Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton Internet Security 2010 blocking attacks


  • This topic is locked This topic is locked
3 replies to this topic

#1 tenderwarrior68

tenderwarrior68

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 07 December 2010 - 08:30 PM

Norton Internet Security 2010 is blocking virus's from accessing computer. Laptop is XP Pro 2002 SP3.
Post was originally in Am I infected but asked me to post here after they tried to help.
Unable to succesfully run DDS. Asked to run OTL and GMER and both ran OK. Logs posted.

This is a friends laptop that she gave to me to look at as was not running right. A friend had given the laptop to her

I backed up registry.
Temporarily installed Norton Internet Security 2010.
Ran in normal mode and removed any threats detected.
Also installed and ran Malwarebytes Anti-malware.
Ran in normal mode and removed any threats detected.
Ran programs in safe mode and removed any threats detected.
Removed quite a few infections.

Norton Internet Security 2010 was still blocking threats.
Posted in Am I Infected.
Asked to install and run SuperAntispyware Free Edition in safe mode.
Also asked to install and download TDSSKIller and removed threats detected.
Also asked to install MAlwarebytes Anti-malware and run.

Norton Internet Security 2010 is still blocking threats.

OTL logfile created on: 12/6/2010 11:14:31 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\UserOne\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 431.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 40.65 Gb Free Space | 72.73% Space Free | Partition Type: NTFS

Computer Name: D610 | User Name: UserOne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/06 23:12:34 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\UserOne\Desktop\OTL.exe
PRC - [2010/12/03 22:24:22 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/22 11:29:41 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/09/03 14:08:10 | 002,618,368 | ---- | M] () -- C:\Documents and Settings\UserOne\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe
PRC - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
PRC - [2009/12/09 00:30:24 | 000,341,504 | ---- | M] (Crawler.com) -- C:\Program Files\Crawler\Smileys\CSmileysIM.exe
PRC - [2008/05/02 11:40:34 | 000,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\providerComcast\bin\tgsrvc.exe
PRC - [2008/04/14 02:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/12 15:45:49 | 000,224,888 | ---- | M] (Emsi Software GmbH) -- c:\Program Files\a-squared Free\a2service.exe
PRC - [2006/10/18 18:05:18 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006/10/18 17:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/10/18 17:49:52 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/07/13 16:27:16 | 000,528,384 | ---- | M] ( ) -- C:\WINDOWS\system32\dlcqcoms.exe
PRC - [2005/10/07 15:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/07/27 17:41:08 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/06/29 00:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe


========== Modules (SafeList) ==========

MOD - [2010/12/06 23:12:34 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\UserOne\Desktop\OTL.exe
MOD - [2010/09/20 14:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\asoehook.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/12/09 00:29:40 | 000,057,856 | ---- | M] (Crawler.com) -- C:\Program Files\Crawler\Smileys\CSIMHook.dll
MOD - [2009/07/11 23:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/11 23:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)
SRV - [2009/08/07 19:06:42 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008/05/02 11:40:34 | 000,398,704 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/05/02 11:40:34 | 000,148,768 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\providerComcast\bin\tgsrvc.exe -- (tgsrvc_providercomcast) SupportSoft Repair Service (providercomcast)
SRV - [2007/07/12 15:45:49 | 000,224,888 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- c:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2006/10/18 18:05:18 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2006/10/18 17:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/10/18 17:49:52 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006/07/13 16:27:16 | 000,528,384 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dlcqcoms.exe -- (dlcq_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\easytthr.sys -- (easytether)
DRV - [2010/12/02 19:16:21 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20101206.024\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/02 19:16:21 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/12/02 19:16:21 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20101206.024\NAVENG.SYS -- (NAVENG)
DRV - [2010/12/02 18:52:20 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/11/23 03:34:08 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20101123.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/11/22 23:47:46 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20101201.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/05 23:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1108000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 22:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1108000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 19:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/05 17:06:13 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2007/05/16 16:25:49 | 000,061,424 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/05/16 16:25:49 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/25 07:24:38 | 002,208,768 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2006/10/19 09:29:22 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/10/12 16:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/09/28 21:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/07/06 22:02:18 | 001,132,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/05/31 12:46:26 | 000,087,936 | R--- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2005/05/03 16:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 16:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 16:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 17:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/08/23 15:49:30 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80116
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80116

