Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Still need help HiJackThis/Facebook

Started by davidmc , May 23 2010 05:51 PM

  • Please log in to reply

#1
davidmc
Posted 23 May 2010 - 05:51 PM

davidmc

    New Member

  • Member
  • Pip
  • 7 posts
I completed Malware and Spyware Cleaning Guide, MBAM was clean, Norton 42 cookies removed. When I rebooted, still the same. GMER Rootkit Scanner lockedup 3 times. Ran OTL and havOTL logfile created on: 5/23/2010 6:40:38 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Squirrel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586.37 Gb Total Space | 522.15 Gb Free Space | 89.05% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 5.07 Gb Free Space | 51.97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TAMMYS
Current User Name: Squirrel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/23 18:38:32 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Squirrel\Desktop\OTL.exe
PRC - [2010/05/18 19:34:58 | 000,298,608 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/05/18 18:59:11 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
PRC - [2010/01/26 19:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe
PRC - [2009/10/19 10:41:56 | 001,316,192 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/05/23 18:38:32 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Squirrel\Desktop\OTL.exe
MOD - [2010/05/14 00:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\asoehook.dll
MOD - [2009/07/12 02:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 02:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2009/04/10 23:21:40 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 21:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe -- (NIS)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)


========== Driver Services (SafeList) ==========

DRV - [2010/05/18 19:19:13 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100523.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/18 19:19:13 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100523.004\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/18 19:16:07 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/05 23:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1107000.00C\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/29 12:44:04 | 000,537,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100429.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1107000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 22:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1107000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1107000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1107000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 19:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1107000.00C\ccHPx86.sys -- (ccHP)
DRV - [2010/02/03 20:40:07 | 000,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100513.002\IDSvix86.sys -- (IDSVix86)
DRV - [2009/08/29 19:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1107000.00C\SYMDS.SYS -- (SymDS)
DRV - [2009/08/29 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/29 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/02/11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/24 11:06:40 | 002,054,872 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/11/01 16:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 16:47:56 | 000,267,776 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2007/11/01 16:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/18 14:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/13 13:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/05/18 19:19:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/05/18 19:16:17 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Squirrel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 21:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/05/23 18:38:31 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Squirrel\Desktop\OTL.exe
[2010/05/23 17:32:04 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/05/23 17:30:25 | 000,000,000 | ---D | C] -- C:\Users\Squirrel\AppData\Local\CrashDumps
[2010/05/23 16:43:40 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Squirrel\Desktop\mbam-setup-1.46.exe
[2010/05/23 16:40:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/23 16:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/23 16:38:29 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Squirrel\Desktop\erunt_setup.exe
