Jump to content

Recommended Posts

Sorry to be a bother. I ran one last OTL to check if some out of place looking host files were gone, now that the virus seems to be cleaned out, but I'm still finding them in the log.

If you have a moment, can you take a look.

Thank you!

OTL logfile created on: 5/9/2011 12:42:21 PM - Run 4

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Chl\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19019)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free

7.00 Gb Paging File | 6.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 99.22 Gb Total Space | 26.64 Gb Free Space | 26.85% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 6.39 Gb Free Space | 63.94% Space Free | Partition Type: NTFS

Computer Name: **** | User Name: Chl | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/05 15:44:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chl\Desktop\OTL.exe

PRC - [2010/11/23 18:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.0.2.1\ccSvcHst.exe

PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe

PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

PRC - [2008/05/04 02:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe

PRC - [2008/05/04 02:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe

PRC - [2008/05/04 02:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe

PRC - [2008/05/04 02:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe

PRC - [2008/02/22 15:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe

PRC - [2008/01/20 19:33:37 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe

PRC - [2007/12/21 08:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe

PRC - [2007/11/12 04:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

PRC - [2007/11/12 04:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe

PRC - [2007/11/12 04:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe

PRC - [2007/03/21 11:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2007/03/21 11:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

========== Modules (SafeList) ==========

MOD - [2011/05/09 11:24:11 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a\msvcr90.dll

MOD - [2011/05/09 11:24:11 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a\msvcp90.dll

MOD - [2011/05/05 15:44:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chl\Desktop\OTL.exe

MOD - [2011/03/24 15:41:57 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.0.2.1\asOEHook.dll

MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/11/23 18:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [unknown | Running] -- C:\Program Files\Norton 360\Engine\5.0.2.1\ccSvcHst.exe -- (N360)

SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)

SRV - [2008/07/03 07:58:05 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2008/01/20 19:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/11/12 04:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)

SRV - [2007/11/12 04:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)

SRV - [2007/03/21 11:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

========== Driver Services (SafeList) ==========

DRV - [2011/05/04 22:01:32 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2011/05/04 01:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20110509.002\NAVEX15.SYS -- (NAVEX15)

DRV - [2011/05/04 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2011/05/04 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2011/05/04 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20110509.002\NAVENG.SYS -- (NAVENG)

DRV - [2011/04/30 01:44:12 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20110430.001\BHDrvx86.sys -- (BHDrvx86)

DRV - [2011/03/14 11:58:33 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20110506.001\IDSvix86.sys -- (IDSVix86)

DRV - [2010/11/30 21:23:59 | 000,330,360 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0500020.001\SYMTDIV.SYS -- (SYMTDIv)

DRV - [2010/11/22 20:08:31 | 000,509,560 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\system32\drivers\N360\0500020.001\SRTSP.SYS -- (SRTSP)

DRV - [2010/11/22 20:08:31 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0500020.001\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV - [2010/11/17 18:59:55 | 000,652,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0500020.001\SYMEFA.SYS -- (SymEFA)

DRV - [2010/11/15 17:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0500020.001\Ironx86.SYS -- (SymIRON)

DRV - [2010/10/20 18:28:36 | 000,340,016 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0500020.001\SYMDS.SYS -- (SymDS)

DRV - [2008/05/04 02:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2008/03/06 00:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV - [2008/01/20 19:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

DRV - [2007/11/12 04:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2007/09/06 09:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/09/06 09:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/09/06 09:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006/08/04 17:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPlgn\ [2011/05/04 22:02:43 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\coFFPlgn\ [2011/05/04 22:01:01 | 000,000,000 | ---D | M]

[2010/12/18 18:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chl\AppData\Roaming\mozilla\Extensions

[2010/12/18 18:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chl\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com

O1 HOSTS File: ([2011/05/09 11:48:57 | 000,433,197 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 14935 more lines...

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.0.2.1\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.0.2.1\IPS\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.0.2.1\CoIEPlg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.0.2.1\CoIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )

O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)

O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.99.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img32.jpg

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKCU\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/09 12:17:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2011/05/09 11:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2011/05/09 11:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2011/05/09 10:19:06 | 000,000,000 | ---D | C] -- C:\Users\Chl\AppData\Local\WindowsUpdate

[2011/05/09 09:56:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/05/09 09:56:39 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2011/05/09 09:36:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/05/06 15:46:20 | 000,000,000 | ---D | C] -- C:\Users\Chl\Desktop\cstuff

[2011/05/05 17:13:07 | 000,000,000 | ---D | C] -- C:\Stuff

[2011/05/05 17:05:24 | 000,000,000 | ---D | C] -- C:\DLs

[2011/05/05 17:04:48 | 000,000,000 | ---D | C] -- C:\School

[2011/05/05 15:44:37 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Chl\Desktop\OTL.exe

[2011/05/04 22:27:30 | 000,458,096 | ---- | C] (McAfee Inc.) -- C:\Users\Chl\Desktop\MVTInstaller.exe

[2011/05/04 22:27:20 | 008,134,663 | ---- | C] (McAfee Inc.) -- C:\Users\Chl\Desktop\stinger10101546.exe