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E 23 3C 8D 9D A9 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.myyahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.myyahoo.com"
FF - prefs.js..extensions.enabledItems: {1f11721b-cbb1-355b-d6f7-07dc0872df1c}:4.6.6.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {896642E4-C556-4ED3-85D1-9AC431603E7D}:1.0.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..keyword.URL: "http://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn\ [2010/12/04 03:13:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\ [2010/12/03 14:07:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/05 10:13:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/03 22:24:37 | 000,000,000 | ---D | M]

[2009/08/07 20:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserOne\Application Data\Mozilla\Extensions
[2010/12/06 15:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserOne\Application Data\Mozilla\Firefox\Profiles\sbipzz3y.default\extensions
[2010/04/29 22:04:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\UserOne\Application Data\Mozilla\Firefox\Profiles\sbipzz3y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/25 18:35:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\UserOne\Application Data\Mozilla\Firefox\Profiles\sbipzz3y.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/13 11:44:46 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\UserOne\Application Data\Mozilla\Firefox\Profiles\sbipzz3y.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}
[2009/06/05 22:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserOne\Application Data\Mozilla\Firefox\Profiles\sbipzz3y.default\extensions\ChoiceGuard@Microsoft
[2010/04/13 11:45:44 | 000,001,844 | ---- | M] () -- C:\Documents and Settings\UserOne\Application Data\Mozilla\Firefox\Profiles\sbipzz3y.default\searchplugins\bing-ff.xml
[2010/02/09 19:56:06 | 000,002,179 | ---- | M] () -- C:\Documents and Settings\UserOne\Application Data\Mozilla\Firefox\Profiles\sbipzz3y.default\searchplugins\inbox-search.xml
[2010/12/06 15:22:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/04 19:04:17 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{1f11721b-cbb1-355b-d6f7-07dc0872df1c}
[2010/06/28 14:34:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/12 20:04:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2003/07/16 11:23:48 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Free TV Bar Toolbar) - {a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program Files\Free_TV_Bar\tbFre2.dll (Conduit Ltd.)
O2 - BHO: () - {DB35C569-5624-4CFC-8043-E5139F55A073} - C:\Program Files\Crawler\Shared\CShared.dll (Crawler.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Free TV Bar Toolbar) - {a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program Files\Free_TV_Bar\tbFre2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Free TV Bar Toolbar) - {A0729639-D831-46C9-811B-9B0AA79FB45A} - C:\Program Files\Free_TV_Bar\tbFre2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [CSmileys] C:\Program Files\Crawler\Smileys\CSmileysIM.exe (Crawler.com)
O4 - HKLM..\Run: [DLCQCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.DLL ()
O4 - HKCU..\Run: [CSmileys] C:\Program Files\Crawler\Smileys\CSmileysIM.exe (Crawler.com)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\UserOne\Start Menu\Programs\Startup\CNET TechTracker.lnk = C:\Documents and Settings\UserOne\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 01 00 00 00 [binary data]
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.254.254
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - Reg Error: Key error. File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - Reg Error: Key error. File not found
O24 - Desktop BackupWallPaper: C:\Documents and Settings\UserOne\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/28 14:38:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/06 23:12:29 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\UserOne\Desktop\OTL.exe
[2010/12/06 22:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserOne\Desktop\gmer
[2010/12/06 20:30:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/12/06 20:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserOne\Application Data\Tific
[2010/12/06 20:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserOne\Local Settings\Application Data\Symantec
[2010/12/06 15:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/12/05 17:24:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dumps
[2010/12/05 11:23:17 | 001,344,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\UserOne\Desktop\tdsskiller.exe
[2010/12/05 09:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserOne\Application Data\SUPERAntiSpyware.com
[2010/12/05 09:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/12/05 09:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/12/04 21:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/12/04 03:15:02 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symtdiv.sys
[2010/12/04 03:15:01 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symtdi.sys
[2010/12/04 03:15:00 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symefa.sys
[2010/12/04 03:14:59 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symds.sys
[2010/12/04 03:14:58 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1108000.005\srtspx.sys
[2010/12/04 03:14:57 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1108000.005\srtsp.sys
[2010/12/04 03:14:57 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1108000.005\ironx86.sys
[2010/12/04 03:14:56 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1108000.005\cchpx86.sys
[2010/12/04 03:13:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1108000.005
[2010/12/04 02:49:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/04 02:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/12/04 02:10:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserOne\Application Data\CBS Interactive
[2010/12/04 02:00:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/04 02:00:26 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/12/03 22:46:28 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/12/03 22:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserOne\Local Settings\Application Data\Sunbelt Software
[2010/12/03 22:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/12/03 21:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2010/12/03 21:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2010/12/03 21:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2010/12/03 21:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2010/12/03 00:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserOne\Application Data\AVG10
[2010/12/03 00:31:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/12/03 00:29:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/12/02 23:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/12/02 18:52:21 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/12/02 18:52:20 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/12/02 18:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/12/02 18:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/12/02 18:51:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2010/12/02 18:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/12/02 18:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2010/12/02 18:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/12/02 18:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/12/02 18:49:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/11/21 17:05:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserOne\Local Settings\Application Data\ConduitEngine
[2010/11/21 17:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2006/07/13 16:38:18 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcqpmui.dll
[2006/07/13 16:37:04 | 001,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcqserv.dll
[2006/07/13 16:32:18 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcqcomm.dll
[2006/07/13 16:30:18 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcqiesc.dll
[2006/07/13 16:28:08 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcqinpa.dll
[2006/07/13 16:27:24 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcqpplc.dll
[2006/07/13 16:26:42 | 000,667,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcqcomc.dll
[2006/07/13 16:26:12 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcqprox.dll
[2006/07/13 16:19:32 | 000,983,040 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcqusb1.dll
[2006/07/13 16:16:42 | 000,528,384 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcqlmpm.dll
[2006/07/13 16:15:54 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcqhbn3.dll

