Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Google Redirect. Help me Geek Gods I'm a spaz!

Started by SandyStone , May 08 2011 12:32 AM

This topic is locked

#1
SandyStone

Posted 08 May 2011 - 12:32 AM

Member

Member
69 posts

If you could sort out this mess I would be so gratefull. First virus ever! Anyway Norton tels me that my 256MB memory is inoperable. Norton says it will not start. I don't know is this is related or what. I ran tdsskiller. with no results.

I am not savey with these things. Thank you in advance.

OTL logfile created on: 5/8/2011 12:28:37 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Mary Smith\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 410.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1600 3100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.77 Gb Total Space | 152.87 Gb Free Space | 66.53% Space Free | Partition Type: NTFS

Computer Name: SANDRA | User Name: Mary Smith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/08 00:10:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Smith\Desktop\OTL.exe
PRC - [2011/05/05 02:48:16 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2005/06/17 08:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005/03/23 01:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

========== Modules (SafeList) ==========

MOD - [2011/05/08 00:10:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Smith\Desktop\OTL.exe
MOD - [2010/12/04 01:58:45 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.0.0.125\asOEHook.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 03:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\5.0.0.125\Microsoft.VC90.CRT\msvcr90.dll
MOD - [2009/07/12 03:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\5.0.0.125\Microsoft.VC90.CRT\msvcp90.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe -- (N360)
SRV - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 15:35:22 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/06/17 08:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®
SRV - [2004/12/16 10:26:58 | 000,462,848 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbxcoms.exe -- (dlbx_device)

========== Driver Services (SafeList) ==========

DRV - [2011/05/06 11:57:45 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110507.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/06 11:57:45 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/06 11:57:45 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/06 11:57:45 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110507.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/06 11:47:30 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/30 01:44:12 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110430.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/14 13:58:34 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110506.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/12/01 00:24:00 | 000,368,248 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/11/22 23:08:31 | 000,509,560 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\SRTSP.SYS -- (SRTSP)
DRV - [2010/11/22 23:08:31 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/11/17 21:59:55 | 000,652,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\SYMEFA.SYS -- (SymEFA)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\Ironx86.SYS -- (SymIRON)
DRV - [2010/10/20 21:28:36 | 000,340,016 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\SYMDS.SYS -- (SymDS)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/02/09 21:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/14 23:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2004/06/16 04:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/24 11:12:44 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2004/03/06 05:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 05:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 05:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.foxtab...m/?s=0&chnl=irn

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.youtube.com/user/eggsandham [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.weatherof...8_metric_e.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A D5 36 94 72 A1 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ClickPotatoLite\bin\10.0.644.0\firefox\extensions [2011/01/12 18:48:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8FBB66EF-2362-4BE0-99CF-5E24FB229C45}: C:\Documents and Settings\Mary Smith\Local Settings\Application Data\{8FBB66EF-2362-4BE0-99CF-5E24FB229C45} [2011/04/22 15:46:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/05 02:48:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/05/06 11:50:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011/05/06 11:46:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 15:30:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/05 15:30:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary Smith\Application Data\Mozilla\Extensions
[2011/05/05 16:49:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary Smith\Application Data\Mozilla\Firefox\Profiles\2m5tv024.default\extensions
[2011/05/05 15:30:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/05/05 02:48:52 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\DOCUMENTS AND SETTINGS\Mary Smith\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2M5TV024.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
[2011/04/22 15:46:50 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\Mary Smith\LOCAL SETTINGS\APPLICATION DATA\{8FBB66EF-2362-4BE0-99CF-5E24FB229C45}
[2011/01/12 18:48:39 | 000,000,000 | ---D | M] (ClickPotatoLite Component) -- C:\PROGRAM FILES\CLICKPOTATOLITE\BIN\10.0.644.0\FIREFOX\EXTENSIONS
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (eBay Toolbar Helper) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.0.0.125\IPS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [DLBXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.DLL ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [GHWAUC6NNZ] File not found
O4 - HKLM..\RunOnce: [SymLnch] C:\Documents and Settings\Mary Smith\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Support\SymLnch\SymLnch.exe (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: viyom = rundll32 "C:\WINDOWS\system32\substi.dll",JHZXMBTZCA
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...p1.0.0.15-3.cab (Reg Error: Key error.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://static.harper...geUploader5.cab (Image Uploader Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_18)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.s...rl/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mary Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/08 00:10:25 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mary Smith\Desktop\OTL.exe
[2011/05/07 23:00:37 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mary Smith\Desktop\tdsskiller.exe
[2011/05/07 21:04:02 | 000,000,000 | ---D | C] -- C:\N360_BACKUP
[2011/05/06 14:07:48 | 000,443,904 | ---- | C] (InstallCore© Technologies ) -- C:\Program Files\VideoToMp3Setup.exe
[2011/05/06 11:47:31 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/05/06 11:47:30 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/05/06 11:47:20 | 000,652,336 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymEFA.sys
[2011/05/06 11:47:20 | 000,368,248 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symtdi.sys
[2011/05/06 11:47:20 | 000,330,360 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symtdiv.sys
[2011/05/06 11:47:20 | 000,295,032 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symnets.sys
[2011/05/06 11:47:19 | 000,509,560 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtsp.sys
[2011/05/06 11:47:19 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymDS.sys
[2011/05/06 11:47:19 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Ironx86.sys
[2011/05/06 11:47:19 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtspx.sys
[2011/05/06 11:47:13 | 000,106,928 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2011/05/06 11:46:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2011/05/06 11:46:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0500000.07D
[2011/05/06 11:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/05/06 11:46:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360
[2011/05/06 11:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2011/05/05 15:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Smith\Local Settings\Application Data\Mozilla
[2011/05/05 15:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Smith\Application Data\Mozilla
[2011/05/05 15:30:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/05/05 15:29:22 | 012,521,992 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 4.0.1.exe
[2011/05/05 12:52:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/05 02:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/05/05 02:48:44 | 000,198,848 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/05/05 02:48:20 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/05/05 02:48:20 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/05/05 02:48:19 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/05/05 02:48:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/05/05 01:25:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Smith\Application Data\vlc
[2011/05/05 01:25:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/05/05 00:57:11 | 009,519,088 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\Shockwave_Installer_Full.exe
[2011/05/05 00:34:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/05/04 23:12:49 | 000,235,168 | ---- | C] (Adobe Systems, Inc.) -- C:\Documents and Settings\Mary Smith\Desktop\uninstall_flash_player.exe
[2011/05/03 01:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\AVIAddXSub
[2011/04/30 01:11:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2011/04/30 01:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Smith\Local Settings\Application Data\Microsoft Corporation
[2011/04/22 15:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Smith\Local Settings\Application Data\{8FBB66EF-2362-4BE0-99CF-5E24FB229C45}
[2011/01/14 19:48:15 | 006,909,232 | ---- | C] ( ) -- C:\Program Files\Real_Alternative_202.exe
[2011/01/09 11:58:36 | 004,966,432 | ---- | C] (CheeseSoft Inc. ) -- C:\Program Files\registryeasy_lite.exe
[2010/12/21 19:57:35 | 017,063,752 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8_IEAK_XP32.exe
[2010/12/10 21:23:29 | 004,938,120 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Silverlight.exe
[2010/11/27 18:31:36 | 034,452,784 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2010/11/26 21:01:11 | 025,825,936 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer.exe
[2010/08/18 20:05:34 | 004,451,992 | ---- | C] (MTS Allstream ) -- C:\Program Files\setup-client.exe
[2007/04/05 21:21:36 | 013,667,376 | ---- | C] ( ) -- C:\Program Files\Dell_Upgrade.v2806_5_9(Dell)_DVD060410-01_R3.exe
[82 C:\Documents and Settings\Mary Smith\My Documents\*.tmp files -> C:\Documents and Settings\Mary Smith\My Documents\*.tmp -> ]
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\Documents and Settings\Mary Smith\Desktop\*.tmp files -> C:\Documents and Settings\Mary Smith\Desktop\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/08 00:31:00 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/05/08 00:27:32 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3990514779-3826623117-1682299583-1006.job
[2011/05/08 00:27:32 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3990514779-3826623117-1682299583-1006.job
[2011/05/08 00:10:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Smith\Desktop\OTL.exe
[2011/05/07 23:42:00 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/05/07 23:00:50 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mary Smith\Desktop\tdsskiller.exe
[2011/05/07 18:45:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/07 18:44:36 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3990514779-3826623117-1682299583-1009.job
[2011/05/07 18:44:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/07 18:43:46 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/07 17:10:41 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Edokisovuniwul.dat
[2011/05/07 17:10:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Dfucijukijadux.bin
[2011/05/07 00:56:25 | 002,754,881 | ---- | M] () -- C:\Documents and Settings\Mary Smith\My Documents\Horrors_of_Vaccination_Exposed.pdf
[2011/05/07 00:18:32 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BBA3DE1D-12C5-4743-B18F-6153BA9C2721}.job
[2011/05/06 14:08:08 | 000,443,904 | ---- | M] (InstallCore© Technologies ) -- C:\Program Files\VideoToMp3Setup.exe
[2011/05/06 13:10:40 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Desktop\VLC Videos with Subs.lnk
[2011/05/06 13:03:31 | 000,000,473 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Desktop\Shortcut to VideoLAN.lnk
[2011/05/06 11:50:38 | 000,718,932 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Cat.DB
[2011/05/06 11:47:30 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/05/06 11:47:30 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/05/06 11:47:30 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/05/06 11:47:30 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/05/06 11:47:23 | 000,001,909 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2011/05/05 20:27:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/05 15:30:09 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/05 15:30:09 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/05 15:29:33 | 012,521,992 | ---- | M] (Mozilla) -- C:\Program Files\Firefox Setup 4.0.1.exe
[2011/05/05 10:11:15 | 000,000,593 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Desktop\Shortcut to RealPlayer Downloads.lnk
[2011/05/05 02:49:10 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/05/05 02:48:44 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/05/05 02:48:20 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/05/05 02:48:20 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/05/05 02:48:19 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/05/05 02:47:10 | 025,825,936 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer.exe
[2011/05/05 01:25:25 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/05/05 01:23:59 | 020,533,281 | ---- | M] () -- C:\Program Files\vlc-1.1.9-win32.exe
[2011/05/05 00:57:35 | 009,519,088 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Shockwave_Installer_Full.exe
[2011/05/04 23:12:50 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Mary Smith\Desktop\uninstall_flash_player.exe
[2011/05/03 23:54:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3990514779-3826623117-1682299583-1009.job
[2011/05/03 19:34:12 | 000,098,304 | RHS- | M] () -- C:\WINDOWS\System32\substi.dll
[2011/05/03 01:36:32 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/03 00:12:23 | 000,000,563 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Desktop\Real Player Shortcut.lnk
[2011/04/25 19:55:27 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/22 13:35:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\owacazuw.dll
[2011/04/22 01:03:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ofaraxif.dll
[2011/04/21 23:01:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ukiqalux.dll
