/06 23:45:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/01 22:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Application Data\Playrix Entertainment
[2011/08/01 19:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\My Documents\Amazing Finds Data
[2011/08/01 19:51:32 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2011/08/01 17:50:01 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\LC\Desktop\aswMBR.exe
[2011/08/01 17:49:43 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\LC\Desktop\OTL.exe
[2011/08/01 16:08:57 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/08/01 16:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/08/01 15:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\My Documents\Symantec
[2011/08/01 15:00:34 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/08/01 15:00:34 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/08/01 15:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/08/01 15:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/08/01 14:59:25 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymEFA.sys
[2011/08/01 14:59:25 | 000,369,784 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdi.sys
[2011/08/01 14:59:25 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymDS.sys
[2011/08/01 14:59:25 | 000,331,384 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdiv.sys
[2011/08/01 14:59:25 | 000,296,568 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnets.sys
[2011/08/01 14:59:24 | 000,516,216 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.sys
[2011/08/01 14:59:24 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Ironx86.sys
[2011/08/01 14:59:24 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.sys
[2011/08/01 14:58:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2011/08/01 14:58:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0501000.01D
[2011/08/01 14:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/08/01 14:58:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360
[2011/08/01 14:53:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2011/07/31 22:24:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Application Data\GameInvest
[2011/07/31 21:31:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Application Data\Games
[2011/07/31 20:23:24 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\LC\Desktop\TDSSKiller.exe
[2011/07/31 20:21:29 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/31 20:21:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/31 20:21:25 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/31 20:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/31 20:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Tool
[2011/07/28 16:20:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/07/28 15:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Desktop\Downloads
[2011/07/28 15:29:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Desktop\Demonoid
[2011/07/28 13:08:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/07/28 12:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Application Data\Malwarebytes
[2011/07/28 12:51:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/28 00:35:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WSTB
[2011/07/27 20:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/27 19:59:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/07/27 19:58:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/07/24 21:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Application Data\Friday's games
[2011/07/24 21:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AlawarWrapper
[2011/07/24 21:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2011/07/24 21:16:12 | 000,000,000 | ---D | C] -- C:\Program Files\PuTTY
[2011/07/24 20:49:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Gourmania 3 - Zoo Zoom
[2011/07/24 20:47:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Silent Evil - Kates Rescue
[2011/07/24 20:46:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Something Wicked - A Ghastly Glen Mystery
[2011/07/24 20:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\LeeGT-Games
[2011/07/24 20:45:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Crop Busters
[2011/07/24 20:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Desktop\Games
[2011/07/24 20:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Calibre Library
[2011/07/24 20:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Application Data\calibre
[2011/07/24 20:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2011/07/24 20:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\calibre - E-book Management
[2011/07/24 20:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/07/24 20:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Local Settings\Application Data\uTorrent
[2011/07/24 20:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Application Data\uTorrent