[2010/05/23 16:31:29 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Squirrel\Desktop\TFC.exe
[2010/05/23 04:02:57 | 000,000,000 | ---D | C] -- C:\Users\Squirrel\AppData\Local\Microsoft Games
[2010/05/23 03:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/05/22 12:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/22 12:37:10 | 000,000,000 | ---D | C] -- C:\Users\Squirrel\AppData\Roaming\Malwarebytes
[2010/05/22 12:36:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/22 12:36:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/22 12:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/22 12:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/22 11:25:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/05/22 11:25:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/05/22 11:25:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/05/22 11:21:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2010/05/22 11:01:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/05/20 21:00:45 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1107000.00C\cchpx86.sys
[2010/05/20 21:00:45 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1107000.00C\symtdiv.sys
[2010/05/20 21:00:45 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1107000.00C\symds.sys
[2010/05/20 21:00:45 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1107000.00C\srtsp.sys
[2010/05/20 21:00:45 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1107000.00C\symefa.sys
[2010/05/20 21:00:45 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1107000.00C\ironx86.sys
[2010/05/20 21:00:45 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1107000.00C\srtspx.sys
[2010/05/20 21:00:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1107000.00C
[2010/05/19 22:16:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/05/19 20:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/05/19 19:43:24 | 000,000,000 | ---D | C] -- C:\cdc94197ec1484e2bad4885cdbfb
[2010/05/19 18:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/05/19 18:31:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2010/05/19 18:30:07 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/05/19 18:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/05/19 18:15:12 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/05/19 18:10:44 | 000,000,000 | ---D | C] -- C:\Users\Squirrel\AppData\Roaming\InstallShield
[2010/05/19 18:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/05/19 18:08:09 | 000,000,000 | ---D | C] -- C:\Intel
[2010/05/19 18:07:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2010/05/19 18:06:42 | 004,907,008 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2010/05/19 18:06:42 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2010/05/19 18:06:42 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2010/05/19 18:06:42 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/05/19 18:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/05/19 18:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/05/19 18:06:30 | 000,000,000 | ---D | C] -- C:\dell
[2010/05/18 22:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/05/18 22:00:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS
[2010/05/18 22:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/05/18 22:00:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0207030.022
[2010/05/18 21:07:48 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/05/18 21:07:33 | 000,000,000 | -HSD | C] -- C:\Boot
[2010/05/18 21:07:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM
[2010/05/18 20:17:43 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2010/05/18 20:11:36 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/05/18 20:08:29 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/05/18 20:08:25 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/05/18 19:34:46 | 000,000,000 | ---D | C] -- C:\Users\Squirrel\AppData\Roaming\Dell
[2010/05/18 19:34:18 | 000,000,000 | ---D | C] -- C:\Users\Squirrel\AppData\Local\Stardock_Corporation
[2010/05/18 19:34:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\{7322D736-AA5F-4DD0-8E33-EA48318CC276}
[2010/05/18 19:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell
[2010/05/18 19:34:00 | 000,000,000 | ---D | C] -- C:\Users\Squirrel\AppData\Local\PackageAware