[2011/04/21 20:29:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ewigiravu.dll
[2011/04/21 18:09:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\imutevigulus.dll
[2011/04/21 14:59:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\okoneter.dll
[2011/04/21 12:22:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ogezoxufapifov.dll
[2011/04/21 01:06:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\agikudeg.dll
[2011/04/20 22:49:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ukorulip.dll
[2011/04/20 20:45:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\akohokonipucovot.dll
[2011/04/20 18:43:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ufohucopojehu.dll
[2011/04/20 14:45:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ozoqaluxocacir.dll
[2011/04/20 10:55:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\atukidupa.dll
[2011/04/19 23:59:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\uratazalebinurif.dll
[2011/04/19 20:55:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\eyopisozoqocefuw.dll
[2011/04/19 18:52:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\izuhigaf.dll
[2011/04/19 14:30:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\oyiviyiyimevoco.dll
[2011/04/19 10:59:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\abamogoyineba.dll
[2011/04/18 21:23:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\egoqokaq.dll
[2011/04/18 19:21:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ejiqutunag.dll
[2011/04/18 16:55:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\onilotef.dll
[2011/04/18 14:54:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\udamagabobituyi.dll
[2011/04/18 11:43:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ihaxevoyoh.dll
[2011/04/17 21:15:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\imiwareheguri.dll
[2011/04/17 14:11:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\awamigobabamisa.dll
[2011/04/17 00:43:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\axajugab.dll
[2011/04/16 20:37:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\odoqinicim.dll
[2011/04/16 18:02:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ileligiz.dll
[2011/04/16 15:50:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ewehamirolu.dll
[2011/04/16 00:09:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\uwetoyaq.dll
[2011/04/15 20:20:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ujifecuficawaju.dll
[2011/04/15 17:28:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\icajoher.dll
[2011/04/15 17:06:40 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/04/15 17:06:37 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/15 17:06:37 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/15 13:58:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ademuqobo.dll
[2011/04/15 13:57:24 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/04/15 13:54:16 | 000,216,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 13:40:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/14 19:58:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ihaxukowomaq.dll
[2011/04/14 17:27:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\aqotoxolib.dll
[2011/04/14 13:44:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\igezivan.dll
[2011/04/14 09:47:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\epugerec.dll
[2011/04/13 23:27:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\osodisuv.dll
[2011/04/13 19:26:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ejayodegexino.dll
[2011/04/13 16:47:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\usolazahixuso.dll
[2011/04/13 13:42:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\eluhawagurin.dll
[2011/04/13 13:11:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\edotabivepasuyax.dll
[2011/04/12 23:44:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\afegorey.dll
[2011/04/12 21:43:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\acodugug.dll
[2011/04/12 19:39:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ijoduzub.dll
[2011/04/12 15:04:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ugicehez.dll
[2011/04/12 10:52:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\atemenesanuzeh.dll
[2011/04/09 14:40:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\okijuxug.dll
[82 C:\Documents and Settings\Mary Smith\My Documents\*.tmp files -> C:\Documents and Settings\Mary Smith\My Documents\*.tmp -> ]
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\Documents and Settings\Mary Smith\Desktop\*.tmp files -> C:\Documents and Settings\Mary Smith\Desktop\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/07 00:56:25 | 002,754,881 | ---- | C] () -- C:\Documents and Settings\Mary Smith\My Documents\Horrors_of_Vaccination_Exposed.pdf
[2011/05/06 13:03:31 | 000,000,473 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Desktop\Shortcut to VideoLAN.lnk
[2011/05/06 12:58:03 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Desktop\VLC Videos with Subs.lnk
[2011/05/06 11:50:04 | 000,718,932 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Cat.DB
[2011/05/06 11:47:30 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/05/06 11:47:30 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/05/06 11:47:23 | 000,001,909 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2011/05/06 11:46:54 | 000,003,374 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymEFA.inf
[2011/05/06 11:46:54 | 000,002,792 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymDS.inf
[2011/05/06 11:46:54 | 000,001,474 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymNetV.inf
[2011/05/06 11:46:54 | 000,001,446 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymNet.inf
[2011/05/06 11:46:54 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtspx.inf
[2011/05/06 11:46:54 | 000,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtsp.inf
[2011/05/06 11:46:54 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Iron.inf
[2011/05/06 11:46:28 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symnetv.cat
[2011/05/06 11:46:28 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\iron.cat
[2011/05/06 11:46:28 | 000,007,458 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymNet.cat
[2011/05/06 11:46:28 | 000,007,456 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymEFA.cat
[2011/05/06 11:46:28 | 000,007,454 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtspx.cat
[2011/05/06 11:46:28 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymDS.cat
[2011/05/06 11:46:28 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtsp.cat
[2011/05/06 11:46:28 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\isolate.ini
[2011/05/05 15:30:09 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/05 15:30:09 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/05 15:30:09 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/05 10:11:15 | 000,000,593 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Desktop\Shortcut to RealPlayer Downloads.lnk
[2011/05/05 02:49:10 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/05/05 01:25:25 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/05/05 01:23:45 | 020,533,281 | ---- | C] () -- C:\Program Files\vlc-1.1.9-win32.exe
[2011/05/03 19:35:37 | 000,000,310 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/05/03 19:35:21 | 000,000,310 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/05/03 19:34:12 | 000,098,304 | RHS- | C] () -- C:\WINDOWS\System32\substi.dll
[2011/05/03 00:12:23 | 000,000,563 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Desktop\Real Player Shortcut.lnk
[2011/04/22 13:35:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\owacazuw.dll
[2011/04/22 01:03:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ofaraxif.dll
[2011/04/21 23:01:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ukiqalux.dll
[2011/04/21 20:29:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ewigiravu.dll
[2011/04/21 18:09:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\imutevigulus.dll
[2011/04/21 14:59:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\okoneter.dll
[2011/04/21 12:22:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ogezoxufapifov.dll
[2011/04/21 01:06:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\agikudeg.dll
[2011/04/20 22:49:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ukorulip.dll
[2011/04/20 20:45:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\akohokonipucovot.dll
[2011/04/20 18:43:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ufohucopojehu.dll
[2011/04/20 14:45:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ozoqaluxocacir.dll
[2011/04/20 10:55:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\atukidupa.dll
[2011/04/19 23:59:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uratazalebinurif.dll
[2011/04/19 20:55:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eyopisozoqocefuw.dll
[2011/04/19 18:52:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\izuhigaf.dll
[2011/04/19 14:30:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oyiviyiyimevoco.dll
[2011/04/19 10:59:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\abamogoyineba.dll
[2011/04/18 21:23:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\egoqokaq.dll
[2011/04/18 19:21:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ejiqutunag.dll
[2011/04/18 16:55:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\onilotef.dll
[2011/04/18 14:54:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\udamagabobituyi.dll
[2011/04/18 11:43:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ihaxevoyoh.dll
[2011/04/17 21:15:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\imiwareheguri.dll
[2011/04/17 14:11:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\awamigobabamisa.dll
[2011/04/17 00:43:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\axajugab.dll
[2011/04/16 20:37:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\odoqinicim.dll
[2011/04/16 18:02:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ileligiz.dll
[2011/04/16 15:50:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ewehamirolu.dll
[2011/04/16 00:09:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uwetoyaq.dll
[2011/04/15 20:20:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ujifecuficawaju.dll
[2011/04/15 17:28:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\icajoher.dll
[2011/04/15 13:58:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ademuqobo.dll
[2011/04/14 19:58:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ihaxukowomaq.dll
[2011/04/14 17:27:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\aqotoxolib.dll
[2011/04/14 13:44:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\igezivan.dll
[2011/04/14 09:47:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\epugerec.dll
[2011/04/13 23:27:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\osodisuv.dll
[2011/04/13 19:26:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ejayodegexino.dll
[2011/04/13 16:47:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\usolazahixuso.dll
[2011/04/13 13:42:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eluhawagurin.dll
[2011/04/13 13:11:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\edotabivepasuyax.dll
[2011/04/12 23:44:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\afegorey.dll
[2011/04/12 21:43:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\acodugug.dll
[2011/04/12 19:39:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ijoduzub.dll
[2011/04/12 15:04:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ugicehez.dll
[2011/04/12 10:52:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\atemenesanuzeh.dll
[2011/04/09 14:40:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\okijuxug.dll
[2011/03/21 20:40:09 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Edokisovuniwul.dat
[2011/03/21 20:40:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dfucijukijadux.bin
[2011/01/14 19:43:32 | 014,786,095 | ---- | C] () -- C:\Program Files\K-Lite_Codec_Pack_666_Full.exe
[2010/12/11 15:51:59 | 019,985,265 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.1.5-win32.exe
[2010/12/02 13:43:00 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/11/29 03:17:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/21 16:40:44 | 000,043,548 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/11/14 22:47:54 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/10/12 23:59:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2007/11/19 14:07:58 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/10/10 10:18:17 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/03/15 14:14:58 | 000,001,387 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/09 16:02:06 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2007/03/05 17:43:07 | 000,798,186 | ---- | C] () -- C:\Program Files\E113.ZIP
[2006/03/16 21:14:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2006/03/08 02:50:25 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Blink.ini
[2006/01/20 00:35:12 | 000,000,021 | ---- | C] () -- C:\WINDOWS\FxSetDll.INI
[2006/01/19 15:47:36 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Application Data\PFP120JPR.{PB
[2006/01/19 15:47:36 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Application Data\PFP120JCM.{PB
[2005/12/18 18:33:29 | 000,000,046 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/12/15 22:53:34 | 000,007,866 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/12/14 12:20:33 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\mpnatapi.dll
[2005/12/11 13:09:56 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/10 17:32:33 | 000,000,861 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/12/10 17:30:02 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbxins.dll
[2005/12/10 17:30:02 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsr.dll
[2005/12/10 17:30:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbxvs.dll
[2005/12/10 17:29:59 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbxutil.dll
[2005/12/10 17:29:59 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbxcu.dll
[2005/12/10 17:29:59 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbxcur.dll
[2005/12/10 17:29:57 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsb.dll
[2005/12/10 17:29:57 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbxjswr.dll
[2005/12/10 17:29:57 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbxcub.dll
[2005/12/08 10:58:05 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/12/08 10:58:05 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\54FD0C73B9.sys
[2005/12/08 10:46:35 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2005/12/08 01:01:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/07 23:39:46 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/11/28 16:40:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/28 16:37:05 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/11/28 16:31:09 | 000,000,564 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/28 16:27:19 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/11/28 16:08:18 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[2005/11/28 16:08:08 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/11/28 16:08:00 | 000,114,630 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/11/28 16:07:32 | 000,000,494 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >

#2
Essexboy

Posted 08 May 2011 - 05:52 AM

GeekU Moderator

Retired Staff
69,964 posts

Good morning - lets try and resolve this for you

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
() (No name found) -- C:\DOCUMENTS AND SETTINGS\Mary Smith\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2M5TV024.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
[2011/04/22 15:46:50 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\Mary Smith\LOCAL SETTINGS\APPLICATION DATA\{8FBB66EF-2362-4BE0-99CF-5E24FB229C45}
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKCU..\Run: [GHWAUC6NNZ] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: viyom = rundll32 "C:\WINDOWS\system32\substi.dll",JHZXMBTZCA
O9 - Extra Button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - Reg Error: Key error. File not found
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...p1.0.0.15-3.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_18)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.s...rl/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
[2011/05/08 00:31:00 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/05/07 23:42:00 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/05/07 17:10:41 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Edokisovuniwul.dat
[2011/05/07 17:10:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Dfucijukijadux.bin
[2011/04/22 13:35:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\owacazuw.dll
[2011/04/22 01:03:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ofaraxif.dll
[2011/04/21 23:01:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ukiqalux.dll
[2011/04/21 20:29:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ewigiravu.dll
[2011/04/21 18:09:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\imutevigulus.dll
[2011/04/21 14:59:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\okoneter.dll
[2011/04/21 12:22:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ogezoxufapifov.dll
[2011/04/21 01:06:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\agikudeg.dll
[2011/04/20 22:49:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ukorulip.dll
[2011/04/20 20:45:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\akohokonipucovot.dll
[2011/04/20 18:43:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ufohucopojehu.dll
[2011/04/20 14:45:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ozoqaluxocacir.dll
[2011/04/20 10:55:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\atukidupa.dll
[2011/04/19 23:59:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\uratazalebinurif.dll
[2011/04/19 20:55:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\eyopisozoqocefuw.dll
[2011/04/19 18:52:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\izuhigaf.dll
[2011/04/19 14:30:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\oyiviyiyimevoco.dll
[2011/04/19 10:59:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\abamogoyineba.dll
[2011/04/18 21:23:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\egoqokaq.dll
[2011/04/18 19:21:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ejiqutunag.dll
[2011/04/18 16:55:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\onilotef.dll
[2011/04/18 14:54:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\udamagabobituyi.dll
[2011/04/18 11:43:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ihaxevoyoh.dll
[2011/04/17 21:15:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\imiwareheguri.dll
[2011/04/17 14:11:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\awamigobabamisa.dll
[2011/04/17 00:43:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\axajugab.dll
[2011/04/16 20:37:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\odoqinicim.dll
[2011/04/16 18:02:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ileligiz.dll
[2011/04/16 15:50:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ewehamirolu.dll
[2011/04/16 00:09:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\uwetoyaq.dll
[2011/04/15 20:20:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ujifecuficawaju.dll
[2011/04/15 17:28:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\icajoher.dll
[2011/04/15 13:58:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ademuqobo.dll
[2011/04/14 19:58:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ihaxukowomaq.dll
[2011/04/14 17:27:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\aqotoxolib.dll
[2011/04/14 13:44:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\igezivan.dll
[2011/04/14 09:47:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\epugerec.dll
[2011/04/13 23:27:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\osodisuv.dll
[2011/04/13 19:26:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ejayodegexino.dll
[2011/04/13 16:47:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\usolazahixuso.dll
[2011/04/13 13:42:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\eluhawagurin.dll
[2011/04/13 13:11:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\edotabivepasuyax.dll
[2011/04/12 23:44:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\afegorey.dll
[2011/04/12 21:43:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\acodugug.dll
[2011/04/12 19:39:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ijoduzub.dll
[2011/04/12 15:04:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ugicehez.dll
[2011/04/12 10:52:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\atemenesanuzeh.dll
[2011/04/09 14:40:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\okijuxug.dll
[2011/05/03 19:35:37 | 000,000,310 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/05/03 19:35:21 | 000,000,310 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/05/03 19:34:12 | 000,098,304 | RHS- | C] () -- C:\WINDOWS\System32\substi.dll
[2011/04/22 13:35:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\owacazuw.dll
[2011/04/22 01:03:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ofaraxif.dll
[2011/04/21 23:01:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ukiqalux.dll
[2011/04/21 20:29:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ewigiravu.dll
[2011/04/21 18:09:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\imutevigulus.dll
[2011/04/21 14:59:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\okoneter.dll
[2011/04/21 12:22:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ogezoxufapifov.dll
[2011/04/21 01:06:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\agikudeg.dll
[2011/04/20 22:49:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ukorulip.dll
[2011/04/20 20:45:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\akohokonipucovot.dll
[2011/04/20 18:43:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ufohucopojehu.dll
[2011/04/20 14:45:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ozoqaluxocacir.dll
[2011/04/20 10:55:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\atukidupa.dll
[2011/04/19 23:59:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uratazalebinurif.dll
[2011/04/19 20:55:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eyopisozoqocefuw.dll
[2011/04/19 18:52:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\izuhigaf.dll
[2011/04/19 14:30:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oyiviyiyimevoco.dll
[2011/04/19 10:59:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\abamogoyineba.dll
[2011/04/18 21:23:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\egoqokaq.dll
[2011/04/18 19:21:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ejiqutunag.dll
[2011/04/18 16:55:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\onilotef.dll
[2011/04/18 14:54:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\udamagabobituyi.dll
[2011/04/18 11:43:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ihaxevoyoh.dll
[2011/04/17 21:15:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\imiwareheguri.dll
[2011/04/17 14:11:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\awamigobabamisa.dll
[2011/04/17 00:43:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\axajugab.dll
[2011/04/16 20:37:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\odoqinicim.dll
[2011/04/16 18:02:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ileligiz.dll
[2011/04/16 15:50:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ewehamirolu.dll
[2011/04/16 00:09:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uwetoyaq.dll
[2011/04/15 20:20:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ujifecuficawaju.dll
[2011/04/15 17:28:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\icajoher.dll
[2011/04/15 13:58:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ademuqobo.dll
[2011/04/14 19:58:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ihaxukowomaq.dll
[2011/04/14 17:27:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\aqotoxolib.dll
[2011/04/14 13:44:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\igezivan.dll
[2011/04/14 09:47:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\epugerec.dll
[2011/04/13 23:27:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\osodisuv.dll
[2011/04/13 19:26:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ejayodegexino.dll
[2011/04/13 16:47:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\usolazahixuso.dll
[2011/04/13 13:42:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eluhawagurin.dll
[2011/04/13 13:11:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\edotabivepasuyax.dll
[2011/04/12 23:44:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\afegorey.dll
[2011/04/12 21:43:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\acodugug.dll
[2011/04/12 19:39:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ijoduzub.dll
[2011/04/12 15:04:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ugicehez.dll
[2011/04/12 10:52:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\atemenesanuzeh.dll
[2011/04/09 14:40:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\okijuxug.dll
[2011/03/21 20:40:09 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Edokisovuniwul.dat
[2011/03/21 20:40:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dfucijukijadux.bin

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

#3
SandyStone

Posted 08 May 2011 - 08:19 AM

Member

Topic Starter
Member
69 posts

OTL logfile created on: 5/8/2011 12:28:37 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Mary Smith\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 410.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1600 3100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.77 Gb Total Space | 152.87 Gb Free Space | 66.53% Space Free | Partition Type: NTFS

Computer Name: SANDRA | User Name: Mary Smith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/08 00:10:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Smith\Desktop\OTL.exe
PRC - [2011/05/05 02:48:16 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2005/06/17 08:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005/03/23 01:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

========== Modules (SafeList) ==========

MOD - [2011/05/08 00:10:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Smith\Desktop\OTL.exe
MOD - [2010/12/04 01:58:45 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.0.0.125\asOEHook.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 03:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\5.0.0.125\Microsoft.VC90.CRT\msvcr90.dll
MOD - [2009/07/12 03:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\5.0.0.125\Microsoft.VC90.CRT\msvcp90.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe -- (N360)
SRV - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 15:35:22 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/06/17 08:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®
SRV - [2004/12/16 10:26:58 | 000,462,848 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbxcoms.exe -- (dlbx_device)

========== Driver Services (SafeList) ==========

DRV - [2011/05/06 11:57:45 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110507.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/06 11:57:45 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/06 11:57:45 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/06 11:57:45 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110507.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/06 11:47:30 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/30 01:44:12 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110430.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/14 13:58:34 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110506.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/12/01 00:24:00 | 000,368,248 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/11/22 23:08:31 | 000,509,560 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\SRTSP.SYS -- (SRTSP)
DRV - [2010/11/22 23:08:31 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/11/17 21:59:55 | 000,652,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\SYMEFA.SYS -- (SymEFA)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\Ironx86.SYS -- (SymIRON)
DRV - [2010/10/20 21:28:36 | 000,340,016 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\SYMDS.SYS -- (SymDS)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/02/09 21:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/14 23:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2004/06/16 04:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/24 11:12:44 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2004/03/06 05:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 05:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 05:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.foxtab...m/?s=0&chnl=irn