========== Files - Modified Within 30 Days ==========

[2011/08/06 23:51:47 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/08/06 23:51:45 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/08/06 23:50:59 | 000,000,302 | -HS- | M] () -- C:\WINDOWS\tasks\DTZWZG.job
[2011/08/06 23:50:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/06 23:50:51 | 1073,008,640 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/06 23:45:47 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/06 23:40:08 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\LC\Desktop\MBR.dat
[2011/08/06 23:35:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\VersionCheck.job
[2011/08/06 23:31:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/01 17:51:00 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\LC\Desktop\aswMBR.exe
[2011/08/01 17:49:43 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LC\Desktop\OTL.exe
[2011/08/01 16:08:58 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/08/01 16:01:05 | 000,021,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/08/01 15:28:49 | 000,002,048 | -HS- | M] () -- C:\WINDOWS\System32\c_65621.nl_
[2011/08/01 15:01:57 | 000,663,562 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB
[2011/08/01 15:00:34 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/08/01 15:00:34 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/08/01 15:00:34 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/08/01 15:00:33 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/08/01 14:59:31 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2011/08/01 14:58:02 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\LC\Desktop\Norton Installation Files.lnk
[2011/07/31 22:24:11 | 000,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
[2011/07/31 20:21:31 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/29 17:26:08 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\LC\Desktop\TDSSKiller.exe
[2011/07/28 15:26:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/28 12:59:21 | 000,063,488 | RHS- | M] () -- C:\WINDOWS\System32\OpenCL1.dll
[2011/07/28 12:43:57 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/26 17:08:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/24 22:18:09 | 000,435,304 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/24 22:18:09 | 000,068,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/24 20:25:17 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2011/07/24 20:19:31 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\LC\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/07/24 20:19:29 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2011/07/24 20:09:15 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2011/07/24 20:09:12 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2011/07/22 19:24:30 | 000,074,292 | ---- | M] () -- C:\Documents and Settings\LC\Application Data\Setup.1.2.exe
[2011/07/08 07:55:36 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/08 07:55:36 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/08/06 23:40:08 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\LC\Desktop\MBR.dat
[2011/08/01 16:01:04 | 000,021,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/08/01 15:01:45 | 000,663,562 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB
[2011/08/01 15:00:34 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/08/01 15:00:34 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/08/01 14:59:31 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2011/08/01 14:59:25 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymDS.cat
[2011/08/01 14:58:30 | 000,001,474 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymNetV.inf
[2011/08/01 14:58:29 | 000,003,373 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymEFA.inf
[2011/08/01 14:58:29 | 000,002,792 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymDS.inf
[2011/08/01 14:58:29 | 000,001,446 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymNet.inf
[2011/08/01 14:58:29 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.inf
[2011/08/01 14:58:29 | 000,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.inf
[2011/08/01 14:58:29 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Iron.inf
[2011/08/01 14:58:20 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnetv.cat
[2011/08/01 14:58:20 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\iron.cat
[2011/08/01 14:58:20 | 000,007,458 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymNet.cat
[2011/08/01 14:58:20 | 000,007,456 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymEFA.cat
[2011/08/01 14:58:20 | 000,007,454 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.cat
[2011/08/01 14:58:20 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.cat
[2011/08/01 14:58:18 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\isolate.ini
[2011/08/01 14:50:07 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\LC\Desktop\Norton Installation Files.lnk
[2011/07/31 22:24:11 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/07/31 20:29:26 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\System32\c_65621.nl_
[2011/07/31 20:21:31 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/28 15:26:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/28 12:59:26 | 000,000,302 | -HS- | C] () -- C:\WINDOWS\tasks\DTZWZG.job
[2011/07/28 12:59:21 | 000,063,488 | RHS- | C] () -- C:\WINDOWS\System32\OpenCL1.dll
[2011/07/28 12:44:51 | 000,015,656 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\y1bey2j6x1n8n3i061280ivc5rn3p1o6c4h5e147k467
[2011/07/28 00:35:46 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\VersionCheck.job
[2011/07/24 20:25:13 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2011/07/24 20:19:29 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\LC\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/07/24 20:19:28 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2011/07/24 20:09:15 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2011/07/24 20:09:12 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2011/07/22 19:24:30 | 000,074,292 | ---- | C] () -- C:\Documents and Settings\LC\Application Data\Setup.1.2.exe
[2010/09/01 00:42:02 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\LC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/31 06:19:00 | 000,134,116 | ---- | C] () -- C:\WINDOWS\ColorPic Uninstaller.exe
[2010/01/06 18:55:25 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2010/01/06 18:55:23 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2010/01/06 18:55:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2010/01/06 18:55:17 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2010/01/06 18:55:17 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2010/01/06 18:55:16 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2010/01/06 18:55:16 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2010/01/06 18:55:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2010/01/06 17:28:51 | 002,293,286 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008/08/31 18:18:18 | 000,103,509 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2008/08/31 18:18:18 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2008/08/31 17:34:21 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2008/08/31 17:31:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2008/08/31 17:20:37 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/08/31 17:20:20 | 000,000,609 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/08/31 02:18:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/08/31 01:43:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/08/31 01:36:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/31 00:59:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/31 00:56:06 | 000,264,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,435,304 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,068,200 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/07/24 21:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2011/08/01 16:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/08/01 14:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2011/08/02 04:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/28 15:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WSTB
[2010/06/22 14:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Windows Desktop Search
[2011/07/24 20:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LC\Application Data\calibre
[2010/01/06 18:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LC\Application Data\DAEMON Tools
[2011/07/24 21:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LC\Application Data\Friday's games
[2011/07/31 22:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LC\Application Data\GameInvest
[2011/07/31 21:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LC\Application Data\Games
[2011/08/01 22:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LC\Application Data\Playrix Entertainment
[2011/08/02 04:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LC\Application Data\uTorrent
[2011/08/06 23:50:59 | 000,000,302 | -HS- | M] () -- C:\WINDOWS\Tasks\DTZWZG.job
[2011/08/06 23:35:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\VersionCheck.job
[2011/08/06 23:51:45 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8999FD56
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1175E1D