[2010/05/18 19:31:37 | 000,000,000 | ---D | C] -- C:\Users\Squirrel\AppData\Roaming\Google
[2010/05/18 19:31:37 | 000,000,000 | ---D | C] -- C:\Users\Squirrel\AppData\Local\Google
[2010/05/18 19:16:28 | 000,000,000 | ---D | C] -- C:\Users\Squirrel\Documents\Symantec
[2010/05/18 19:16:07 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/05/18 19:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/05/18 19:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/05/18 19:15:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2010/05/18 19:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2010/05/18 19:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/05/18 19:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/05/18 19:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/05/18 19:00:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2010/05/18 18:59:36 | 000,000,000 | ---D | C] -- C:\Users\Squirrel\AppData\Roaming\Macromedia
[2010/05/18 18:59:35 | 000,000,000 | ---D | C] -- C:\Users\Squirrel\AppData\Roaming\Adobe
[2010/05/18 18:59:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/05/18 18:59:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010/05/18 18:59:05 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/05/18 18:44:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\vmm32
[2010/05/18 18:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2010/05/18 18:43:06 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/05/18 18:24:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2010/05/18 18:21:31 | 000,000,000 | R--D | C] -- C:\Users\Squirrel\Searches
[2010/05/18 18:21:22 | 000,000,000 | ---D | C] -- C:\Users\Squirrel\AppData\Roaming\Identities
[2010/05/18 18:21:21 | 000,000,000 | R--D | C] -- C:\Users\Squirrel\Contacts
[2010/05/18 18:21:21 | 000,000,000 | ---D | C] -- C:\Users\Squirrel\AppData\Local\VirtualStore
[2010/05/18 18:21:18 | 000,000,000 | -HSD | C] -- C:\Users\Squirrel\AppData\Local\Temporary Internet Files
[2010/05/18 18:21:18 | 000,000,000 | -HSD | C] -- C:\Users\Squirrel\Templates
[2010/05/18 18:21:18 | 000,000,000 | -HSD | C] -- C:\Users\Squirrel\Start Menu
[2010/05/18 18:21:18 | 000,000,000 | -HSD | C] -- C:\Users\Squirrel\SendTo
[2010/05/18 18:21:18 | 000,000,000 | -HSD | C] -- C:\Users\Squirrel\Recent
[2010/05/18 18:21:18 | 000,000,000 | -HSD | C] -- C:\Users\Squirrel\PrintHood
[2010/05/18 18:21:18 | 000,000,000 | -HSD | C] -- C:\Users\Squirrel\NetHood
[2010/05/18 18:21:18 | 000,000,000 | -HSD | C] -- C:\Users\Squirrel\Documents\My Videos
[2010/05/18 18:21:18 | 000,000,000 | -HSD | C] -- C:\Users\Squirrel\Documents\My Pictures
[2010/05/18 18:21:18 | 000,000,000 | -HSD | C] -- C:\Users\Squirrel\Documents\My Music
[2010/05/18 18:21:18 | 000,000,000 | -HSD | C] -- C:\Users\Squirrel\My Documents
[2010/05/18 18:21:18 | 000,000,000 | -HSD | C] -- C:\Users\Squirrel\Local Settings
[2010/05/18 18:21:18 | 000,000,000 | -HSD | C] -- C:\Users\Squirrel\AppData\Local\History
[2010/05/18 18:21:18 | 000,000,000 | -HSD | C] -- C:\Users\Squirrel\Cookies
[2010/05/18 18:21:18 | 000,000,000 | -HSD | C] -- C:\Users\Squirrel\Application Data
[2010/05/18 18:21:18 | 000,000,000 | -HSD | C] -- C:\Users\Squirrel\AppData\Local\Application Data
[2010/05/18 18:21:17 | 000,000,000 | --SD | C] -- C:\Users\Squirrel\AppData\Roaming\Microsoft
[2010/05/18 18:21:17 | 000,000,000 | R--D | C] -- C:\Users\Squirrel\Videos
[2010/05/18 18:21:17 | 000,000,000 | R--D | C] -- C:\Users\Squirrel\Saved Games
[2010/05/18 18:21:17 | 000,000,000 | R--D | C] -- C:\Users\Squirrel\Pictures
[2010/05/18 18:21:17 | 000,000,000 | R--D | C] -- C:\Users\Squirrel\Music
[2010/05/18 18:21:17 | 000,000,000 | R--D | C] -- C:\Users\Squirrel\Links
[2010/05/18 18:21:17 | 000,000,000 | R--D | C] -- C:\Users\Squirrel\Favorites
[2010/05/18 18:21:17 | 000,000,000 | R--D | C] -- C:\Users\Squirrel\Downloads
[2010/05/18 18:21:17 | 000,000,000 | R--D | C] -- C:\Users\Squirrel\Documents
[2010/05/18 18:21:17 | 000,000,000 | R--D | C] -- C:\Users\Squirrel\Desktop
[2010/05/18 18:21:17 | 000,000,000 | -H-D | C] -- C:\Users\Squirrel\AppData
[2010/05/18 18:21:17 | 000,000,000 | ---D | C] -- C:\Users\Squirrel\AppData\Local\Temp
[2010/05/18 18:21:17 | 000,000,000 | ---D | C] -- C:\Users\Squirrel\AppData\Local\Microsoft
[2010/05/18 18:21:17 | 000,000,000 | ---D | C] -- C:\Users\Squirrel\AppData\Roaming\Media Center Programs