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.youtube.com/user/eggsandham [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.weatherof...8_metric_e.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A D5 36 94 72 A1 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ClickPotatoLite\bin\10.0.644.0\firefox\extensions [2011/01/12 18:48:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8FBB66EF-2362-4BE0-99CF-5E24FB229C45}: C:\Documents and Settings\Mary Smith\Local Settings\Application Data\{8FBB66EF-2362-4BE0-99CF-5E24FB229C45} [2011/04/22 15:46:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/05 02:48:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/05/06 11:50:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011/05/06 11:46:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 15:30:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/05 15:30:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary Smith\Application Data\Mozilla\Extensions
[2011/05/05 16:49:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary Smith\Application Data\Mozilla\Firefox\Profiles\2m5tv024.default\extensions
[2011/05/05 15:30:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/05/05 02:48:52 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\DOCUMENTS AND SETTINGS\Mary Smith\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2M5TV024.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
[2011/04/22 15:46:50 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\Mary Smith\LOCAL SETTINGS\APPLICATION DATA\{8FBB66EF-2362-4BE0-99CF-5E24FB229C45}
[2011/01/12 18:48:39 | 000,000,000 | ---D | M] (ClickPotatoLite Component) -- C:\PROGRAM FILES\CLICKPOTATOLITE\BIN\10.0.644.0\FIREFOX\EXTENSIONS
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (eBay Toolbar Helper) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.0.0.125\IPS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [DLBXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.DLL ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [GHWAUC6NNZ] File not found
O4 - HKLM..\RunOnce: [SymLnch] C:\Documents and Settings\Mary Smith\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Support\SymLnch\SymLnch.exe (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: viyom = rundll32 "C:\WINDOWS\system32\substi.dll",JHZXMBTZCA
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...p1.0.0.15-3.cab (Reg Error: Key error.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://static.harper...geUploader5.cab (Image Uploader Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_18)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.s...rl/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mary Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/08 00:10:25 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mary Smith\Desktop\OTL.exe
[2011/05/07 23:00:37 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mary Smith\Desktop\tdsskiller.exe
[2011/05/07 21:04:02 | 000,000,000 | ---D | C] -- C:\N360_BACKUP
[2011/05/06 14:07:48 | 000,443,904 | ---- | C] (InstallCore© Technologies ) -- C:\Program Files\VideoToMp3Setup.exe
[2011/05/06 11:47:31 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/05/06 11:47:30 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/05/06 11:47:20 | 000,652,336 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymEFA.sys
[2011/05/06 11:47:20 | 000,368,248 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symtdi.sys
[2011/05/06 11:47:20 | 000,330,360 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symtdiv.sys
[2011/05/06 11:47:20 | 000,295,032 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symnets.sys
[2011/05/06 11:47:19 | 000,509,560 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtsp.sys
[2011/05/06 11:47:19 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymDS.sys
[2011/05/06 11:47:19 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Ironx86.sys
[2011/05/06 11:47:19 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtspx.sys
[2011/05/06 11:47:13 | 000,106,928 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2011/05/06 11:46:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2011/05/06 11:46:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0500000.07D
[2011/05/06 11:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/05/06 11:46:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360
[2011/05/06 11:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2011/05/05 15:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Smith\Local Settings\Application Data\Mozilla
[2011/05/05 15:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Smith\Application Data\Mozilla
[2011/05/05 15:30:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/05/05 15:29:22 | 012,521,992 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 4.0.1.exe
[2011/05/05 12:52:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/05 02:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/05/05 02:48:44 | 000,198,848 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/05/05 02:48:20 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/05/05 02:48:20 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/05/05 02:48:19 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/05/05 02:48:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/05/05 01:25:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Smith\Application Data\vlc
[2011/05/05 01:25:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/05/05 00:57:11 | 009,519,088 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\Shockwave_Installer_Full.exe
[2011/05/05 00:34:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/05/04 23:12:49 | 000,235,168 | ---- | C] (Adobe Systems, Inc.) -- C:\Documents and Settings\Mary Smith\Desktop\uninstall_flash_player.exe
[2011/05/03 01:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\AVIAddXSub
[2011/04/30 01:11:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2011/04/30 01:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Smith\Local Settings\Application Data\Microsoft Corporation
[2011/04/22 15:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Smith\Local Settings\Application Data\{8FBB66EF-2362-4BE0-99CF-5E24FB229C45}
[2011/01/14 19:48:15 | 006,909,232 | ---- | C] ( ) -- C:\Program Files\Real_Alternative_202.exe
[2011/01/09 11:58:36 | 004,966,432 | ---- | C] (CheeseSoft Inc. ) -- C:\Program Files\registryeasy_lite.exe
[2010/12/21 19:57:35 | 017,063,752 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8_IEAK_XP32.exe
[2010/12/10 21:23:29 | 004,938,120 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Silverlight.exe
[2010/11/27 18:31:36 | 034,452,784 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2010/11/26 21:01:11 | 025,825,936 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer.exe
[2010/08/18 20:05:34 | 004,451,992 | ---- | C] (MTS Allstream ) -- C:\Program Files\setup-client.exe
[2007/04/05 21:21:36 | 013,667,376 | ---- | C] ( ) -- C:\Program Files\Dell_Upgrade.v2806_5_9(Dell)_DVD060410-01_R3.exe
[82 C:\Documents and Settings\Mary Smith\My Documents\*.tmp files -> C:\Documents and Settings\Mary Smith\My Documents\*.tmp -> ]
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\Documents and Settings\Mary Smith\Desktop\*.tmp files -> C:\Documents and Settings\Mary Smith\Desktop\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/08 00:31:00 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/05/08 00:27:32 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3990514779-3826623117-1682299583-1006.job
[2011/05/08 00:27:32 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3990514779-3826623117-1682299583-1006.job
[2011/05/08 00:10:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Smith\Desktop\OTL.exe
[2011/05/07 23:42:00 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/05/07 23:00:50 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mary Smith\Desktop\tdsskiller.exe
[2011/05/07 18:45:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/07 18:44:36 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3990514779-3826623117-1682299583-1009.job
[2011/05/07 18:44:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/07 18:43:46 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/07 17:10:41 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Edokisovuniwul.dat
[2011/05/07 17:10:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Dfucijukijadux.bin
[2011/05/07 00:56:25 | 002,754,881 | ---- | M] () -- C:\Documents and Settings\Mary Smith\My Documents\Horrors_of_Vaccination_Exposed.pdf
[2011/05/07 00:18:32 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BBA3DE1D-12C5-4743-B18F-6153BA9C2721}.job
[2011/05/06 14:08:08 | 000,443,904 | ---- | M] (InstallCore© Technologies ) -- C:\Program Files\VideoToMp3Setup.exe
[2011/05/06 13:10:40 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Desktop\VLC Videos with Subs.lnk
[2011/05/06 13:03:31 | 000,000,473 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Desktop\Shortcut to VideoLAN.lnk
[2011/05/06 11:50:38 | 000,718,932 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Cat.DB
[2011/05/06 11:47:30 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/05/06 11:47:30 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/05/06 11:47:30 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/05/06 11:47:30 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/05/06 11:47:23 | 000,001,909 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2011/05/05 20:27:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/05 15:30:09 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/05 15:30:09 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/05 15:29:33 | 012,521,992 | ---- | M] (Mozilla) -- C:\Program Files\Firefox Setup 4.0.1.exe
[2011/05/05 10:11:15 | 000,000,593 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Desktop\Shortcut to RealPlayer Downloads.lnk
[2011/05/05 02:49:10 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/05/05 02:48:44 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/05/05 02:48:20 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/05/05 02:48:20 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/05/05 02:48:19 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/05/05 02:47:10 | 025,825,936 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer.exe
[2011/05/05 01:25:25 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/05/05 01:23:59 | 020,533,281 | ---- | M] () -- C:\Program Files\vlc-1.1.9-win32.exe
[2011/05/05 00:57:35 | 009,519,088 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Shockwave_Installer_Full.exe
[2011/05/04 23:12:50 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Mary Smith\Desktop\uninstall_flash_player.exe
[2011/05/03 23:54:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3990514779-3826623117-1682299583-1009.job
[2011/05/03 19:34:12 | 000,098,304 | RHS- | M] () -- C:\WINDOWS\System32\substi.dll
[2011/05/03 01:36:32 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/03 00:12:23 | 000,000,563 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Desktop\Real Player Shortcut.lnk
[2011/04/25 19:55:27 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/22 13:35:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\owacazuw.dll
[2011/04/22 01:03:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ofaraxif.dll
[2011/04/21 23:01:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ukiqalux.dll
[2011/04/21 20:29:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ewigiravu.dll
[2011/04/21 18:09:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\imutevigulus.dll
[2011/04/21 14:59:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\okoneter.dll
[2011/04/21 12:22:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ogezoxufapifov.dll
[2011/04/21 01:06:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\agikudeg.dll
[2011/04/20 22:49:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ukorulip.dll
[2011/04/20 20:45:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\akohokonipucovot.dll
[2011/04/20 18:43:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ufohucopojehu.dll
[2011/04/20 14:45:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ozoqaluxocacir.dll
[2011/04/20 10:55:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\atukidupa.dll
[2011/04/19 23:59:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\uratazalebinurif.dll
[2011/04/19 20:55:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\eyopisozoqocefuw.dll
[2011/04/19 18:52:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\izuhigaf.dll
[2011/04/19 14:30:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\oyiviyiyimevoco.dll
[2011/04/19 10:59:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\abamogoyineba.dll
[2011/04/18 21:23:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\egoqokaq.dll
[2011/04/18 19:21:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ejiqutunag.dll
[2011/04/18 16:55:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\onilotef.dll
[2011/04/18 14:54:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\udamagabobituyi.dll
[2011/04/18 11:43:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ihaxevoyoh.dll
[2011/04/17 21:15:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\imiwareheguri.dll
[2011/04/17 14:11:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\awamigobabamisa.dll
[2011/04/17 00:43:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\axajugab.dll
[2011/04/16 20:37:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\odoqinicim.dll
[2011/04/16 18:02:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ileligiz.dll
[2011/04/16 15:50:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ewehamirolu.dll
[2011/04/16 00:09:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\uwetoyaq.dll
[2011/04/15 20:20:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ujifecuficawaju.dll
[2011/04/15 17:28:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\icajoher.dll
[2011/04/15 17:06:40 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/04/15 17:06:37 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/15 17:06:37 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/15 13:58:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ademuqobo.dll
[2011/04/15 13:57:24 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/04/15 13:54:16 | 000,216,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 13:40:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/14 19:58:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ihaxukowomaq.dll
[2011/04/14 17:27:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\aqotoxolib.dll
[2011/04/14 13:44:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\igezivan.dll
[2011/04/14 09:47:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\epugerec.dll
[2011/04/13 23:27:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\osodisuv.dll
[2011/04/13 19:26:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ejayodegexino.dll
[2011/04/13 16:47:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\usolazahixuso.dll
[2011/04/13 13:42:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\eluhawagurin.dll
[2011/04/13 13:11:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\edotabivepasuyax.dll
[2011/04/12 23:44:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\afegorey.dll
[2011/04/12 21:43:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\acodugug.dll
[2011/04/12 19:39:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ijoduzub.dll
[2011/04/12 15:04:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ugicehez.dll
[2011/04/12 10:52:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\atemenesanuzeh.dll
[2011/04/09 14:40:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\okijuxug.dll
[82 C:\Documents and Settings\Mary Smith\My Documents\*.tmp files -> C:\Documents and Settings\Mary Smith\My Documents\*.tmp -> ]
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\Documents and Settings\Mary Smith\Desktop\*.tmp files -> C:\Documents and Settings\Mary Smith\Desktop\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/07 00:56:25 | 002,754,881 | ---- | C] () -- C:\Documents and Settings\Mary Smith\My Documents\Horrors_of_Vaccination_Exposed.pdf
[2011/05/06 13:03:31 | 000,000,473 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Desktop\Shortcut to VideoLAN.lnk
[2011/05/06 12:58:03 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Desktop\VLC Videos with Subs.lnk
[2011/05/06 11:50:04 | 000,718,932 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Cat.DB
[2011/05/06 11:47:30 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/05/06 11:47:30 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/05/06 11:47:23 | 000,001,909 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2011/05/06 11:46:54 | 000,003,374 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymEFA.inf
[2011/05/06 11:46:54 | 000,002,792 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymDS.inf
[2011/05/06 11:46:54 | 000,001,474 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymNetV.inf
[2011/05/06 11:46:54 | 000,001,446 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymNet.inf
[2011/05/06 11:46:54 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtspx.inf
[2011/05/06 11:46:54 | 000,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtsp.inf
[2011/05/06 11:46:54 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Iron.inf
[2011/05/06 11:46:28 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symnetv.cat
[2011/05/06 11:46:28 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\iron.cat
[2011/05/06 11:46:28 | 000,007,458 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymNet.cat
[2011/05/06 11:46:28 | 000,007,456 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymEFA.cat
[2011/05/06 11:46:28 | 000,007,454 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtspx.cat
[2011/05/06 11:46:28 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymDS.cat
[2011/05/06 11:46:28 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtsp.cat
[2011/05/06 11:46:28 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\isolate.ini
[2011/05/05 15:30:09 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/05 15:30:09 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/05 15:30:09 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/05 10:11:15 | 000,000,593 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Desktop\Shortcut to RealPlayer Downloads.lnk
[2011/05/05 02:49:10 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/05/05 01:25:25 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/05/05 01:23:45 | 020,533,281 | ---- | C] () -- C:\Program Files\vlc-1.1.9-win32.exe
[2011/05/03 19:35:37 | 000,000,310 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/05/03 19:35:21 | 000,000,310 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/05/03 19:34:12 | 000,098,304 | RHS- | C] () -- C:\WINDOWS\System32\substi.dll
[2011/05/03 00:12:23 | 000,000,563 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Desktop\Real Player Shortcut.lnk
[2011/04/22 13:35:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\owacazuw.dll
[2011/04/22 01:03:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ofaraxif.dll
[2011/04/21 23:01:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ukiqalux.dll
[2011/04/21 20:29:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ewigiravu.dll
[2011/04/21 18:09:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\imutevigulus.dll
[2011/04/21 14:59:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\okoneter.dll
[2011/04/21 12:22:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ogezoxufapifov.dll
[2011/04/21 01:06:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\agikudeg.dll
[2011/04/20 22:49:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ukorulip.dll
[2011/04/20 20:45:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\akohokonipucovot.dll
[2011/04/20 18:43:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ufohucopojehu.dll
[2011/04/20 14:45:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ozoqaluxocacir.dll
[2011/04/20 10:55:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\atukidupa.dll
[2011/04/19 23:59:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uratazalebinurif.dll
[2011/04/19 20:55:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eyopisozoqocefuw.dll
[2011/04/19 18:52:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\izuhigaf.dll
[2011/04/19 14:30:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oyiviyiyimevoco.dll
[2011/04/19 10:59:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\abamogoyineba.dll
[2011/04/18 21:23:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\egoqokaq.dll
[2011/04/18 19:21:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ejiqutunag.dll
[2011/04/18 16:55:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\onilotef.dll
[2011/04/18 14:54:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\udamagabobituyi.dll
[2011/04/18 11:43:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ihaxevoyoh.dll
[2011/04/17 21:15:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\imiwareheguri.dll
[2011/04/17 14:11:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\awamigobabamisa.dll
[2011/04/17 00:43:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\axajugab.dll
[2011/04/16 20:37:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\odoqinicim.dll
[2011/04/16 18:02:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ileligiz.dll
[2011/04/16 15:50:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ewehamirolu.dll
[2011/04/16 00:09:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uwetoyaq.dll
[2011/04/15 20:20:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ujifecuficawaju.dll
[2011/04/15 17:28:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\icajoher.dll
[2011/04/15 13:58:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ademuqobo.dll
[2011/04/14 19:58:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ihaxukowomaq.dll
[2011/04/14 17:27:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\aqotoxolib.dll
[2011/04/14 13:44:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\igezivan.dll
[2011/04/14 09:47:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\epugerec.dll
[2011/04/13 23:27:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\osodisuv.dll
[2011/04/13 19:26:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ejayodegexino.dll
[2011/04/13 16:47:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\usolazahixuso.dll
[2011/04/13 13:42:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eluhawagurin.dll
[2011/04/13 13:11:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\edotabivepasuyax.dll
[2011/04/12 23:44:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\afegorey.dll
[2011/04/12 21:43:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\acodugug.dll
[2011/04/12 19:39:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ijoduzub.dll
[2011/04/12 15:04:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ugicehez.dll
[2011/04/12 10:52:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\atemenesanuzeh.dll
[2011/04/09 14:40:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\okijuxug.dll
[2011/03/21 20:40:09 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Edokisovuniwul.dat
[2011/03/21 20:40:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dfucijukijadux.bin
[2011/01/14 19:43:32 | 014,786,095 | ---- | C] () -- C:\Program Files\K-Lite_Codec_Pack_666_Full.exe
[2010/12/11 15:51:59 | 019,985,265 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.1.5-win32.exe
[2010/12/02 13:43:00 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/11/29 03:17:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/21 16:40:44 | 000,043,548 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/11/14 22:47:54 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/10/12 23:59:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2007/11/19 14:07:58 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/10/10 10:18:17 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/03/15 14:14:58 | 000,001,387 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/09 16:02:06 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2007/03/05 17:43:07 | 000,798,186 | ---- | C] () -- C:\Program Files\E113.ZIP
[2006/03/16 21:14:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2006/03/08 02:50:25 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Blink.ini
[2006/01/20 00:35:12 | 000,000,021 | ---- | C] () -- C:\WINDOWS\FxSetDll.INI
[2006/01/19 15:47:36 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Application Data\PFP120JPR.{PB
[2006/01/19 15:47:36 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Application Data\PFP120JCM.{PB
[2005/12/18 18:33:29 | 000,000,046 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/12/15 22:53:34 | 000,007,866 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/12/14 12:20:33 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\mpnatapi.dll
[2005/12/11 13:09:56 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/10 17:32:33 | 000,000,861 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/12/10 17:30:02 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbxins.dll
[2005/12/10 17:30:02 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsr.dll
[2005/12/10 17:30:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbxvs.dll
[2005/12/10 17:29:59 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbxutil.dll
[2005/12/10 17:29:59 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbxcu.dll
[2005/12/10 17:29:59 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbxcur.dll
[2005/12/10 17:29:57 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsb.dll
[2005/12/10 17:29:57 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbxjswr.dll
[2005/12/10 17:29:57 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbxcub.dll
[2005/12/08 10:58:05 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/12/08 10:58:05 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\54FD0C73B9.sys
[2005/12/08 10:46:35 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2005/12/08 01:01:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/07 23:39:46 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/11/28 16:40:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/28 16:37:05 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/11/28 16:31:09 | 000,000,564 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/28 16:27:19 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/11/28 16:08:18 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[2005/11/28 16:08:08 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/11/28 16:08:00 | 000,114,630 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/11/28 16:07:32 | 000,000,494 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >

#4
Essexboy

Posted 08 May 2011 - 08:36 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there you have posted the original OTL log - could you post the one that came up after the fix run please

#5
SandyStone

Posted 08 May 2011 - 09:48 AM

Member

Topic Starter
Member
69 posts

Sorry about that,here it is.

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-08 09:09:57
-----------------------------
09:09:57.296 OS Version: Windows 5.1.2600 Service Pack 3
09:09:57.296 Number of processors: 2 586 0x404
09:09:57.296 ComputerName: SANDRA UserName:
09:09:58.234 Initialize success
09:10:01.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
09:10:01.531 Disk 0 Vendor: Maxtor_7 BACE Size: 238418MB BusType: 3
09:10:01.546 Disk 0 MBR read successfully
09:10:01.546 Disk 0 MBR scan
09:10:01.546 Disk 0 unknown MBR code
09:10:01.546 Disk 0 scanning sectors +488263545
09:10:01.625 Disk 0 scanning C:\WINDOWS\system32\drivers
09:10:08.562 Service scanning
09:10:10.187 Disk 0 trace - called modules:
09:10:10.218 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
09:10:10.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d0cab8]
09:10:10.218 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86d94030]
09:10:10.218 Scan finished successfully
09:11:02.093 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sandra Cranstone\Desktop\MBR.dat"
09:11:02.093 The log file has been saved successfully to "C:\Documents and Settings\Mary Smith\Desktop\aswMBR.txt"

Edited by SandyStone, 08 May 2011 - 09:51 AM.

#6
Essexboy

Posted 08 May 2011 - 10:00 AM

GeekU Moderator

Retired Staff
69,964 posts

Could you run a fresh OTL scan now please and let me know what your current problems are

Posted Image

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

#7
SandyStone

Posted 08 May 2011 - 10:16 AM

Member

Topic Starter
Member
69 posts

New Scan

OTL logfile created on: 5/8/2011 11:02:20 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Mary Smith\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 474.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1600 3100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.77 Gb Total Space | 152.88 Gb Free Space | 66.54% Space Free | Partition Type: NTFS

Computer Name: SANDRA | User Name: Mary Smith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/08 00:10:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Smith\Desktop\OTL.exe
PRC - [2011/05/05 02:48:16 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2005/06/17 08:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005/03/23 01:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

========== Modules (SafeList) ==========

MOD - [2011/05/08 00:10:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Smith\Desktop\OTL.exe
MOD - [2010/12/04 01:58:45 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.0.0.125\asOEHook.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 03:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\5.0.0.125\Microsoft.VC90.CRT\msvcr90.dll
MOD - [2009/07/12 03:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\5.0.0.125\Microsoft.VC90.CRT\msvcp90.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe -- (N360)
SRV - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 15:35:22 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/06/17 08:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®
SRV - [2004/12/16 10:26:58 | 000,462,848 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbxcoms.exe -- (dlbx_device)

========== Driver Services (SafeList) ==========

DRV - [2011/05/06 11:57:45 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110507.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/06 11:57:45 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/06 11:57:45 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/06 11:57:45 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110507.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/06 11:47:30 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/30 01:44:12 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110430.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/14 13:58:34 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110506.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/12/01 00:24:00 | 000,368,248 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/11/22 23:08:31 | 000,509,560 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\SRTSP.SYS -- (SRTSP)
DRV - [2010/11/22 23:08:31 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/11/17 21:59:55 | 000,652,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\SYMEFA.SYS -- (SymEFA)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\Ironx86.SYS -- (SymIRON)
DRV - [2010/10/20 21:28:36 | 000,340,016 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\SYMDS.SYS -- (SymDS)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/02/09 21:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/14 23:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2004/06/16 04:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/24 11:12:44 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2004/03/06 05:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 05:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 05:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.foxtab...m/?s=0&chnl=irn