< End of report >

#7
Inpurisnatura

Posted 06 August 2011 - 10:08 PM

Member

Topic Starter
Member
12 posts

Here is the aswMBR log:

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-07 00:05:33
-----------------------------
00:05:33.546 OS Version: Windows 5.1.2600 Service Pack 3
00:05:33.546 Number of processors: 1 586 0x401
00:05:33.546 ComputerName: BREACHED-NET UserName: LC
00:05:34.390 Initialize success
00:06:02.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
00:06:02.562 Disk 0 Vendor: Maxtor_2F040L0 VAM51JJ0 Size: 39205MB BusType: 3
00:06:04.593 Disk 0 MBR read successfully
00:06:04.593 Disk 0 MBR scan
00:06:04.593 Disk 0 Windows XP default MBR code
00:06:04.593 Disk 0 scanning sectors +80276805
00:06:04.687 Disk 0 scanning C:\WINDOWS\system32\drivers
00:06:15.296 Service scanning
00:06:16.328 Modules scanning
00:06:28.843 Disk 0 trace - called modules:
00:06:28.875 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
00:06:28.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fc9ab8]
00:06:28.890 3 CLASSPNP.SYS[f762ffd7] -> nt!IofCallDriver -> \Device\00000068[0x86f779e8]
00:06:28.890 5 ACPI.sys[f75a6620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f6f940]
00:06:29.218 Scan finished successfully
00:07:18.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\LC\Desktop\MBR.dat"
00:07:18.234 The log file has been saved successfully to "C:\Documents and Settings\LC\Desktop\aswMBR_Aug7_1207AM.txt"

#8
Homburg

Posted 07 August 2011 - 08:01 AM

Trusted Helper

Malware Removal
665 posts

Hi,

Glad you're feeling better

Please do the following:

Step 1:

Run OTL Posted Image

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2011/08/06 23:50:59 | 000,000,302 | -HS- | M] () -- C:\WINDOWS\tasks\DTZWZG.job
[2011/07/28 12:44:51 | 000,015,656 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\y1bey2j6x1n8n3i061280ivc5rn3p1o6c4h5e147k467

:Services

:Reg

:Files
C:\WINDOWS\tasks\DTZWZG.job
C:\Documents and Settings\LocalService\Local Settings\Application Data\y1bey2j6x1n8n3i061280ivc5rn3p1o6c4h5e147k467

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done and post the fix log.
Open OTL again
Select All users
Click the Quick Scan button. Post the log it produces in your next reply.

Step 2:

Make sure to use Internet Explorer for this
Please go to VirSCAN.org FREE on-line scan service
Click the browse button next to the "Suspicious files to scan" box on the top of the page and browse to the following file path :
- C:\WINDOWS\System32\OpenCL1.dll
Click on the Upload button
If a pop-up appears saying the file has been scanned already, please select the ReScan button.
Once the Scan is completed, click on the "Copy to Clipboard" button which is at the bottom of the page. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

If you can't find the file because it is hidden then:
Please ensure you can view hidden files and folders by doing the following:

Double-click on the My Computer icon.
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and close My Computer.
Now your computer is configured to show all hidden files.

Step 3:

Please remember to post:
The OTL fix log.
New OTL QuickScan log
Link to the Virscan report

Also, are you still experiencing the redirects?

Homburg

#9
Inpurisnatura

Posted 07 August 2011 - 05:42 PM

Member

Topic Starter
Member
12 posts

When I ran the OTL fix this time, as described above, the computer did not restart on its own nor did it give me the option to do so. I waited 30 minutes after the program completed the fix, and I had to reboot the computer manually.

Here's the log:

All processes killed
========== OTL ==========
C:\WINDOWS\tasks\DTZWZG.job moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\y1bey2j6x1n8n3i061280ivc5rn3p1o6c4h5e147k467 moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\WINDOWS\tasks\DTZWZG.job not found.
File\Folder C:\Documents and Settings\LocalService\Local Settings\Application Data\y1bey2j6x1n8n3i061280ivc5rn3p1o6c4h5e147k467 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 82322 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38876441 bytes
->Flash cache emptied: 611 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32768 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 37.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: Guest

User: LC
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.26.1 log created on 08072011_192128

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_d4.dat moved successfully.

Registry entries deleted on Reboot...