========== Files - Modified Within 90 Days ==========

[2010/05/23 18:41:09 | 001,833,488 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\Cat.DB
[2010/05/23 18:40:19 | 001,310,720 | -HS- | M] () -- C:\Users\Squirrel\NTUSER.DAT
[2010/05/23 18:38:32 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Squirrel\Desktop\OTL.exe
[2010/05/23 18:14:42 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/23 18:14:42 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/23 18:14:42 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/23 18:11:30 | 000,001,699 | ---- | M] () -- C:\Users\Squirrel\Desktop\Notepad.lnk
[2010/05/23 18:10:20 | 000,049,168 | ---- | M] () -- C:\Users\Squirrel\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/23 18:10:20 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/23 18:10:19 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/23 18:10:17 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/23 18:10:13 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/23 18:10:12 | 000,228,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/23 18:10:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/23 18:10:01 | 3207,794,688 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/23 18:09:22 | 000,524,288 | -HS- | M] () -- C:\Users\Squirrel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/23 18:09:22 | 000,065,536 | -HS- | M] () -- C:\Users\Squirrel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/23 18:09:20 | 000,917,043 | -H-- | M] () -- C:\Users\Squirrel\AppData\Local\IconCache.db
[2010/05/23 17:46:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/23 17:31:55 | 282,495,562 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/23 16:44:56 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/23 16:43:56 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Squirrel\Desktop\mbam-setup-1.46.exe
[2010/05/23 16:39:51 | 000,000,733 | ---- | M] () -- C:\Users\Squirrel\Desktop\NTREGOPT.lnk
[2010/05/23 16:39:51 | 000,000,714 | ---- | M] () -- C:\Users\Squirrel\Desktop\ERUNT.lnk
[2010/05/23 16:38:57 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Squirrel\Desktop\erunt_setup.exe
[2010/05/23 16:31:32 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Squirrel\Desktop\TFC.exe
[2010/05/23 03:17:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/05/22 21:23:36 | 000,000,480 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Squirrel.job
[2010/05/22 12:42:09 | 000,001,874 | ---- | M] () -- C:\Users\Squirrel\Desktop\HijackThis.lnk
[2010/05/21 03:17:42 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/05/19 18:38:30 | 000,016,054 | ---- | M] () -- C:\Windows\System32\results.xml
[2010/05/19 18:20:34 | 000,022,729 | ---- | M] () -- C:\newkey
[2010/05/19 18:20:34 | 000,022,729 | ---- | M] () -- C:\newfile.enc
[2010/05/18 22:00:34 | 000,001,137 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2010/05/18 22:00:33 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini
[2010/05/18 21:07:35 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/05/18 20:13:40 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/05/18 20:12:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010/05/18 19:34:18 | 000,001,813 | ---- | M] () -- C:\Users\Squirrel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2010/05/18 19:16:07 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/05/18 19:16:07 | 000,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/05/18 19:16:07 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/05/18 18:25:16 | 000,524,288 | -HS- | M] () -- C:\Users\Squirrel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/05/18 18:21:37 | 000,000,680 | ---- | M] () -- C:\Users\Squirrel\AppData\Local\d3d9caps.dat
[2010/05/18 18:21:18 | 000,000,020 | -HS- | M] () -- C:\Users\Squirrel\ntuser.ini
[2010/05/14 01:32:01 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\isolate.ini
[2010/05/05 23:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1107000.00C\symtdiv.sys
[2010/05/05 23:01:43 | 000,001,473 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symnetv.inf
[2010/05/05 23:01:43 | 000,001,445 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symnet.inf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1107000.00C\ironx86.sys
[2010/04/29 00:03:51 | 000,007,438 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\iron.cat
[2010/04/29 00:03:51 | 000,000,741 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\iron.inf
[2010/04/26 03:18:40 | 000,007,873 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symefa.cat
[2010/04/24 06:31:04 | 000,003,373 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symefa.inf
[2010/04/21 22:02:36 | 000,007,787 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symnetv.cat
[2010/04/21 22:02:36 | 000,007,368 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symnet.cat
[2010/04/21 22:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1107000.00C\symefa.sys
[2010/04/21 22:01:56 | 000,007,425 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symds.cat
[2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1107000.00C\srtsp.sys
[2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1107000.00C\srtspx.sys
[2010/04/21 21:29:50 | 000,007,442 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\srtspx.cat
[2010/04/21 21:29:50 | 000,007,438 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\srtsp.cat
[2010/04/21 21:29:50 | 000,001,388 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\srtspx.inf
[2010/04/21 21:29:50 | 000,001,382 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\srtsp.inf
[2010/02/25 19:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1107000.00C\cchpx86.sys
[2010/02/25 13:54:56 | 000,007,396 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\cchpx86.cat
[2010/02/22 22:09:09 | 000,057,667 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