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.youtube.com/user/eggsandham[binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.weatherof...8_metric_e.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A D5 36 94 72 A1 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ClickPotatoLite\bin\10.0.644.0\firefox\extensions [2011/01/12 18:48:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8FBB66EF-2362-4BE0-99CF-5E24FB229C45}: C:\Documents and Settings\Mary Smith\Local Settings\Application Data\{8FBB66EF-2362-4BE0-99CF-5E24FB229C45} [2011/04/22 15:46:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/05 02:48:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/05/06 11:50:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011/05/06 11:46:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 15:30:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/05 15:30:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary Smith\Application Data\Mozilla\Extensions
[2011/05/05 16:49:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary Smith\Application Data\Mozilla\Firefox\Profiles\2m5tv024.default\extensions
[2011/05/05 15:30:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/05/05 02:48:52 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\DOCUMENTS AND SETTINGS\Mary Smith\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2M5TV024.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
[2011/04/22 15:46:50 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\Mary Smith\LOCAL SETTINGS\APPLICATION DATA\{8FBB66EF-2362-4BE0-99CF-5E24FB229C45}
[2011/01/12 18:48:39 | 000,000,000 | ---D | M] (ClickPotatoLite Component) -- C:\PROGRAM FILES\CLICKPOTATOLITE\BIN\10.0.644.0\FIREFOX\EXTENSIONS
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (eBay Toolbar Helper) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.0.0.125\IPS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [DLBXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.DLL ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [GHWAUC6NNZ] File not found
O4 - HKLM..\RunOnce: [SymLnch] C:\Documents and Settings\Mary Smith\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Support\SymLnch\SymLnch.exe (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: viyom = rundll32 "C:\WINDOWS\system32\substi.dll",JHZXMBTZCA
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...p1.0.0.15-3.cab (Reg Error: Key error.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://static.harper...geUploader5.cab (Image Uploader Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_18)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.s...rl/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mary Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/08 09:08:55 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Mary Smith\Desktop\aswMBR.exe
[2011/05/08 00:10:25 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mary Smith\Desktop\OTL.exe
[2011/05/07 23:00:37 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mary Smith\Desktop\tdsskiller.exe
[2011/05/07 21:04:02 | 000,000,000 | ---D | C] -- C:\N360_BACKUP
[2011/05/06 14:07:48 | 000,443,904 | ---- | C] (InstallCore© Technologies ) -- C:\Program Files\VideoToMp3Setup.exe
[2011/05/06 11:47:31 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/05/06 11:47:30 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/05/06 11:47:20 | 000,652,336 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymEFA.sys
[2011/05/06 11:47:20 | 000,368,248 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symtdi.sys
[2011/05/06 11:47:20 | 000,330,360 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symtdiv.sys
[2011/05/06 11:47:20 | 000,295,032 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symnets.sys
[2011/05/06 11:47:19 | 000,509,560 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtsp.sys
[2011/05/06 11:47:19 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymDS.sys
[2011/05/06 11:47:19 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Ironx86.sys
[2011/05/06 11:47:19 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtspx.sys
[2011/05/06 11:47:13 | 000,106,928 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2011/05/06 11:46:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2011/05/06 11:46:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0500000.07D
[2011/05/06 11:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/05/06 11:46:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360
[2011/05/06 11:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2011/05/05 15:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Smith\Local Settings\Application Data\Mozilla
[2011/05/05 15:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Smith\Application Data\Mozilla
[2011/05/05 15:30:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/05/05 15:29:22 | 012,521,992 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 4.0.1.exe
[2011/05/05 12:52:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/05 02:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/05/05 02:48:44 | 000,198,848 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/05/05 02:48:20 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/05/05 02:48:20 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/05/05 02:48:19 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/05/05 02:48:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/05/05 01:25:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Smith\Application Data\vlc
[2011/05/05 01:25:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/05/05 00:57:11 | 009,519,088 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\Shockwave_Installer_Full.exe
[2011/05/05 00:34:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/05/04 23:12:49 | 000,235,168 | ---- | C] (Adobe Systems, Inc.) -- C:\Documents and Settings\Mary Smith\Desktop\uninstall_flash_player.exe
[2011/05/03 01:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\AVIAddXSub
[2011/04/30 01:11:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2011/04/30 01:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Smith\Local Settings\Application Data\Microsoft Corporation
[2011/04/22 15:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Smith\Local Settings\Application Data\{8FBB66EF-2362-4BE0-99CF-5E24FB229C45}
[2011/01/14 19:48:15 | 006,909,232 | ---- | C] ( ) -- C:\Program Files\Real_Alternative_202.exe
[2011/01/09 11:58:36 | 004,966,432 | ---- | C] (CheeseSoft Inc. ) -- C:\Program Files\registryeasy_lite.exe
[2010/12/21 19:57:35 | 017,063,752 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8_IEAK_XP32.exe
[2010/12/10 21:23:29 | 004,938,120 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Silverlight.exe
[2010/11/27 18:31:36 | 034,452,784 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2010/11/26 21:01:11 | 025,825,936 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer.exe
[2010/08/18 20:05:34 | 004,451,992 | ---- | C] (MTS Allstream ) -- C:\Program Files\setup-client.exe
[2007/04/05 21:21:36 | 013,667,376 | ---- | C] ( ) -- C:\Program Files\Dell_Upgrade.v2806_5_9(Dell)_DVD060410-01_R3.exe
[82 C:\Documents and Settings\Mary Smith\My Documents\*.tmp files -> C:\Documents and Settings\Mary Smith\My Documents\*.tmp -> ]
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\Documents and Settings\Mary Smith\Desktop\*.tmp files -> C:\Documents and Settings\Mary Smith\Desktop\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/08 11:03:03 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3990514779-3826623117-1682299583-1006.job
[2011/05/08 11:03:01 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3990514779-3826623117-1682299583-1006.job
[2011/05/08 10:42:00 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/05/08 09:31:00 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/05/08 09:11:02 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Desktop\MBR.dat
[2011/05/08 09:08:59 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mary Smith\Desktop\aswMBR.exe
[2011/05/08 00:59:49 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BBA3DE1D-12C5-4743-B18F-6153BA9C2721}.job
[2011/05/08 00:10:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Smith\Desktop\OTL.exe
[2011/05/07 23:00:50 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mary Smith\Desktop\tdsskiller.exe
[2011/05/07 18:45:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/07 18:44:36 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3990514779-3826623117-1682299583-1009.job
[2011/05/07 18:44:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/07 18:43:46 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/07 17:10:41 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Edokisovuniwul.dat
[2011/05/07 17:10:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Dfucijukijadux.bin
[2011/05/07 00:56:25 | 002,754,881 | ---- | M] () -- C:\Documents and Settings\Mary Smith\My Documents\Horrors_of_Vaccination_Exposed.pdf
[2011/05/06 14:08:08 | 000,443,904 | ---- | M] (InstallCore© Technologies ) -- C:\Program Files\VideoToMp3Setup.exe
[2011/05/06 13:10:40 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Desktop\VLC Videos with Subs.lnk
[2011/05/06 13:03:31 | 000,000,473 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Desktop\Shortcut to VideoLAN.lnk
[2011/05/06 11:50:38 | 000,718,932 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Cat.DB
[2011/05/06 11:47:30 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/05/06 11:47:30 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/05/06 11:47:30 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/05/06 11:47:30 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/05/06 11:47:23 | 000,001,909 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2011/05/05 20:27:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/05 15:30:09 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/05 15:30:09 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/05 15:29:33 | 012,521,992 | ---- | M] (Mozilla) -- C:\Program Files\Firefox Setup 4.0.1.exe
[2011/05/05 10:11:15 | 000,000,593 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Desktop\Shortcut to RealPlayer Downloads.lnk
[2011/05/05 02:49:10 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/05/05 02:48:44 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/05/05 02:48:20 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/05/05 02:48:20 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/05/05 02:48:19 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/05/05 02:47:10 | 025,825,936 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer.exe
[2011/05/05 01:25:25 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/05/05 01:23:59 | 020,533,281 | ---- | M] () -- C:\Program Files\vlc-1.1.9-win32.exe
[2011/05/05 00:57:35 | 009,519,088 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Shockwave_Installer_Full.exe
[2011/05/04 23:12:50 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Mary Smith\Desktop\uninstall_flash_player.exe
[2011/05/03 23:54:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3990514779-3826623117-1682299583-1009.job
[2011/05/03 19:34:12 | 000,098,304 | RHS- | M] () -- C:\WINDOWS\System32\substi.dll
[2011/05/03 01:36:32 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/03 00:12:23 | 000,000,563 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Desktop\Real Player Shortcut.lnk
[2011/04/25 19:55:27 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/22 13:35:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\owacazuw.dll
[2011/04/22 01:03:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ofaraxif.dll
[2011/04/21 23:01:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ukiqalux.dll
[2011/04/21 20:29:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ewigiravu.dll
[2011/04/21 18:09:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\imutevigulus.dll
[2011/04/21 14:59:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\okoneter.dll
[2011/04/21 12:22:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ogezoxufapifov.dll
[2011/04/21 01:06:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\agikudeg.dll
[2011/04/20 22:49:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ukorulip.dll
[2011/04/20 20:45:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\akohokonipucovot.dll
[2011/04/20 18:43:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ufohucopojehu.dll
[2011/04/20 14:45:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ozoqaluxocacir.dll
[2011/04/20 10:55:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\atukidupa.dll
[2011/04/19 23:59:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\uratazalebinurif.dll
[2011/04/19 20:55:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\eyopisozoqocefuw.dll
[2011/04/19 18:52:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\izuhigaf.dll
[2011/04/19 14:30:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\oyiviyiyimevoco.dll
[2011/04/19 10:59:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\abamogoyineba.dll
[2011/04/18 21:23:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\egoqokaq.dll
[2011/04/18 19:21:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ejiqutunag.dll
[2011/04/18 16:55:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\onilotef.dll
[2011/04/18 14:54:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\udamagabobituyi.dll
[2011/04/18 11:43:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ihaxevoyoh.dll
[2011/04/17 21:15:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\imiwareheguri.dll
[2011/04/17 14:11:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\awamigobabamisa.dll
[2011/04/17 00:43:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\axajugab.dll
[2011/04/16 20:37:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\odoqinicim.dll
[2011/04/16 18:02:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ileligiz.dll
[2011/04/16 15:50:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ewehamirolu.dll
[2011/04/16 00:09:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\uwetoyaq.dll
[2011/04/15 20:20:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ujifecuficawaju.dll
[2011/04/15 17:28:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\icajoher.dll
[2011/04/15 17:06:40 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/04/15 17:06:37 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/15 17:06:37 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/15 13:58:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ademuqobo.dll
[2011/04/15 13:57:24 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/04/15 13:54:16 | 000,216,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 13:40:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/14 19:58:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ihaxukowomaq.dll
[2011/04/14 17:27:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\aqotoxolib.dll
[2011/04/14 13:44:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\igezivan.dll
[2011/04/14 09:47:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\epugerec.dll
[2011/04/13 23:27:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\osodisuv.dll
[2011/04/13 19:26:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ejayodegexino.dll
[2011/04/13 16:47:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\usolazahixuso.dll
[2011/04/13 13:42:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\eluhawagurin.dll
[2011/04/13 13:11:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\edotabivepasuyax.dll
[2011/04/12 23:44:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\afegorey.dll
[2011/04/12 21:43:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\acodugug.dll
[2011/04/12 19:39:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ijoduzub.dll
[2011/04/12 15:04:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ugicehez.dll
[2011/04/12 10:52:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\atemenesanuzeh.dll
[2011/04/09 14:40:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\okijuxug.dll
[82 C:\Documents and Settings\Mary Smith\My Documents\*.tmp files -> C:\Documents and Settings\Mary Smith\My Documents\*.tmp -> ]
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\Documents and Settings\Mary Smith\Desktop\*.tmp files -> C:\Documents and Settings\Mary Smith\Desktop\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/08 09:11:02 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Desktop\MBR.dat
[2011/05/07 00:56:25 | 002,754,881 | ---- | C] () -- C:\Documents and Settings\Mary Smith\My Documents\Horrors_of_Vaccination_Exposed.pdf
[2011/05/06 13:03:31 | 000,000,473 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Desktop\Shortcut to VideoLAN.lnk
[2011/05/06 12:58:03 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Desktop\VLC Videos with Subs.lnk
[2011/05/06 11:50:04 | 000,718,932 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Cat.DB
[2011/05/06 11:47:30 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/05/06 11:47:30 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/05/06 11:47:23 | 000,001,909 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2011/05/06 11:46:54 | 000,003,374 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymEFA.inf
[2011/05/06 11:46:54 | 000,002,792 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymDS.inf
[2011/05/06 11:46:54 | 000,001,474 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymNetV.inf
[2011/05/06 11:46:54 | 000,001,446 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymNet.inf
[2011/05/06 11:46:54 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtspx.inf
[2011/05/06 11:46:54 | 000,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtsp.inf
[2011/05/06 11:46:54 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Iron.inf
[2011/05/06 11:46:28 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symnetv.cat
[2011/05/06 11:46:28 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\iron.cat
[2011/05/06 11:46:28 | 000,007,458 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymNet.cat
[2011/05/06 11:46:28 | 000,007,456 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymEFA.cat
[2011/05/06 11:46:28 | 000,007,454 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtspx.cat
[2011/05/06 11:46:28 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymDS.cat
[2011/05/06 11:46:28 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtsp.cat
[2011/05/06 11:46:28 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\isolate.ini
[2011/05/05 15:30:09 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/05 15:30:09 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/05 15:30:09 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/05 10:11:15 | 000,000,593 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Desktop\Shortcut to RealPlayer Downloads.lnk
[2011/05/05 02:49:10 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/05/05 01:25:25 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/05/05 01:23:45 | 020,533,281 | ---- | C] () -- C:\Program Files\vlc-1.1.9-win32.exe
[2011/05/03 19:35:37 | 000,000,310 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/05/03 19:35:21 | 000,000,310 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/05/03 19:34:12 | 000,098,304 | RHS- | C] () -- C:\WINDOWS\System32\substi.dll
[2011/05/03 00:12:23 | 000,000,563 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Desktop\Real Player Shortcut.lnk
[2011/04/22 13:35:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\owacazuw.dll
[2011/04/22 01:03:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ofaraxif.dll
[2011/04/21 23:01:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ukiqalux.dll
[2011/04/21 20:29:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ewigiravu.dll
[2011/04/21 18:09:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\imutevigulus.dll
[2011/04/21 14:59:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\okoneter.dll
[2011/04/21 12:22:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ogezoxufapifov.dll
[2011/04/21 01:06:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\agikudeg.dll
[2011/04/20 22:49:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ukorulip.dll
[2011/04/20 20:45:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\akohokonipucovot.dll
[2011/04/20 18:43:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ufohucopojehu.dll
[2011/04/20 14:45:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ozoqaluxocacir.dll
[2011/04/20 10:55:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\atukidupa.dll
[2011/04/19 23:59:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uratazalebinurif.dll
[2011/04/19 20:55:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eyopisozoqocefuw.dll
[2011/04/19 18:52:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\izuhigaf.dll
[2011/04/19 14:30:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oyiviyiyimevoco.dll
[2011/04/19 10:59:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\abamogoyineba.dll
[2011/04/18 21:23:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\egoqokaq.dll
[2011/04/18 19:21:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ejiqutunag.dll
[2011/04/18 16:55:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\onilotef.dll
[2011/04/18 14:54:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\udamagabobituyi.dll
[2011/04/18 11:43:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ihaxevoyoh.dll
[2011/04/17 21:15:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\imiwareheguri.dll
[2011/04/17 14:11:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\awamigobabamisa.dll
[2011/04/17 00:43:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\axajugab.dll
[2011/04/16 20:37:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\odoqinicim.dll
[2011/04/16 18:02:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ileligiz.dll
[2011/04/16 15:50:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ewehamirolu.dll
[2011/04/16 00:09:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uwetoyaq.dll
[2011/04/15 20:20:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ujifecuficawaju.dll
[2011/04/15 17:28:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\icajoher.dll
[2011/04/15 13:58:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ademuqobo.dll
[2011/04/14 19:58:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ihaxukowomaq.dll
[2011/04/14 17:27:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\aqotoxolib.dll
[2011/04/14 13:44:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\igezivan.dll
[2011/04/14 09:47:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\epugerec.dll
[2011/04/13 23:27:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\osodisuv.dll
[2011/04/13 19:26:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ejayodegexino.dll
[2011/04/13 16:47:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\usolazahixuso.dll
[2011/04/13 13:42:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eluhawagurin.dll
[2011/04/13 13:11:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\edotabivepasuyax.dll
[2011/04/12 23:44:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\afegorey.dll
[2011/04/12 21:43:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\acodugug.dll
[2011/04/12 19:39:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ijoduzub.dll
[2011/04/12 15:04:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ugicehez.dll
[2011/04/12 10:52:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\atemenesanuzeh.dll
[2011/04/09 14:40:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\okijuxug.dll
[2011/03/21 20:40:09 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Edokisovuniwul.dat
[2011/03/21 20:40:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dfucijukijadux.bin
[2011/01/14 19:43:32 | 014,786,095 | ---- | C] () -- C:\Program Files\K-Lite_Codec_Pack_666_Full.exe
[2010/12/11 15:51:59 | 019,985,265 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.1.5-win32.exe
[2010/12/02 13:43:00 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/11/29 03:17:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/21 16:40:44 | 000,043,548 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/11/14 22:47:54 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/10/12 23:59:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2007/11/19 14:07:58 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/10/10 10:18:17 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/03/15 14:14:58 | 000,001,387 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/09 16:02:06 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2007/03/05 17:43:07 | 000,798,186 | ---- | C] () -- C:\Program Files\E113.ZIP
[2006/03/16 21:14:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2006/03/08 02:50:25 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Blink.ini
[2006/01/20 00:35:12 | 000,000,021 | ---- | C] () -- C:\WINDOWS\FxSetDll.INI
[2006/01/19 15:47:36 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Application Data\PFP120JPR.{PB
[2006/01/19 15:47:36 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Application Data\PFP120JCM.{PB
[2005/12/18 18:33:29 | 000,000,046 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/12/15 22:53:34 | 000,007,866 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/12/14 12:20:33 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\mpnatapi.dll
[2005/12/11 13:09:56 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/10 17:32:33 | 000,000,861 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/12/10 17:30:02 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbxins.dll
[2005/12/10 17:30:02 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsr.dll
[2005/12/10 17:30:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbxvs.dll
[2005/12/10 17:29:59 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbxutil.dll
[2005/12/10 17:29:59 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbxcu.dll
[2005/12/10 17:29:59 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbxcur.dll
[2005/12/10 17:29:57 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsb.dll
[2005/12/10 17:29:57 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbxjswr.dll
[2005/12/10 17:29:57 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbxcub.dll
[2005/12/08 10:58:05 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/12/08 10:58:05 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\54FD0C73B9.sys
[2005/12/08 10:46:35 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2005/12/08 01:01:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/07 23:39:46 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/11/28 16:40:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/28 16:37:05 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/11/28 16:31:09 | 000,000,564 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/28 16:27:19 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/11/28 16:08:18 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[2005/11/28 16:08:08 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/11/28 16:08:00 | 000,114,630 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/11/28 16:07:32 | 000,000,494 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >

#8
Essexboy

Posted 08 May 2011 - 10:25 AM

GeekU Moderator

Retired Staff
69,964 posts

Hmm some of those did not want to go

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
() (No name found) -- C:\DOCUMENTS AND SETTINGS\Mary Smith\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2M5TV024.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
[2011/04/22 15:46:50 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\Mary Smith\LOCAL SETTINGS\APPLICATION DATA\{8FBB66EF-2362-4BE0-99CF-5E24FB229C45}
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKCU..\Run: [GHWAUC6NNZ] File not found
[2011/05/08 10:42:00 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/05/08 09:31:00 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/05/07 17:10:41 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Edokisovuniwul.dat
[2011/05/07 17:10:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Dfucijukijadux.bin
[2011/04/22 13:35:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\owacazuw.dll
[2011/04/22 01:03:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ofaraxif.dll
[2011/04/21 23:01:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ukiqalux.dll
[2011/04/21 20:29:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ewigiravu.dll
[2011/04/21 18:09:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\imutevigulus.dll
[2011/04/21 14:59:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\okoneter.dll
[2011/04/21 12:22:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ogezoxufapifov.dll
[2011/04/21 01:06:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\agikudeg.dll
[2011/04/20 22:49:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ukorulip.dll
[2011/04/20 20:45:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\akohokonipucovot.dll
[2011/04/20 18:43:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ufohucopojehu.dll
[2011/04/20 14:45:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ozoqaluxocacir.dll
[2011/04/20 10:55:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\atukidupa.dll
[2011/04/19 23:59:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uratazalebinurif.dll
[2011/04/19 20:55:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eyopisozoqocefuw.dll
[2011/04/19 18:52:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\izuhigaf.dll
[2011/04/19 14:30:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oyiviyiyimevoco.dll
[2011/04/19 10:59:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\abamogoyineba.dll
[2011/04/18 21:23:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\egoqokaq.dll
[2011/04/18 19:21:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ejiqutunag.dll
[2011/04/18 16:55:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\onilotef.dll
[2011/04/18 14:54:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\udamagabobituyi.dll
[2011/04/18 11:43:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ihaxevoyoh.dll
[2011/04/17 21:15:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\imiwareheguri.dll
[2011/04/17 14:11:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\awamigobabamisa.dll
[2011/04/17 00:43:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\axajugab.dll
[2011/04/16 20:37:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\odoqinicim.dll
[2011/04/16 18:02:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ileligiz.dll
[2011/04/16 15:50:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ewehamirolu.dll
[2011/04/16 00:09:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uwetoyaq.dll
[2011/04/15 20:20:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ujifecuficawaju.dll
[2011/04/15 17:28:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\icajoher.dll
[2011/04/15 13:58:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ademuqobo.dll
[2011/04/14 19:58:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ihaxukowomaq.dll
[2011/04/14 17:27:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\aqotoxolib.dll
[2011/04/14 13:44:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\igezivan.dll
[2011/04/14 09:47:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\epugerec.dll
[2011/04/13 23:27:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\osodisuv.dll
[2011/04/13 19:26:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ejayodegexino.dll
[2011/04/13 16:47:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\usolazahixuso.dll
[2011/04/13 13:42:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eluhawagurin.dll
[2011/04/13 13:11:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\edotabivepasuyax.dll
[2011/04/12 23:44:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\afegorey.dll
[2011/04/12 21:43:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\acodugug.dll
[2011/04/12 19:39:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ijoduzub.dll
[2011/04/12 15:04:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ugicehez.dll
[2011/04/12 10:52:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\atemenesanuzeh.dll
[2011/04/09 14:40:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\okijuxug.dll
[2011/03/21 20:40:09 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Edokisovuniwul.dat
[2011/03/21 20:40:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dfucijukijadux.bin

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#9
SandyStone

Posted 08 May 2011 - 10:44 AM

Member

Topic Starter
Member
69 posts

I scaned with Malware, here is the report. I am going to follow the other instructions you gave me now.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6533

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/8/2011 11:29:29 AM
mbam-log-2011-05-08 (11-29-29).txt

Scan type: Quick scan
Objects scanned: 160691
Time elapsed: 5 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 37
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 19
Files Infected: 25

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{A8954909-1F0F-41A5-A7FA-3B376D69E226} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{C55CA95C-324B-451C-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GHWAUC6NNZ (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ICS5R7Y0OS (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\R8388QA8U8 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GHWAUC6NNZ (Trojan.FakeAlert.SA) -> Value: GHWAUC6NNZ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\[email protected] (Adware.ClickPotato) -> Value: [email protected] -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\all users\application data\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\Mary Smith\application data\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.622.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.622.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.622.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.622.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.644.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.644.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.644.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.644.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\screensavers.com\SSSInst (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\screensavers.com\SSSInst\bin (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\winbudget (Adware.Admedia) -> Quarantined and deleted successfully.
c:\program files\winbudget\bin (Adware.Admedia) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\clickpotato (Adware.ClickPotato) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\videotomp3setup.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Mary Smith\application data\Adobe\plugs\kb435448468.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Mary Smith\application data\Adobe\plugs\kb435448484.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Mary Smith\application data\Adobe\plugs\kb435450234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Mary Smith\application data\Adobe\plugs\kb435450250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Mary Smith\application data\Adobe\plugs\kb435450875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Mary Smith\application data\Adobe\plugs\kb435450906.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Mary Smith\application data\Adobe\plugs\kb435450921.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.622.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.622.0\firefox\extensions\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.644.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.644.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\screensavers.com\SSSInst\bin\iebyterange.xml (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\screensavers.com\SSSInst\bin\iebyterange.xml.backup (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\winbudget\bin\matrix.dat (Adware.Admedia) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.

#10
SandyStone

Posted 08 May 2011 - 10:56 AM

Member

Topic Starter
Member
69 posts

All processes killed
========== OTL ==========
Folder C:\DOCUMENTS AND SETTINGS\Mary Smith\LOCAL SETTINGS\APPLICATION DATA\{8FBB66EF-2362-4BE0-99CF-5E24FB229C45}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GHWAUC6NNZ not found.
File C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job not found.
File C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job not found.
C:\WINDOWS\Edokisovuniwul.dat moved successfully.
C:\WINDOWS\Dfucijukijadux.bin moved successfully.
C:\WINDOWS\owacazuw.dll moved successfully.
C:\WINDOWS\ofaraxif.dll moved successfully.
C:\WINDOWS\ukiqalux.dll moved successfully.
C:\WINDOWS\ewigiravu.dll moved successfully.
C:\WINDOWS\imutevigulus.dll moved successfully.
C:\WINDOWS\okoneter.dll moved successfully.
C:\WINDOWS\ogezoxufapifov.dll moved successfully.
C:\WINDOWS\agikudeg.dll moved successfully.
C:\WINDOWS\ukorulip.dll moved successfully.
C:\WINDOWS\akohokonipucovot.dll moved successfully.
C:\WINDOWS\ufohucopojehu.dll moved successfully.
C:\WINDOWS\ozoqaluxocacir.dll moved successfully.
C:\WINDOWS\atukidupa.dll moved successfully.
C:\WINDOWS\uratazalebinurif.dll moved successfully.
C:\WINDOWS\eyopisozoqocefuw.dll moved successfully.
C:\WINDOWS\izuhigaf.dll moved successfully.
C:\WINDOWS\oyiviyiyimevoco.dll moved successfully.
C:\WINDOWS\abamogoyineba.dll moved successfully.
C:\WINDOWS\egoqokaq.dll moved successfully.
C:\WINDOWS\ejiqutunag.dll moved successfully.
C:\WINDOWS\onilotef.dll moved successfully.
C:\WINDOWS\udamagabobituyi.dll moved successfully.
C:\WINDOWS\ihaxevoyoh.dll moved successfully.
C:\WINDOWS\imiwareheguri.dll moved successfully.
C:\WINDOWS\awamigobabamisa.dll moved successfully.
C:\WINDOWS\axajugab.dll moved successfully.
C:\WINDOWS\odoqinicim.dll moved successfully.
C:\WINDOWS\ileligiz.dll moved successfully.
C:\WINDOWS\ewehamirolu.dll moved successfully.
C:\WINDOWS\uwetoyaq.dll moved successfully.
C:\WINDOWS\ujifecuficawaju.dll moved successfully.
C:\WINDOWS\icajoher.dll moved successfully.
C:\WINDOWS\ademuqobo.dll moved successfully.
C:\WINDOWS\ihaxukowomaq.dll moved successfully.
C:\WINDOWS\aqotoxolib.dll moved successfully.
C:\WINDOWS\igezivan.dll moved successfully.
C:\WINDOWS\epugerec.dll moved successfully.
C:\WINDOWS\osodisuv.dll moved successfully.
C:\WINDOWS\ejayodegexino.dll moved successfully.
C:\WINDOWS\usolazahixuso.dll moved successfully.
C:\WINDOWS\eluhawagurin.dll moved successfully.
C:\WINDOWS\edotabivepasuyax.dll moved successfully.
C:\WINDOWS\afegorey.dll moved successfully.
C:\WINDOWS\acodugug.dll moved successfully.
C:\WINDOWS\ijoduzub.dll moved successfully.
C:\WINDOWS\ugicehez.dll moved successfully.
C:\WINDOWS\atemenesanuzeh.dll moved successfully.
C:\WINDOWS\okijuxug.dll moved successfully.
File C:\WINDOWS\Edokisovuniwul.dat not found.
File C:\WINDOWS\Dfucijukijadux.bin not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Mary Smith\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Mary Smith\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 85577 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 47464760 bytes

User: Owner

User: Mary Smith
->Temp folder emptied: 118326 bytes
->Temporary Internet Files folder emptied: 28806759 bytes
->Java cache emptied: 10282 bytes
->FireFox cache emptied: 70244114 bytes
->Flash cache emptied: 637894 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 41585 bytes
%systemroot%\System32 .tmp files removed: 3624465 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1607480 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 104823152 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 246.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Owner

User: Mary Smith
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 05082011_114621

Files\Folders moved on Reboot...
C:\Documents and Settings\Mary Smith\Local Settings\Temporary Internet Files\Content.IE5\U8T5RTLK\like[1].htm moved successfully.
C:\Documents and Settings\Mary Smith\Local Settings\Temporary Internet Files\Content.IE5\P8TDHPDJ\xd_proxy[1].htm moved successfully.
C:\Documents and Settings\Mary Smith\Local Settings\Temporary Internet Files\Content.IE5\1PH4135Q\page__gopid__2007687[1].htm moved successfully.
C:\Documents and Settings\Mary Smith\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6c4.dat not found!

Registry entries deleted on Reboot...