#10
Inpurisnatura

Posted 07 August 2011 - 05:50 PM

Member

Topic Starter
Member
12 posts

Here's the OTL Scan:

OTL logfile created on: 8/7/2011 7:43:20 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\LC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.23 Mb Total Physical Memory | 529.70 Mb Available Physical Memory | 51.77% Memory free
1.66 Gb Paging File | 1.25 Gb Available in Paging File | 75.67% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.28 Gb Total Space | 27.35 Gb Free Space | 71.45% Space Free | Partition Type: NTFS
Drive D: | 3.74 Gb Total Space | 0.96 Gb Free Space | 25.80% Space Free | Partition Type: FAT32

Computer Name: BREACHED-NET | User Name: LC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/01 17:49:43 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LC\Desktop\OTL.exe
PRC - [2011/08/01 15:40:28 | 000,065,536 | ---- | M] (GEMTEKS) -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
PRC - [2011/07/27 19:46:30 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/08/01 17:49:43 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LC\Desktop\OTL.exe
MOD - [2011/04/28 20:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\asOEHook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 03:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\Microsoft.VC90.CRT\msvcr90.dll
MOD - [2009/07/12 03:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\Microsoft.VC90.CRT\msvcp90.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WUSB54GSCSVC)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)

========== Driver Services (SafeList) ==========

DRV - [2011/08/07 00:11:54 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110806.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/07 00:11:53 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110806.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/01 15:00:34 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/07/31 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/31 01:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/29 07:58:06 | 000,355,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110805.030\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/07/23 00:32:12 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110723.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/30 23:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 20:39:49 | 000,369,784 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 22:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2005/09/15 12:07:38 | 000,157,824 | R--- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-823518204-1035525444-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.tuxend...353e26c&aff=189
IE - HKU\S-1-5-21-823518204-1035525444-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.tuxend...353e26c&aff=189
IE - HKU\S-1-5-21-823518204-1035525444-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://search.tuxend...353e26c&aff=189
IE - HKU\S-1-5-21-823518204-1035525444-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.tuxend...353e26c&aff=189
IE - HKU\S-1-5-21-823518204-1035525444-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-823518204-1035525444-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.5.10.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.0.8
FF - prefs.js..keyword.URL: "http://search.intern...10101138100&s="

FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..browser.search.order.1: "Search"
FF - user.js..keyword.URL: "http://search.intern...10101138100&s="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/08/01 15:29:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_0_8 [2011/08/07 19:34:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/27 19:46:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/27 19:46:47 | 000,000,000 | ---D | M]

[2008/08/31 02:18:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LC\Application Data\Mozilla\Extensions
[2011/08/01 21:34:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LC\Application Data\Mozilla\Firefox\Profiles\53hdbwgn.default\extensions
[2010/09/25 11:37:50 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\LC\Application Data\Mozilla\Firefox\Profiles\53hdbwgn.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/04/29 02:24:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\LC\Application Data\Mozilla\Firefox\Profiles\53hdbwgn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/28 11:12:58 | 000,000,000 | ---D | M] ("Tree Style Tab") -- C:\Documents and Settings\LC\Application Data\Mozilla\Firefox\Profiles\53hdbwgn.default\extensions\[email protected]
[2011/08/07 00:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/07 19:34:03 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\COFFPLGN_2011_7_0_8
[2011/08/01 15:29:16 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN
[2010/01/06 18:11:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/15 23:30:12 | 000,002,223 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\websearch.xml