========== Files - Modified Within 30 Days ==========

[2010/12/06 23:20:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AEA72E5D-8190-431D-8879-194A8F06FC0B}.job
[2010/12/06 23:12:34 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\UserOne\Desktop\OTL.exe
[2010/12/06 23:11:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/12/06 22:46:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/12/06 22:11:28 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/12/06 22:04:13 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\UserOne\Desktop\gmer.zip
[2010/12/06 22:01:05 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/06 22:00:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/06 21:31:02 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/12/06 20:16:45 | 000,436,160 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/06 20:16:45 | 000,068,906 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/06 20:11:17 | 000,293,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/06 20:09:55 | 000,813,078 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\Cat.DB
[2010/12/06 20:09:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/06 19:24:44 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\UserOne\Desktop\dds(2).scr
[2010/12/06 19:18:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\UserOne\defogger_reenable
[2010/12/06 19:14:55 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/12/06 19:14:55 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/12/06 19:14:55 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/12/06 19:14:55 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/12/06 19:14:55 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/12/06 19:03:27 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\UserOne\Desktop\Defogger(2).exe
[2010/12/06 13:13:55 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/12/06 13:13:55 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/12/06 13:13:55 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/12/06 10:49:35 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/12/06 09:38:03 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/12/05 17:37:35 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/12/05 11:23:23 | 001,344,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\UserOne\Desktop\tdsskiller.exe
[2010/12/05 11:15:09 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/12/05 10:04:10 | 000,016,478 | ---- | M] () -- C:\Documents and Settings\UserOne\Desktop\Posted Yesterday.docx
[2010/12/05 09:52:12 | 000,001,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/05 09:18:14 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/12/04 21:10:04 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\UserOne\Desktop\HiJackThis.lnk
[2010/12/04 17:16:50 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/12/04 09:49:43 | 000,001,990 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2010/12/04 09:49:09 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/12/04 09:49:09 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/12/04 09:49:09 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/12/04 09:49:09 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/12/04 09:49:09 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/12/04 09:49:09 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/12/04 03:00:20 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/12/04 03:00:20 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/12/04 02:47:40 | 000,000,621 | ---- | M] () -- C:\Documents and Settings\UserOne\Desktop\NTREGOPT.lnk
[2010/12/04 02:47:40 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\UserOne\Desktop\ERUNT.lnk
[2010/12/04 02:20:04 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\UserOne\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/12/04 02:20:04 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/04 02:10:17 | 000,001,223 | ---- | M] () -- C:\Documents and Settings\UserOne\Start Menu\Programs\Startup\CNET TechTracker.lnk
[2010/12/04 02:10:16 | 000,001,223 | ---- | M] () -- C:\Documents and Settings\UserOne\Desktop\CNET TechTracker.lnk
[2010/12/04 02:00:33 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\UserOne\Desktop\SpywareBlaster.lnk
[2010/12/04 01:07:45 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/12/03 22:46:27 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/12/02 18:52:20 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/12/02 18:52:20 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/12/02 18:52:20 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/12/02 18:52:20 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/12/06 22:04:11 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\UserOne\Desktop\gmer.zip
[2010/12/06 19:24:43 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\UserOne\Desktop\dds(2).scr
[2010/12/06 19:18:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\UserOne\defogger_reenable