#11
Essexboy

Posted 08 May 2011 - 10:59 AM

GeekU Moderator

Retired Staff
69,964 posts

It got them that time

#12
SandyStone

Posted 08 May 2011 - 11:02 AM

Member

Topic Starter
Member
69 posts

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-08 11:58:43
-----------------------------
11:58:43.328 OS Version: Windows 5.1.2600 Service Pack 3
11:58:43.328 Number of processors: 2 586 0x404
11:58:43.328 ComputerName: SANDRA UserName:
11:58:44.203 Initialize success
11:59:12.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
11:59:12.921 Disk 0 Vendor: Maxtor_7 BACE Size: 238418MB BusType: 3
11:59:12.937 Disk 0 MBR read successfully
11:59:12.937 Disk 0 MBR scan
11:59:12.937 Disk 0 unknown MBR code
11:59:12.937 Disk 0 scanning sectors +488263545
11:59:13.031 Disk 0 scanning C:\WINDOWS\system32\drivers
11:59:19.750 Service scanning
11:59:20.843 Disk 0 trace - called modules:
11:59:20.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
11:59:20.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d55ab8]
11:59:20.875 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86d4b030]
11:59:20.875 Scan finished successfully
11:59:59.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mary Smith\Desktop\MBR.dat"
11:59:59.265 The log file has been saved successfully to "C:\Documents and Settings\Mary Smith\Desktop\aswMBRnew.txt"

#13
SandyStone

Posted 08 May 2011 - 11:38 AM

Member

Topic Starter
Member
69 posts

I thought that the virus was eliminated, but I tested it and google is still redirecting.

#14
Essexboy

Posted 08 May 2011 - 11:42 AM

GeekU Moderator

Retired Staff
69,964 posts

Could you run combofix now please

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#15
SandyStone

Posted 08 May 2011 - 12:45 PM

Member

Topic Starter
Member
69 posts

ComboFix 11-05-07.03 - Mary Smith 05/08/2011 13:24:27.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.534 [GMT -5:00]
Running from: c:\documents and settings\Mary Smith\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\vlc-1.1.5-win32.exe
c:\documents and settings\Mary Smith\Application Data\Adobe\plugs
c:\documents and settings\Mary Smith\Application Data\Adobe\shed
c:\documents and settings\Mary Smith\Application Data\C5DB2EE058C1248E9C677525EAF97A20
c:\documents and settings\Mary Smith\Application Data\C5DB2EE058C1248E9C677525EAF97A20\enemies-names.txt
c:\documents and settings\Mary Smith\Application Data\C5DB2EE058C1248E9C677525EAF97A20\local.ini
c:\documents and settings\Mary Smith\Local Settings\Application Data\{8FBB66EF-2362-4BE0-99CF-5E24FB229C45}
c:\documents and settings\Mary Smith\Local Settings\Application Data\{8FBB66EF-2362-4BE0-99CF-5E24FB229C45}\chrome.manifest
c:\documents and settings\Mary Smith\Local Settings\Application Data\{8FBB66EF-2362-4BE0-99CF-5E24FB229C45}\chrome\content\_cfg.js
c:\documents and settings\Mary Smith\Local Settings\Application Data\{8FBB66EF-2362-4BE0-99CF-5E24FB229C45}\chrome\content\overlay.xul
c:\documents and settings\Mary Smith\Local Settings\Application Data\{8FBB66EF-2362-4BE0-99CF-5E24FB229C45}\install.rdf
c:\documents and settings\Mary Smith\WINDOWS
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-04-08 to 2011-05-08 )))))))))))))))))))))))))))))))
.
.
2011-05-08 17:55 . 2011-05-08 18:09 -------- d-----w- C:\32788R22FWJFW.3.tmp
2011-05-08 17:54 . 2011-05-08 17:55 -------- d-----w- C:\32788R22FWJFW.2.tmp
2011-05-08 17:51 . 2011-05-08 17:52 -------- d-----w- C:\32788R22FWJFW.1.tmp
2011-05-08 16:46 . 2011-05-08 16:46 -------- d-----w- C:\_OTL
2011-05-08 16:21 . 2011-05-08 16:21 -------- d-----w- c:\documents and settings\Mary Smith\Application Data\Malwarebytes
2011-05-08 16:21 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-08 16:21 . 2011-05-08 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-08 16:21 . 2011-05-08 16:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-08 16:21 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-08 02:04 . 2011-05-08 02:04 -------- d-----w- C:\N360_BACKUP
2011-05-06 16:47 . 2010-08-21 04:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-06 16:47 . 2011-05-06 16:47 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-05-06 16:47 . 2011-05-06 16:47 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-05-06 16:47 . 2010-08-21 04:59 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2011-05-06 16:46 . 2011-05-06 16:46 -------- d-----w- c:\windows\system32\drivers\N360
2011-05-06 16:46 . 2011-05-06 16:46 -------- d-----w- c:\program files\Norton 360
2011-05-06 16:38 . 2011-05-06 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2011-05-05 20:30 . 2011-05-05 20:30 -------- d-----w- c:\documents and settings\Mary Smith\Local Settings\Application Data\Mozilla
2011-05-05 20:29 . 2011-05-05 20:29 12521992 ----a-w- c:\program files\Firefox Setup 4.0.1.exe
2011-05-05 07:48 . 2011-05-05 07:48 -------- d-----w- c:\program files\Common Files\xing shared
2011-05-05 06:25 . 2011-05-06 15:27 -------- d-----w- c:\documents and settings\Mary Smith\Application Data\vlc
2011-05-05 06:23 . 2011-05-05 06:23 20533281 ----a-w- c:\program files\vlc-1.1.9-win32.exe
2011-05-05 05:57 . 2011-05-05 05:57 9519088 ----a-w- c:\program files\Shockwave_Installer_Full.exe
2011-05-05 05:34 . 2011-05-05 05:59 -------- d-----w- c:\windows\system32\Adobe
2011-05-04 00:34 . 2011-05-04 00:34 98304 --sha-r- c:\windows\system32\substi.dll
2011-05-03 06:33 . 2011-05-03 06:53 -------- d-----w- c:\program files\AVIAddXSub
2011-04-30 06:11 . 2011-04-30 06:11 -------- d-----w- c:\windows\Performance
2011-04-30 06:10 . 2011-04-30 06:10 -------- d-----w- c:\documents and settings\Mary Smith\Local Settings\Application Data\Microsoft Corporation
2011-04-14 08:39 . 2011-04-14 08:39 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-05 07:48 . 2005-11-28 21:27 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-05 07:47 . 2010-11-27 02:01 25825936 ----a-w- c:\program files\RealPlayer.exe
2011-03-07 05:33 . 2004-08-10 19:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-10 18:51 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-10 18:51 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-10 18:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-10 18:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-10 18:51 385024 ------w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2005-11-28 21:06 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2005-11-28 21:06 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-16 02:10 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-10 18:50 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2004-08-10 19:01 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53 . 2004-08-10 18:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-10 18:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-10 18:51 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-10 18:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-01-15 00:48 . 2011-01-15 00:48 6909232 ----a-w- c:\program files\Real_Alternative_202.exe
2011-01-15 00:43 . 2011-01-15 00:43 14786095 ----a-w- c:\program files\K-Lite_Codec_Pack_666_Full.exe
2011-01-09 16:58 . 2011-01-09 16:58 4966432 ----a-w- c:\program files\registryeasy_lite.exe
2010-12-22 00:57 . 2010-12-22 00:57 17063752 ----a-w- c:\program files\IE8_IEAK_XP32.exe
2010-12-11 02:23 . 2010-12-11 02:23 4938120 ----a-w- c:\program files\Silverlight.exe
2010-11-27 23:31 . 2010-11-27 23:31 34452784 ----a-w- c:\program files\QuickTimeInstaller.exe
2010-08-19 01:05 . 2010-08-19 01:05 4451992 ----a-w- c:\program files\setup-client.exe
2007-04-06 02:21 . 2007-04-06 02:21 13667376 ----a-w- c:\program files\Dell_Upgrade.v2806_5_9(Dell)_DVD060410-01_R3.exe
2011-04-14 16:26 . 2011-05-05 20:30 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-11-28 21:26 . 2005-08-06 03:05 344064 c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
2010-12-02 18:43 . 2006-02-10 03:05 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
2005-06-10 16:44 . 2005-06-10 16:44 81920 c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe
2003-09-19 20:26 . 2003-09-19 20:26 69632 c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
2005-06-10 16:44 . 2005-06-10 16:44 249856 c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe
.
2005-12-13 22:05 . 2005-12-13 22:05 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
.
2006-02-09 22:34 . 2006-02-09 22:34 106496 c:\program files\Corel\Corel Photo Album 6\bak\MediaDetect.exe
.
2005-12-10 22:33 . 2005-01-18 14:57 425984 c:\program files\Dell Photo AIO Printer 962\bak\dlbxmon.exe
.
2007-03-15 16:09 . 2007-03-15 16:09 460784 c:\program files\DellSupport\bak\DSAgnt.exe
.
2005-11-28 21:25 . 2005-06-17 13:56 139264 c:\program files\Intel\Intel Matrix Storage Manager\bak\iaanotif.exe
.
2005-11-28 21:26 . 2003-09-04 02:12 221184 c:\program files\Intel\Modem Event Monitor\bak\IntelMEM.exe
.
2007-03-02 20:24 . 2007-03-02 20:24 257088 c:\program files\iTunes\bak\iTunesHelper.exe
.
2007-08-05 01:32 . 2007-07-12 09:00 132496 c:\program files\Java\jre1.6.0_02\bin\bak\jusched.exe
.
2005-11-28 21:36 . 2006-01-18 20:00 8192 c:\program files\MUSICMATCH\Musicmatch Jukebox\bak\mimboot.exe
.
2005-11-28 21:36 . 2006-01-18 20:00 110592 c:\program files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe
.
2004-08-10 18:51 . 2004-08-04 11:00 15360 c:\windows\system32\bak\ctfmon.exe
2004-08-10 18:51 . 2008-04-14 00:12 15360 c:\windows\system32\ctfmon.exe
.
2005-12-25 07:33 . 2005-05-31 11:33 122941 c:\windows\system32\dla\bak\tfswctrl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"DLBXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2004-12-07 69632]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-11-29 583048]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-05 273544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymLnch"="c:\documents and settings\Mary Smith\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Support\SymLnch\SymLnch.exe" [2007-08-27 687976]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eBay Countdown.url]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\eBay Countdown.url
backup=c:\windows\pss\eBay Countdown.urlCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Mary Smith^Start Menu^Programs^Startup^Date.doc]
path=c:\documents and settings\Mary Smith\Start Menu\Programs\Startup\Date.doc
backup=c:\windows\pss\Date.docStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
c:\program files\DivX\DivX Update\DivXUpdate.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dzibojuneh]
c:\windows\olipuzeg.dll [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
2009-03-19 15:12 632048 ----a-w- c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
c:\program files\iTunes\iTunesHelper.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyPC]
c:\program files\Uniblue\SpeedUpMyPC\launcher.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBBroker.exe"=
"c:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe"=
"c:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBCareApp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0500000.07D\SymDS.sys [5/6/2011 11:47 AM 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0500000.07D\SymEFA.sys [5/6/2011 11:47 AM 652336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110430.001\BHDrvx86.sys [4/30/2011 1:44 AM 802936]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0500000.07D\Ironx86.sys [5/6/2011 11:47 AM 136312]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe [5/6/2011 11:47 AM 130000]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/6/2011 11:57 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110506.001\IDSXpx86.sys [5/6/2011 5:24 PM 341944]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\12.tmp --> c:\windows\system32\12.tmp [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-05-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3990514779-3826623117-1682299583-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-05-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3990514779-3826623117-1682299583-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-05-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3990514779-3826623117-1682299583-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-05-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3990514779-3826623117-1682299583-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-05-08 c:\windows\Tasks\User_Feed_Synchronization-{BBA3DE1D-12C5-4743-B18F-6153BA9C2721}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.geekstogo.com/forum/topic/300400-google-redirect-help-me-geek-gods-im-a-spaz/
mStart Page = hxxp://search.foxtab.com/?s=0&chnl=irn
uInternet Connection Wizard,ShellNext = hxxp://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Mary Smith\Application Data\Mozilla\Firefox\Profiles\2m5tv024.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-08 13:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\12.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-05-08 13:39:21
ComboFix-quarantined-files.txt 2011-05-08 18:39
.
Pre-Run: 164,238,045,184 bytes free
Post-Run: 164,180,078,592 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - E965D07BF3DC3E6C47DCF7CDD836F9DE