O1 HOSTS File: ([2011/08/06 23:45:47 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-823518204-1035525444-725345543-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-823518204-1035525444-725345543-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-1035525444-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\LC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\LC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/31 01:40:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/06 23:45:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/01 22:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Application Data\Playrix Entertainment
[2011/08/01 19:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\My Documents\Amazing Finds Data
[2011/08/01 19:51:32 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2011/08/01 17:50:01 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\LC\Desktop\aswMBR.exe
[2011/08/01 17:49:43 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\LC\Desktop\OTL.exe
[2011/08/01 16:08:57 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/08/01 16:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/08/01 15:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\My Documents\Symantec
[2011/08/01 15:00:34 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/08/01 15:00:34 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/08/01 15:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/08/01 15:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/08/01 14:59:25 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymEFA.sys
[2011/08/01 14:59:25 | 000,369,784 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdi.sys
[2011/08/01 14:59:25 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymDS.sys
[2011/08/01 14:59:25 | 000,331,384 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdiv.sys
[2011/08/01 14:59:25 | 000,296,568 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnets.sys
[2011/08/01 14:59:24 | 000,516,216 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.sys
[2011/08/01 14:59:24 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Ironx86.sys
[2011/08/01 14:59:24 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.sys
[2011/08/01 14:58:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2011/08/01 14:58:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0501000.01D
[2011/08/01 14:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/08/01 14:58:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360
[2011/08/01 14:53:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2011/07/31 22:24:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Application Data\GameInvest
[2011/07/31 21:31:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Application Data\Games
[2011/07/31 20:23:24 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\LC\Desktop\TDSSKiller.exe
[2011/07/31 20:21:29 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/31 20:21:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/31 20:21:25 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/31 20:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/31 20:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Tool
[2011/07/28 16:20:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/07/28 15:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Desktop\Downloads
[2011/07/28 15:29:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Desktop\Demonoid
[2011/07/28 13:08:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/07/28 12:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Application Data\Malwarebytes
[2011/07/28 12:51:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/28 00:35:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WSTB
[2011/07/27 20:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/27 19:59:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/07/27 19:58:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/07/24 21:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Application Data\Friday's games
[2011/07/24 21:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AlawarWrapper
[2011/07/24 21:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2011/07/24 21:16:12 | 000,000,000 | ---D | C] -- C:\Program Files\PuTTY
[2011/07/24 20:49:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Gourmania 3 - Zoo Zoom
[2011/07/24 20:47:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Silent Evil - Kates Rescue
[2011/07/24 20:46:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Something Wicked - A Ghastly Glen Mystery
[2011/07/24 20:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\LeeGT-Games
[2011/07/24 20:45:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Crop Busters
[2011/07/24 20:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Desktop\Games
[2011/07/24 20:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Calibre Library
[2011/07/24 20:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Application Data\calibre
[2011/07/24 20:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2011/07/24 20:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\calibre - E-book Management
[2011/07/24 20:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/07/24 20:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Local Settings\Application Data\uTorrent
[2011/07/24 20:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LC\Application Data\uTorrent

========== Files - Modified Within 30 Days ==========

[2011/08/07 19:35:13 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/08/07 19:35:07 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/08/07 19:35:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\VersionCheck.job
[2011/08/07 19:33:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/07 19:33:37 | 1073,008,640 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/07 00:07:18 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\LC\Desktop\MBR.dat
[2011/08/06 23:45:47 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/06 23:31:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/01 17:51:00 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\LC\Desktop\aswMBR.exe
[2011/08/01 17:49:43 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LC\Desktop\OTL.exe
[2011/08/01 16:08:58 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/08/01 16:01:05 | 000,021,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/08/01 15:28:49 | 000,002,048 | -HS- | M] () -- C:\WINDOWS\System32\c_65621.nl_
[2011/08/01 15:01:57 | 000,663,562 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB
[2011/08/01 15:00:34 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/08/01 15:00:34 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/08/01 15:00:34 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/08/01 15:00:33 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/08/01 14:59:31 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2011/08/01 14:58:02 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\LC\Desktop\Norton Installation Files.lnk
[2011/07/31 22:24:11 | 000,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
[2011/07/31 20:21:31 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/29 17:26:08 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\LC\Desktop\TDSSKiller.exe
[2011/07/28 15:26:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/28 12:59:21 | 000,063,488 | RHS- | M] () -- C:\WINDOWS\System32\OpenCL1.dll
[2011/07/28 12:43:57 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/26 17:08:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/24 22:18:09 | 000,435,304 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/24 22:18:09 | 000,068,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/24 20:25:17 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2011/07/24 20:19:31 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\LC\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/07/24 20:19:29 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2011/07/24 20:09:15 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2011/07/24 20:09:12 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2011/07/22 19:24:30 | 000,074,292 | ---- | M] () -- C:\Documents and Settings\LC\Application Data\Setup.1.2.exe