[2010/12/06 19:03:27 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\UserOne\Desktop\Defogger(2).exe
[2010/12/05 10:04:09 | 000,016,478 | ---- | C] () -- C:\Documents and Settings\UserOne\Desktop\Posted Yesterday.docx
[2010/12/05 09:52:11 | 000,001,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/04 21:07:49 | 000,002,457 | ---- | C] () -- C:\Documents and Settings\UserOne\Desktop\HiJackThis.lnk
[2010/12/04 09:48:46 | 000,813,078 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\Cat.DB
[2010/12/04 03:15:01 | 000,007,787 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symnetv.cat
[2010/12/04 03:15:01 | 000,007,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symnet.cat
[2010/12/04 03:15:01 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symnetv.inf
[2010/12/04 03:15:01 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symnet.inf
[2010/12/04 03:15:00 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symefa.cat
[2010/12/04 03:15:00 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symefa.inf
[2010/12/04 03:14:59 | 000,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symds.cat
[2010/12/04 03:14:59 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symds.inf
[2010/12/04 03:14:58 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\srtspx.cat
[2010/12/04 03:14:58 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\srtspx.inf
[2010/12/04 03:14:57 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\srtsp.cat
[2010/12/04 03:14:57 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\iron.cat
[2010/12/04 03:14:57 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\srtsp.inf
[2010/12/04 03:14:57 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\iron.inf
[2010/12/04 03:14:56 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\cchpx86.cat
[2010/12/04 03:14:56 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\cchpx86.inf
[2010/12/04 03:13:44 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\isolate.ini
[2010/12/04 02:47:40 | 000,000,621 | ---- | C] () -- C:\Documents and Settings\UserOne\Desktop\NTREGOPT.lnk
[2010/12/04 02:47:40 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\UserOne\Desktop\ERUNT.lnk
[2010/12/04 02:20:04 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\UserOne\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/12/04 02:10:17 | 000,001,223 | ---- | C] () -- C:\Documents and Settings\UserOne\Start Menu\Programs\Startup\CNET TechTracker.lnk
[2010/12/04 02:10:16 | 000,001,223 | ---- | C] () -- C:\Documents and Settings\UserOne\Desktop\CNET TechTracker.lnk
[2010/12/04 02:00:33 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\UserOne\Desktop\SpywareBlaster.lnk
[2010/12/03 22:47:43 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/12/02 18:52:20 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/12/02 18:52:20 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/12/02 18:52:01 | 000,001,990 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2010/11/01 19:39:04 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\UserOne\Application Data\install
[2008/10/23 16:51:30 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/10/23 16:51:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/10/23 16:51:29 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/10/23 16:51:28 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/03/02 15:14:30 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\fadeafcfd5_d.dll
[2007/03/01 13:54:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\exctrlst.INI
[2007/03/01 13:06:34 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/03/01 13:06:33 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/02/28 18:32:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2007/02/28 08:27:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/09/06 05:12:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlcqcfg.dll
[2006/08/14 16:32:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcqcaps.dll
[2006/08/08 14:58:04 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\dlcqdrs.dll
[2006/07/12 05:36:08 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcqinsr.dll
[2006/07/12 05:35:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcqcur.dll
[2006/07/12 05:35:16 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlcqjswr.dll
[2006/07/12 05:33:48 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcqinsb.dll
[2006/07/12 05:33:40 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcqcub.dll
[2006/07/12 05:33:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcqcu.dll
[2006/07/12 05:33:22 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcqins.dll
[2006/07/12 05:31:48 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\dlcqutil.dll
[2006/07/12 05:27:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcqgrd.dll
[2006/07/11 17:54:16 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\dlcqcoin.dll
[2006/05/09 09:10:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcqcnv4.dll
[2005/06/24 01:37:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcqvs.dll

========== LOP Check ==========

[2010/12/06 20:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2009/08/07 19:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/12/03 00:31:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/12/03 00:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/12/06 21:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/13 11:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Toolbar4
[2010/12/03 00:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserOne\Application Data\AVG10
[2010/12/04 02:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserOne\Application Data\CBS Interactive
[2010/12/06 09:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserOne\Application Data\PriceGong
[2010/12/06 20:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserOne\Application Data\Tific
[2010/09/13 19:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserOne\Application Data\Windows Live Writer
[2010/12/06 22:46:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/12/04 03:00:20 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/12/04 09:49:09 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/12/06 13:13:55 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/12/04 17:16:50 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/12/05 17:37:35 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/12/06 13:13:55 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/12/06 19:14:55 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/12/06 19:14:55 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/12/05 09:18:14 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/12/06 19:14:55 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/12/06 13:13:55 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/12/04 01:07:45 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/12/06 19:14:55 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/12/06 19:14:55 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/12/06 21:31:02 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/12/06 23:11:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/12/06 22:11:28 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/12/04 03:00:20 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/12/04 09:49:09 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/12/04 09:49:09 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/12/04 09:49:09 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/12/04 09:49:09 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/12/04 09:49:09 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/12/06 10:49:35 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/12/05 11:15:09 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2010/12/06 23:20:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AEA72E5D-8190-431D-8879-194A8F06FC0B}.job
[2010/12/06 09:38:03 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/14 02:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008/04/14 02:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: AHCIX86.SYS >
[2008/10/13 02:14:18 | 000,184,848 | ---- | M] (Advanced Micro Devices, Inc) MD5=1ED718CA8A8B3F5AB77416A873C2BF9D -- C:\I386\AHCIX86.SYS
[2008/10/13 02:14:18 | 000,184,848 | ---- | M] (Advanced Micro Devices, Inc) MD5=1ED718CA8A8B3F5AB77416A873C2BF9D -- C:\WINDOWS\Dell\ATI\ahcix86.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 02:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008/04/14 02:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 02:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 02:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 02:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2009/06/04 05:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\I386\IASTOR.SYS
[2009/06/04 05:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\WINDOWS\Dell\Intel\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 02:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 02:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

< MD5 for: NVGTS.SYS >
[2008/01/21 08:15:22 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=A0B3F3A5049931657164F0FFCF0B208E -- C:\I386\NVGTS.SYS
[2008/01/21 08:15:22 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=A0B3F3A5049931657164F0FFCF0B208E -- C:\WINDOWS\Dell\NVidia\nvgts.sys

< MD5 for: SCECLI.DLL >
[2008/04/14 02:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 02:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\ODBCINST.INI:hii

< End of report >

Thanks for any assistance you can give.

The computer mysteriously restarted while I was in the middle of the original post here. Windows Live Messenger all of a sudden has become active and able to sign in.
When I was first given this laptop to look at by a friend Windows Live Messenger worked and then all of a sudden didn't. Now it looks like it is again.
Weird.

I had removed about 12-16 different infections with A/V software before seeking help. It was very infected.

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 08 December 2010 - 02:14 AM.


BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:35 PM

Posted 15 December 2010 - 08:30 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

Best Regards,
oneof4.

Best Regards,
oneof4.


#3 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:35 PM

Posted 20 December 2010 - 08:41 AM

Are you still with us?

Best Regards,
oneof4.


#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:35 PM

Posted 24 December 2010 - 03:27 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users