[2011/05/04 22:01:32 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

[2011/05/04 22:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared

[2011/05/04 22:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec

[2011/05/04 22:01:29 | 000,330,360 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500020.001\symtdiv.sys

[2011/05/04 22:01:29 | 000,295,032 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500020.001\symnets.sys

[2011/05/04 22:01:28 | 000,652,336 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500020.001\SymEFA.sys

[2011/05/04 22:01:28 | 000,509,560 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500020.001\srtsp.sys

[2011/05/04 22:01:28 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500020.001\SymDS.sys

[2011/05/04 22:01:28 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500020.001\Ironx86.sys

[2011/05/04 22:01:28 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500020.001\srtspx.sys

[2011/05/04 22:01:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360

[2011/05/04 22:01:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0500020.001

[2011/05/04 22:01:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360

[2011/05/04 22:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360

[2011/05/04 22:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller

[2011/05/04 22:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller

[2011/05/04 21:50:03 | 000,000,000 | ---D | C] -- C:\Users\Chl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton

[2011/05/04 21:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

[2011/05/04 21:47:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster

[2011/05/04 21:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster

[2011/05/04 21:28:37 | 000,000,000 | ---D | C] -- C:\Users\Chl\AppData\Roaming\Malwarebytes

[2011/05/04 21:28:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/05/04 21:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/05/04 21:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/05/04 21:28:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/05/04 21:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/04/18 18:30:31 | 000,000,000 | ---D | C] -- C:\Users\Chl\AppData\Roaming\Media Player Classic

[2011/04/18 18:26:48 | 000,000,000 | ---D | C] -- C:\Users\Chl\AppData\Local\Powercinema

========== Files - Modified Within 30 Days ==========

[2011/05/09 12:33:04 | 000,000,134 | ---- | M] () -- C:\Users\Chl\Desktop\Internet Explorer Troubleshooting.url

[2011/05/09 11:57:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/05/09 11:48:57 | 000,433,197 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011/05/09 11:16:35 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/05/09 11:16:35 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/05/09 11:09:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/05/09 11:09:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/05/09 11:08:54 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/05/09 11:08:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/05/09 11:08:31 | 3747,655,680 | -HS- | M] () -- C:\hiberfil.sys

[2011/05/09 09:52:52 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110509-114857.backup

[2011/05/09 09:22:32 | 000,000,945 | ---- | M] () -- C:\Users\Chl\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser (2).lnk

[2011/05/09 09:22:19 | 000,000,945 | ---- | M] () -- C:\Users\Chl\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/05/07 12:10:17 | 000,003,512 | ---- | M] () -- C:\Users\Chl\Desktop\ark.zip

[2011/05/06 17:04:02 | 000,050,477 | ---- | M] () -- C:\Users\Chl\Desktop\Defogger.exe

[2011/05/06 15:47:06 | 000,000,902 | ---- | M] () -- C:\Users\Chl\Application Data\Microsoft\Internet Explorer\Quick Launch\GIMP 2.lnk

[2011/05/06 15:45:28 | 000,302,080 | ---- | M] () -- C:\Users\Chl\Desktop\m92hlnnp.exe

[2011/05/06 15:44:59 | 000,625,664 | ---- | M] () -- C:\Users\Chl\Desktop\dds.scr

[2011/05/06 00:32:35 | 000,000,017 | ---- | M] () -- C:\Users\Chl\Desktop\stinger10101546.opt

[2011/05/05 17:04:25 | 000,000,104 | ---- | M] () -- C:\Users\Chl\Desktop\Computer - Shortcut.lnk

[2011/05/05 15:44:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chl\Desktop\OTL.exe

[2011/05/04 22:27:35 | 000,458,096 | ---- | M] (McAfee Inc.) -- C:\Users\Chl\Desktop\MVTInstaller.exe

[2011/05/04 22:27:20 | 008,134,663 | ---- | M] (McAfee Inc.) -- C:\Users\Chl\Desktop\stinger10101546.exe

[2011/05/04 22:02:20 | 002,076,412 | ---- | M] () -- C:\Windows\System32\drivers\N360\0500020.001\Cat.DB

[2011/05/04 22:01:32 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

[2011/05/04 22:01:32 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT

[2011/05/04 22:01:32 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF

[2011/05/04 22:01:30 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2011/05/04 21:47:40 | 000,000,814 | ---- | M] () -- C:\Users\Chl\Desktop\SpywareBlaster.lnk

[2011/05/04 21:28:33 | 000,000,932 | ---- | M] () -- C:\Users\Chl\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2011/05/04 21:28:33 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/02 21:18:10 | 000,000,026 | ---- | M] () -- C:\Users\Chl\Documents\aionmemo_ 63f53d3.dat

[2011/05/01 08:30:18 | 000,000,101 | ---- | M] () -- C:\Users\Chl\Desktop\cPix.ini

[2011/04/27 09:31:06 | 000,004,324 | ---- | M] () -- C:\Users\Chl\AppData\Roaming\wklnhst.dat

[2011/04/11 14:28:50 | 000,004,518 | ---- | M] () -- C:\Users\Chl\.recently-used.xbel

========== Files Created - No Company Name ==========

[2011/05/09 09:22:32 | 000,000,945 | ---- | C] () -- C:\Users\Chl\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser (2).lnk

[2011/05/09 09:22:19 | 000,000,945 | ---- | C] () -- C:\Users\Chl\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/05/07 12:10:17 | 000,003,512 | ---- | C] () -- C:\Users\Chl\Desktop\ark.zip

[2011/05/06 17:04:01 | 000,050,477 | ---- | C] () -- C:\Users\Chl\Desktop\Defogger.exe

[2011/05/06 15:47:06 | 000,000,902 | ---- | C] () -- C:\Users\Chl\Application Data\Microsoft\Internet Explorer\Quick Launch\GIMP 2.lnk

[2011/05/06 15:45:21 | 000,302,080 | ---- | C] () -- C:\Users\Chl\Desktop\m92hlnnp.exe

[2011/05/06 15:44:59 | 000,625,664 | ---- | C] () -- C:\Users\Chl\Desktop\dds.scr

[2011/05/05 17:04:25 | 000,000,104 | ---- | C] () -- C:\Users\Chl\Desktop\Computer - Shortcut.lnk

[2011/05/04 23:00:44 | 000,000,017 | ---- | C] () -- C:\Users\Chl\Desktop\stinger10101546.opt

[2011/05/04 22:17:55 | 000,000,134 | ---- | C] () -- C:\Users\Chl\Desktop\Internet Explorer Troubleshooting.url

[2011/05/04 22:01:38 | 002,076,412 | ---- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\Cat.DB

[2011/05/04 22:01:32 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT

[2011/05/04 22:01:32 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF

[2011/05/04 22:01:30 | 000,002,131 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2011/05/04 22:01:03 | 000,007,877 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\symnetv.cat

[2011/05/04 22:01:03 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\iron.cat

[2011/05/04 22:01:03 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\SymNet.cat

[2011/05/04 22:01:03 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\SymEFA.cat

[2011/05/04 22:01:03 | 000,007,454 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\srtspx.cat

[2011/05/04 22:01:03 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\SymDS.cat

[2011/05/04 22:01:03 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\srtsp.cat

[2011/05/04 22:01:03 | 000,003,374 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\SymEFA.inf

[2011/05/04 22:01:03 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\SymDS.inf

[2011/05/04 22:01:03 | 000,001,474 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\SymNetV.inf

[2011/05/04 22:01:03 | 000,001,446 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\SymNet.inf

[2011/05/04 22:01:03 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\srtspx.inf

[2011/05/04 22:01:03 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\srtsp.inf

[2011/05/04 22:01:03 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\Iron.inf

[2011/05/04 22:01:03 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\isolate.ini

[2011/05/04 21:47:40 | 000,000,814 | ---- | C] () -- C:\Users\Chl\Desktop\SpywareBlaster.lnk

[2011/05/04 21:28:33 | 000,000,932 | ---- | C] () -- C:\Users\Chl\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2011/05/04 21:28:33 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/04/11 14:28:50 | 000,004,518 | ---- | C] () -- C:\Users\Chl\.recently-used.xbel

[2010/11/16 17:08:47 | 000,002,198 | ---- | C] () -- C:\ProgramData\QuickSet.xml

[2010/07/23 07:53:58 | 000,000,680 | ---- | C] () -- C:\Users\Chl\AppData\Local\d3d9caps.dat

[2009/09/17 16:45:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/09/17 16:45:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/05/24 10:25:56 | 000,004,324 | ---- | C] () -- C:\Users\Chl\AppData\Roaming\wklnhst.dat

[2008/08/24 17:03:11 | 000,052,736 | ---- | C] () -- C:\Users\Chl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/08/19 09:46:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/07/03 10:26:39 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll

[2008/07/03 10:26:39 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll

[2008/07/03 10:26:39 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll

[2008/07/03 10:26:39 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll

[2008/07/03 10:26:39 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll

[2008/07/03 10:26:37 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2008/07/03 07:49:16 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll

[2008/07/03 07:49:15 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE

[2008/02/03 16:37:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2006/11/02 05:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 05:44:53 | 000,280,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 03:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 03:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/02/12 15:47:48 | 000,000,000 | ---D | M] -- C:\Users\Chl\AppData\Roaming\acccore

[2010/07/10 21:08:09 | 000,000,000 | ---D | M] -- C:\Users\Chl\AppData\Roaming\GetRightToGo

[2011/04/11 14:28:50 | 000,000,000 | ---D | M] -- C:\Users\Chl\AppData\Roaming\gtk-2.0

[2010/12/14 21:27:09 | 000,000,000 | ---D | M] -- C:\Users\Chl\AppData\Roaming\Sammsoft

[2009/10/06 16:19:45 | 000,000,000 | ---D | M] -- C:\Users\Chl\AppData\Roaming\Template

[2010/12/18 18:23:24 | 000,000,000 | ---D | M] -- C:\Users\Chl\AppData\Roaming\Vivox

[2011/05/09 11:07:55 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:63238B95

< End of report >

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.