========== Files Created - No Company Name ==========

[2011/08/06 23:40:08 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\LC\Desktop\MBR.dat
[2011/08/01 16:01:04 | 000,021,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/08/01 15:01:45 | 000,663,562 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB
[2011/08/01 15:00:34 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/08/01 15:00:34 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/08/01 14:59:31 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2011/08/01 14:59:25 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymDS.cat
[2011/08/01 14:58:30 | 000,001,474 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymNetV.inf
[2011/08/01 14:58:29 | 000,003,373 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymEFA.inf
[2011/08/01 14:58:29 | 000,002,792 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymDS.inf
[2011/08/01 14:58:29 | 000,001,446 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymNet.inf
[2011/08/01 14:58:29 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.inf
[2011/08/01 14:58:29 | 000,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.inf
[2011/08/01 14:58:29 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Iron.inf
[2011/08/01 14:58:20 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnetv.cat
[2011/08/01 14:58:20 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\iron.cat
[2011/08/01 14:58:20 | 000,007,458 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymNet.cat
[2011/08/01 14:58:20 | 000,007,456 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymEFA.cat
[2011/08/01 14:58:20 | 000,007,454 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.cat
[2011/08/01 14:58:20 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.cat
[2011/08/01 14:58:18 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\isolate.ini
[2011/08/01 14:50:07 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\LC\Desktop\Norton Installation Files.lnk
[2011/07/31 22:24:11 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/07/31 20:29:26 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\System32\c_65621.nl_
[2011/07/31 20:21:31 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/28 15:26:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/28 12:59:21 | 000,063,488 | RHS- | C] () -- C:\WINDOWS\System32\OpenCL1.dll
[2011/07/28 00:35:46 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\VersionCheck.job
[2011/07/24 20:25:13 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2011/07/24 20:19:29 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\LC\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/07/24 20:19:28 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2011/07/24 20:09:15 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2011/07/24 20:09:12 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2011/07/22 19:24:30 | 000,074,292 | ---- | C] () -- C:\Documents and Settings\LC\Application Data\Setup.1.2.exe
[2010/09/01 00:42:02 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\LC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/31 06:19:00 | 000,134,116 | ---- | C] () -- C:\WINDOWS\ColorPic Uninstaller.exe
[2010/01/06 18:55:25 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2010/01/06 18:55:23 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2010/01/06 18:55:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2010/01/06 18:55:17 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2010/01/06 18:55:17 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2010/01/06 18:55:16 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2010/01/06 18:55:16 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2010/01/06 18:55:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2010/01/06 17:28:51 | 002,293,286 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008/08/31 18:18:18 | 000,103,509 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2008/08/31 18:18:18 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2008/08/31 17:34:21 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2008/08/31 17:31:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2008/08/31 17:20:37 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/08/31 17:20:20 | 000,000,609 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/08/31 02:18:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/08/31 01:43:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/08/31 01:36:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/31 00:59:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/31 00:56:06 | 000,264,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,435,304 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,068,200 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/07/24 21:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2011/08/01 16:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/08/01 14:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2011/08/07 01:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/28 15:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WSTB
[2010/06/22 14:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Windows Desktop Search
[2011/07/24 20:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LC\Application Data\calibre
[2010/01/06 18:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LC\Application Data\DAEMON Tools
[2011/07/24 21:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LC\Application Data\Friday's games
[2011/07/31 22:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LC\Application Data\GameInvest
[2011/07/31 21:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LC\Application Data\Games
[2011/08/01 22:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LC\Application Data\Playrix Entertainment
[2011/08/02 04:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LC\Application Data\uTorrent
[2011/08/07 19:35:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\VersionCheck.job
[2011/08/07 19:35:07 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8999FD56
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1175E1D

< End of report >

#11
Inpurisnatura

Posted 07 August 2011 - 05:56 PM

Member

Topic Starter
Member
12 posts

Regarding Virscan - I cannot seem to access this website on my computer or any other computer in my home. I get a timeout error when I try to access it.

Suggestions?

#12
Inpurisnatura

Posted 07 August 2011 - 06:01 PM

Member

Topic Starter
Member
12 posts

I did try a few google searches and I don't seem to have the redirect issues anymore. I am being directed to the correct websites and links that I click on.

I just cannot access the virscan website.

#13
Homburg

Posted 08 August 2011 - 11:39 AM

Trusted Helper

Malware Removal
665 posts

Hi,

I think the Virscan site must have been down as I couldn't get on it either. We'll do a couple of follow up scans now, can you please do the following:

Step 1:

Can you please delete your copy of MalwareBytes and download and run a fresh copy.
Posted Image

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediantly.

Step 2:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Homburg

#14
Inpurisnatura

Posted 09 August 2011 - 08:03 PM

Member

Topic Starter
Member
12 posts

MBAM Log:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7422

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/9/2011 9:52:37 PM
mbam-log-2011-08-09 (21-52-37).txt

Scan type: Quick scan
Objects scanned: 159723
Time elapsed: 6 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#15
Inpurisnatura

Posted 09 August 2011 - 09:29 PM

Member

Topic Starter
Member
12 posts

ESET log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=764a546a2636d34da1d289274806c7b9
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-10 03:11:25
# local_time=2011-08-09 11:11:25 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3589 16777213 100 84 617714 63518318 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=48134
# found=0
# cleaned=0
# scan_time=3681