========== Files Created - No Company Name ==========

[2010/05/23 18:11:30 | 000,001,699 | ---- | C] () -- C:\Users\Squirrel\Desktop\Notepad.lnk
[2010/05/23 17:39:29 | 3207,794,688 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/23 17:31:55 | 282,495,562 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/05/23 16:39:51 | 000,000,733 | ---- | C] () -- C:\Users\Squirrel\Desktop\NTREGOPT.lnk
[2010/05/23 16:39:51 | 000,000,714 | ---- | C] () -- C:\Users\Squirrel\Desktop\ERUNT.lnk
[2010/05/23 03:17:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/05/22 12:42:09 | 000,001,874 | ---- | C] () -- C:\Users\Squirrel\Desktop\HijackThis.lnk
[2010/05/22 12:36:56 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/22 12:30:10 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/05/22 11:10:30 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2010/05/22 11:10:28 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2010/05/22 11:10:28 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2010/05/22 11:10:16 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2010/05/22 11:10:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/05/22 11:10:13 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2010/05/22 11:09:49 | 003,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2010/05/22 11:09:48 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2010/05/22 11:09:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/05/22 11:09:39 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2010/05/22 11:09:38 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2010/05/22 11:09:36 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2010/05/21 03:17:42 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/05/21 03:17:05 | 001,833,488 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\Cat.DB
[2010/05/20 21:00:45 | 000,007,873 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symefa.cat
[2010/05/20 21:00:45 | 000,007,787 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symnetv.cat
[2010/05/20 21:00:45 | 000,007,442 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\srtspx.cat
[2010/05/20 21:00:45 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\srtsp.cat
[2010/05/20 21:00:45 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\iron.cat
[2010/05/20 21:00:45 | 000,007,425 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symds.cat
[2010/05/20 21:00:45 | 000,007,396 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\cchpx86.cat
[2010/05/20 21:00:45 | 000,007,368 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symnet.cat
[2010/05/20 21:00:45 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symefa.inf
[2010/05/20 21:00:45 | 000,002,793 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symds.inf
[2010/05/20 21:00:45 | 000,001,754 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\cchpx86.inf
[2010/05/20 21:00:45 | 000,001,473 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symnetv.inf
[2010/05/20 21:00:45 | 000,001,445 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symnet.inf
[2010/05/20 21:00:45 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\srtspx.inf
[2010/05/20 21:00:45 | 000,001,382 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\srtsp.inf
[2010/05/20 21:00:45 | 000,000,741 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\iron.inf
[2010/05/20 21:00:38 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\isolate.ini
[2010/05/20 03:05:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/05/20 03:05:29 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2010/05/19 18:38:30 | 000,016,054 | ---- | C] () -- C:\Windows\System32\results.xml
[2010/05/19 18:31:11 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2010/05/19 18:31:11 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2010/05/19 18:31:10 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2010/05/19 18:31:10 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2010/05/19 18:24:14 | 000,001,904 | ---- | C] () -- C:\Windows\System32\SetupBD.din
[2010/05/19 18:22:16 | 000,002,689 | ---- | C] () -- C:\Windows\System32\e1e6032.din
[2010/05/19 18:20:34 | 000,022,729 | ---- | C] () -- C:\newkey
[2010/05/19 18:20:34 | 000,022,729 | ---- | C] () -- C:\newfile.enc
[2010/05/19 18:14:33 | 000,145,890 | ---- | C] () -- C:\Windows\System32\drivers\HSFProf.cty
[2010/05/19 18:10:44 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2010/05/19 18:07:40 | 000,000,553 | ---- | C] () -- C:\Windows\USetup.iss
[2010/05/19 03:17:31 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010/05/18 22:00:35 | 000,000,480 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Squirrel.job
[2010/05/18 22:00:34 | 000,001,137 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2010/05/18 22:00:33 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini
[2010/05/18 21:07:35 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2010/05/18 21:07:33 | 000,333,257 | RHS- | C] () -- C:\bootmgr
[2010/05/18 21:07:18 | 000,000,024 | RH-- | C] () -- C:\Windows\dell_version
[2010/05/18 20:12:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010/05/18 19:35:36 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/18 19:35:35 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/18 19:34:18 | 000,001,813 | ---- | C] () -- C:\Users\Squirrel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2010/05/18 19:16:07 | 000,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/05/18 19:16:07 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/05/18 18:21:18 | 000,000,680 | ---- | C] () -- C:\Users\Squirrel\AppData\Local\d3d9caps.dat
[2010/05/18 18:21:18 | 000,000,020 | -HS- | C] () -- C:\Users\Squirrel\ntuser.ini
[2010/05/18 18:21:17 | 001,310,720 | -HS- | C] () -- C:\Users\Squirrel\NTUSER.DAT
[2010/05/18 18:21:17 | 000,524,288 | -HS- | C] () -- C:\Users\Squirrel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/05/18 18:21:17 | 000,524,288 | -HS- | C] () -- C:\Users\Squirrel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/18 18:21:17 | 000,262,144 | -H-- | C] () -- C:\Users\Squirrel\ntuser.dat.LOG1
[2010/05/18 18:21:17 | 000,065,536 | -HS- | C] () -- C:\Users\Squirrel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/18 18:21:17 | 000,000,000 | -H-- | C] () -- C:\Users\Squirrel\ntuser.dat.LOG2
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/05/23 18:09:24 | 000,011,386 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/05/18 21:07:35 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/05/23 18:10:01 | 3207,794,688 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/19 18:20:34 | 000,022,729 | ---- | M] () -- C:\newfile.enc
[2010/05/19 18:20:34 | 000,022,729 | ---- | M] () -- C:\newkey
[2010/05/23 18:10:01 | 3523,690,496 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 06:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 06:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/10 23:27:48 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/10 23:28:24 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /180 >
[2010/02/20 15:53:34 | 000,411,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/23 06:10:13 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/23 06:10:19 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/23 06:10:13 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/12/11 06:43:30 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/12/11 06:43:11 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2010/05/18 19:16:07 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/02/18 09:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/12/08 12:26:18 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys
[2010/02/18 06:28:13 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
e a log if that will help. David
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP