Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Redirect. Help me Geek Gods I'm a spaz!


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The redirects should now be gone - but a few more to remove

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

AWF::
c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe
c:\program files\Common Files\InstallShield\UpdateService\issch.exe
c:\windows\system32\bak\ctfmon.exe
c:\windows\system32\ctfmon.exe


3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new OTListit log.

  • 0

Advertisements


#17
SandyStone

SandyStone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Combofix
ComboFix 11-05-08.02 - Mary Smith 05/08/2011 17:00:41.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.334 [GMT -5:00]
Running from: c:\documents and settings\Mary Smith\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mary Smith\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-04-08 to 2011-05-08 )))))))))))))))))))))))))))))))
.
.
2011-05-08 17:55 . 2011-05-08 18:09 -------- d-----w- C:\32788R22FWJFW.3.tmp
2011-05-08 17:54 . 2011-05-08 17:55 -------- d-----w- C:\32788R22FWJFW.2.tmp
2011-05-08 17:51 . 2011-05-08 17:52 -------- d-----w- C:\32788R22FWJFW.1.tmp
2011-05-08 16:46 . 2011-05-08 16:46 -------- d-----w- C:\_OTL
2011-05-08 16:21 . 2011-05-08 16:21 -------- d-----w- c:\documents and settings\Mary Smith\Application Data\Malwarebytes
2011-05-08 16:21 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-08 16:21 . 2011-05-08 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-08 16:21 . 2011-05-08 16:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-08 16:21 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-08 02:04 . 2011-05-08 02:04 -------- d-----w- C:\N360_BACKUP
2011-05-06 16:47 . 2010-08-21 04:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-06 16:47 . 2011-05-06 16:47 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-05-06 16:47 . 2011-05-06 16:47 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-05-06 16:47 . 2010-08-21 04:59 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2011-05-06 16:46 . 2011-05-06 16:46 -------- d-----w- c:\windows\system32\drivers\N360
2011-05-06 16:46 . 2011-05-06 16:46 -------- d-----w- c:\program files\Norton 360
2011-05-06 16:38 . 2011-05-06 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2011-05-05 20:30 . 2011-05-05 20:30 -------- d-----w- c:\documents and settings\Mary Smith\Local Settings\Application Data\Mozilla
2011-05-05 20:29 . 2011-05-05 20:29 12521992 ----a-w- c:\program files\Firefox Setup 4.0.1.exe
2011-05-05 07:48 . 2011-05-05 07:48 -------- d-----w- c:\program files\Common Files\xing shared
2011-05-05 06:25 . 2011-05-06 15:27 -------- d-----w- c:\documents and settings\Mary Smith\Application Data\vlc
2011-05-05 06:23 . 2011-05-05 06:23 20533281 ----a-w- c:\program files\vlc-1.1.9-win32.exe
2011-05-05 05:57 . 2011-05-05 05:57 9519088 ----a-w- c:\program files\Shockwave_Installer_Full.exe
2011-05-05 05:34 . 2011-05-05 05:59 -------- d-----w- c:\windows\system32\Adobe
2011-05-04 00:34 . 2011-05-04 00:34 98304 --sha-r- c:\windows\system32\substi.dll
2011-05-03 06:33 . 2011-05-03 06:53 -------- d-----w- c:\program files\AVIAddXSub
2011-04-30 06:11 . 2011-04-30 06:11 -------- d-----w- c:\windows\Performance
2011-04-30 06:10 . 2011-04-30 06:10 -------- d-----w- c:\documents and settings\Mary Smith\Local Settings\Application Data\Microsoft Corporation
2011-04-14 08:39 . 2011-04-14 08:39 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-05 07:48 . 2005-11-28 21:27 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-05 07:47 . 2010-11-27 02:01 25825936 ----a-w- c:\program files\RealPlayer.exe
2011-03-07 05:33 . 2004-08-10 19:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-10 18:51 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-10 18:51 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-10 18:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-10 18:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-10 18:51 385024 ------w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2005-11-28 21:06 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2005-11-28 21:06 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-16 02:10 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-10 18:50 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2004-08-10 19:01 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53 . 2004-08-10 18:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-10 18:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-10 18:51 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-10 18:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-01-15 00:48 . 2011-01-15 00:48 6909232 ----a-w- c:\program files\Real_Alternative_202.exe
2011-01-15 00:43 . 2011-01-15 00:43 14786095 ----a-w- c:\program files\K-Lite_Codec_Pack_666_Full.exe
2011-01-09 16:58 . 2011-01-09 16:58 4966432 ----a-w- c:\program files\registryeasy_lite.exe
2010-12-22 00:57 . 2010-12-22 00:57 17063752 ----a-w- c:\program files\IE8_IEAK_XP32.exe
2010-12-11 02:23 . 2010-12-11 02:23 4938120 ----a-w- c:\program files\Silverlight.exe
2010-11-27 23:31 . 2010-11-27 23:31 34452784 ----a-w- c:\program files\QuickTimeInstaller.exe
2010-08-19 01:05 . 2010-08-19 01:05 4451992 ----a-w- c:\program files\setup-client.exe
2007-04-06 02:21 . 2007-04-06 02:21 13667376 ----a-w- c:\program files\Dell_Upgrade.v2806_5_9(Dell)_DVD060410-01_R3.exe
2011-04-14 16:26 . 2011-05-05 20:30 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"DLBXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2004-12-07 69632]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-11-29 583048]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-05 273544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymLnch"="c:\documents and settings\Mary Smith\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Support\SymLnch\SymLnch.exe" [2007-08-27 687976]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eBay Countdown.url]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\eBay Countdown.url
backup=c:\windows\pss\eBay Countdown.urlCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Mary Smith^Start Menu^Programs^Startup^Date.doc]
path=c:\documents and settings\Mary Smith\Start Menu\Programs\Startup\Date.doc
backup=c:\windows\pss\Date.docStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
2009-03-19 15:12 632048 ----a-w- c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBBroker.exe"=
"c:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe"=
"c:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBCareApp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0500000.07D\SymDS.sys [5/6/2011 11:47 AM 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0500000.07D\SymEFA.sys [5/6/2011 11:47 AM 652336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110430.001\BHDrvx86.sys [4/30/2011 1:44 AM 802936]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0500000.07D\Ironx86.sys [5/6/2011 11:47 AM 136312]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe [5/6/2011 11:47 AM 130000]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/6/2011 11:57 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110506.001\IDSXpx86.sys [5/6/2011 5:24 PM 341944]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\12.tmp --> c:\windows\system32\12.tmp [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-05-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3990514779-3826623117-1682299583-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-05-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3990514779-3826623117-1682299583-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-05-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3990514779-3826623117-1682299583-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-05-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3990514779-3826623117-1682299583-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-05-08 c:\windows\Tasks\User_Feed_Synchronization-{BBA3DE1D-12C5-4743-B18F-6153BA9C2721}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.geekstogo.com/forum/topic/300400-google-redirect-help-me-geek-gods-im-a-spaz/
mStart Page = hxxp://search.foxtab.com/?s=0&chnl=irn
uInternet Connection Wizard,ShellNext = hxxp://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Mary Smith\Application Data\Mozilla\Firefox\Profiles\2m5tv024.default\
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-DVDLauncher - c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
MSConfigStartUp-Dzibojuneh - c:\windows\olipuzeg.dll
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-MMTray - c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
MSConfigStartUp-SpeedUpMyPC - c:\program files\Uniblue\SpeedUpMyPC\launcher.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-08 17:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\12.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3990514779-3826623117-1682299583-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3904)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\stsystra.exe
.
**************************************************************************
.
Completion time: 2011-05-08 17:17:50 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-08 22:17
ComboFix2.txt 2011-05-08 18:39
.
Pre-Run: 164,161,179,648 bytes free
Post-Run: 164,212,596,736 bytes free
.
- - End Of File - - 9ACA43539D3126BAEFB7D7BA0F64267F
  • 0

#18
SandyStone

SandyStone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
OTL logfile created on: 5/8/2011 5:25:49 PM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Mary Smith\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 444.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1600 3100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.77 Gb Total Space | 152.95 Gb Free Space | 66.57% Space Free | Partition Type: NTFS

Computer Name: SANDRA | User Name: Mary Smith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/08 00:10:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Smith\Desktop\OTL.exe
PRC - [2011/05/05 02:48:16 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2005/06/17 08:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005/03/23 01:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (SafeList) ==========

MOD - [2011/05/08 00:10:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Smith\Desktop\OTL.exe
MOD - [2010/12/04 01:58:45 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.0.0.125\asOEHook.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 03:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\5.0.0.125\Microsoft.VC90.CRT\msvcr90.dll
MOD - [2009/07/12 03:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\5.0.0.125\Microsoft.VC90.CRT\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe -- (N360)
SRV - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 15:35:22 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/06/17 08:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®
SRV - [2004/12/16 10:26:58 | 000,462,848 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbxcoms.exe -- (dlbx_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/05/06 11:57:45 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110508.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/06 11:57:45 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/06 11:57:45 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/06 11:57:45 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110508.003\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/06 11:47:30 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/30 01:44:12 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110430.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/14 13:58:34 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110506.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/12/01 00:24:00 | 000,368,248 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/11/22 23:08:31 | 000,509,560 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\SRTSP.SYS -- (SRTSP)
DRV - [2010/11/22 23:08:31 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/11/17 21:59:55 | 000,652,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\SYMEFA.SYS -- (SymEFA)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\Ironx86.SYS -- (SymIRON)
DRV - [2010/10/20 21:28:36 | 000,340,016 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\SYMDS.SYS -- (SymDS)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/02/09 21:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/14 23:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2004/06/16 04:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/24 11:12:44 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2004/03/06 05:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 05:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 05:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.foxtab...m/?s=0&chnl=irn

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.geekstogo...gods-im-a-spaz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A D5 36 94 72 A1 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/05 02:48:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/05/06 11:50:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011/05/06 11:46:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 15:30:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/05 15:30:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary Smith\Application Data\Mozilla\Extensions
[2011/05/05 16:49:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary Smith\Application Data\Mozilla\Firefox\Profiles\2m5tv024.default\extensions
[2011/05/05 15:30:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/05/05 02:48:52 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SANDRA CRANSTONE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2M5TV024.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\SANDRA CRANSTONE\LOCAL SETTINGS\APPLICATION DATA\{8FBB66EF-2362-4BE0-99CF-5E24FB229C45}
File not found (No name found) -- C:\PROGRAM FILES\CLICKPOTATOLITE\BIN\10.0.644.0\FIREFOX\EXTENSIONS
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/08 17:12:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (eBay Toolbar Helper) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.0.0.125\IPS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [DLBXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.DLL ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: [SymLnch] C:\Documents and Settings\Mary Smith\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Support\SymLnch\SymLnch.exe (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://static.harper...geUploader5.cab (Image Uploader Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_18)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.s...rl/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mary Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/08 13:22:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/08 13:17:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/08 13:17:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/08 13:17:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/08 13:17:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/08 12:48:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/08 12:47:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/08 11:46:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/08 11:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Smith\Application Data\Malwarebytes
[2011/05/08 11:21:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/08 11:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/08 11:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/08 11:21:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/08 11:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/08 11:19:36 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mary Smith\Desktop\mbam-setup.exe
[2011/05/08 09:08:55 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Mary Smith\Desktop\aswMBR.exe
[2011/05/08 00:10:25 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mary Smith\Desktop\OTL.exe
[2011/05/07 23:00:37 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mary Smith\Desktop\tdsskiller.exe
[2011/05/07 21:04:02 | 000,000,000 | ---D | C] -- C:\N360_BACKUP
[2011/05/06 11:47:31 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/05/06 11:47:30 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/05/06 11:47:20 | 000,652,336 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymEFA.sys
[2011/05/06 11:47:20 | 000,368,248 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symtdi.sys
[2011/05/06 11:47:20 | 000,330,360 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symtdiv.sys
[2011/05/06 11:47:20 | 000,295,032 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symnets.sys
[2011/05/06 11:47:19 | 000,509,560 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtsp.sys
[2011/05/06 11:47:19 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymDS.sys
[2011/05/06 11:47:19 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Ironx86.sys
[2011/05/06 11:47:19 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtspx.sys
[2011/05/06 11:46:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2011/05/06 11:46:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0500000.07D
[2011/05/06 11:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/05/06 11:46:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360
[2011/05/06 11:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2011/05/05 15:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Smith\Local Settings\Application Data\Mozilla
[2011/05/05 15:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Smith\Application Data\Mozilla
[2011/05/05 15:30:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/05/05 15:29:22 | 012,521,992 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 4.0.1.exe
[2011/05/05 12:52:30 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/05/05 02:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/05/05 02:48:19 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/05/05 02:48:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/05/05 01:25:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Smith\Application Data\vlc
[2011/05/05 01:25:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/05/05 00:57:11 | 009,519,088 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\Shockwave_Installer_Full.exe
[2011/05/05 00:34:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/05/03 01:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\AVIAddXSub
[2011/04/30 01:11:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2011/04/30 01:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Smith\Local Settings\Application Data\Microsoft Corporation
[2011/01/14 19:48:15 | 006,909,232 | ---- | C] ( ) -- C:\Program Files\Real_Alternative_202.exe
[2011/01/09 11:58:36 | 004,966,432 | ---- | C] (CheeseSoft Inc. ) -- C:\Program Files\registryeasy_lite.exe
[2010/12/21 19:57:35 | 017,063,752 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8_IEAK_XP32.exe
[2010/12/10 21:23:29 | 004,938,120 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Silverlight.exe
[2010/11/27 18:31:36 | 034,452,784 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2010/11/26 21:01:11 | 025,825,936 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer.exe
[2010/08/18 20:05:34 | 004,451,992 | ---- | C] (MTS Allstream ) -- C:\Program Files\setup-client.exe
[2007/04/05 21:21:36 | 013,667,376 | ---- | C] ( ) -- C:\Program Files\Dell_Upgrade.v2806_5_9(Dell)_DVD060410-01_R3.exe
[82 C:\Documents and Settings\Mary Smith\My Documents\*.tmp files -> C:\Documents and Settings\Mary Smith\My Documents\*.tmp -> ]
[7 C:\Documents and Settings\Mary Smith\Desktop\*.tmp files -> C:\Documents and Settings\Mary Smith\Desktop\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/08 17:12:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/08 17:11:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/08 17:11:26 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3990514779-3826623117-1682299583-1006.job
[2011/05/08 17:11:26 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3990514779-3826623117-1682299583-1009.job
[2011/05/08 17:11:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/08 17:10:56 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/08 16:58:16 | 004,343,905 | R--- | M] () -- C:\Documents and Settings\Mary Smith\Desktop\ComboFix.exe
[2011/05/08 16:27:21 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3990514779-3826623117-1682299583-1006.job
[2011/05/08 13:22:52 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/08 11:59:59 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Desktop\MBR.dat
[2011/05/08 11:57:28 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mary Smith\Desktop\aswMBR.exe
[2011/05/08 11:21:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/08 11:19:47 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mary Smith\Desktop\mbam-setup.exe
[2011/05/08 00:59:49 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BBA3DE1D-12C5-4743-B18F-6153BA9C2721}.job
[2011/05/08 00:10:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Smith\Desktop\OTL.exe
[2011/05/07 23:00:50 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mary Smith\Desktop\tdsskiller.exe
[2011/05/07 00:56:25 | 002,754,881 | ---- | M] () -- C:\Documents and Settings\Mary Smith\My Documents\Horrors_of_Vaccination_Exposed.pdf
[2011/05/06 13:10:40 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Desktop\VLC Videos with Subs.lnk
[2011/05/06 13:03:31 | 000,000,473 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Desktop\Shortcut to VideoLAN.lnk
[2011/05/06 11:50:38 | 000,718,932 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Cat.DB
[2011/05/06 11:47:30 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/05/06 11:47:30 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/05/06 11:47:30 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/05/06 11:47:30 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/05/06 11:47:23 | 000,001,909 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2011/05/05 20:27:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/05 15:30:09 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/05 15:30:09 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/05 10:11:15 | 000,000,593 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Desktop\Shortcut to RealPlayer Downloads.lnk
[2011/05/05 02:49:10 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/05/05 02:48:19 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/05/05 01:25:25 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/05/05 01:23:59 | 020,533,281 | ---- | M] () -- C:\Program Files\vlc-1.1.9-win32.exe
[2011/05/03 23:54:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3990514779-3826623117-1682299583-1009.job
[2011/05/03 19:34:12 | 000,098,304 | RHS- | M] () -- C:\WINDOWS\System32\substi.dll
[2011/05/03 01:36:32 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/03 00:12:23 | 000,000,563 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Desktop\Real Player Shortcut.lnk
[2011/04/25 19:55:27 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/15 17:06:40 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/04/15 17:06:37 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/15 17:06:37 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/15 13:57:24 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/04/15 13:54:16 | 000,216,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 13:40:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[82 C:\Documents and Settings\Mary Smith\My Documents\*.tmp files -> C:\Documents and Settings\Mary Smith\My Documents\*.tmp -> ]
[7 C:\Documents and Settings\Mary Smith\Desktop\*.tmp files -> C:\Documents and Settings\Mary Smith\Desktop\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/08 13:22:52 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/08 13:22:50 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/08 13:17:10 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/08 13:17:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/08 13:17:10 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/08 13:17:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/08 13:17:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/08 13:14:58 | 004,343,905 | R--- | C] () -- C:\Documents and Settings\Mary Smith\Desktop\ComboFix.exe
[2011/05/08 11:21:07 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/08 09:11:02 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Desktop\MBR.dat
[2011/05/07 00:56:25 | 002,754,881 | ---- | C] () -- C:\Documents and Settings\Mary Smith\My Documents\Horrors_of_Vaccination_Exposed.pdf
[2011/05/06 13:03:31 | 000,000,473 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Desktop\Shortcut to VideoLAN.lnk
[2011/05/06 12:58:03 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Desktop\VLC Videos with Subs.lnk
[2011/05/06 11:50:04 | 000,718,932 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Cat.DB
[2011/05/06 11:47:30 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/05/06 11:47:30 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/05/06 11:47:23 | 000,001,909 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2011/05/06 11:46:54 | 000,003,374 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymEFA.inf
[2011/05/06 11:46:54 | 000,002,792 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymDS.inf
[2011/05/06 11:46:54 | 000,001,474 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymNetV.inf
[2011/05/06 11:46:54 | 000,001,446 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymNet.inf
[2011/05/06 11:46:54 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtspx.inf
[2011/05/06 11:46:54 | 000,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtsp.inf
[2011/05/06 11:46:54 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Iron.inf
[2011/05/06 11:46:28 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symnetv.cat
[2011/05/06 11:46:28 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\iron.cat
[2011/05/06 11:46:28 | 000,007,458 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymNet.cat
[2011/05/06 11:46:28 | 000,007,456 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymEFA.cat
[2011/05/06 11:46:28 | 000,007,454 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtspx.cat
[2011/05/06 11:46:28 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymDS.cat
[2011/05/06 11:46:28 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtsp.cat
[2011/05/06 11:46:28 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\isolate.ini
[2011/05/05 15:30:09 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/05 15:30:09 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/05 15:30:09 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/05 10:11:15 | 000,000,593 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Desktop\Shortcut to RealPlayer Downloads.lnk
[2011/05/05 02:49:10 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/05/05 01:25:25 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/05/05 01:23:45 | 020,533,281 | ---- | C] () -- C:\Program Files\vlc-1.1.9-win32.exe
[2011/05/03 19:34:12 | 000,098,304 | RHS- | C] () -- C:\WINDOWS\System32\substi.dll
[2011/05/03 00:12:23 | 000,000,563 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Desktop\Real Player Shortcut.lnk
[2011/01/14 19:43:32 | 014,786,095 | ---- | C] () -- C:\Program Files\K-Lite_Codec_Pack_666_Full.exe
[2010/12/02 13:43:00 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/11/29 03:17:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/21 16:40:44 | 000,043,548 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/11/14 22:47:54 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/10/12 23:59:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2007/11/19 14:07:58 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/10/10 10:18:17 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/03/15 14:14:58 | 000,001,387 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/09 16:02:06 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2007/03/05 17:43:07 | 000,798,186 | ---- | C] () -- C:\Program Files\E113.ZIP
[2006/03/16 21:14:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2006/03/08 02:50:25 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Blink.ini
[2006/01/20 00:35:12 | 000,000,021 | ---- | C] () -- C:\WINDOWS\FxSetDll.INI
[2006/01/19 15:47:36 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Application Data\PFP120JPR.{PB
[2006/01/19 15:47:36 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Application Data\PFP120JCM.{PB
[2005/12/18 18:33:29 | 000,000,046 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/12/15 22:53:34 | 000,007,866 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/12/14 12:20:33 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\mpnatapi.dll
[2005/12/11 13:09:56 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/10 17:32:33 | 000,000,861 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/12/10 17:30:02 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbxins.dll
[2005/12/10 17:30:02 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsr.dll
[2005/12/10 17:30:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbxvs.dll
[2005/12/10 17:29:59 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbxutil.dll
[2005/12/10 17:29:59 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbxcu.dll
[2005/12/10 17:29:59 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbxcur.dll
[2005/12/10 17:29:57 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsb.dll
[2005/12/10 17:29:57 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbxjswr.dll
[2005/12/10 17:29:57 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbxcub.dll
[2005/12/08 10:58:05 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/12/08 10:58:05 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\54FD0C73B9.sys
[2005/12/08 10:46:35 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2005/12/08 01:01:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/07 23:39:46 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/11/28 16:40:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/28 16:37:05 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/11/28 16:31:09 | 000,000,564 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/28 16:27:19 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/11/28 16:08:18 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[2005/11/28 16:08:08 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/11/28 16:08:00 | 000,114,630 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/11/28 16:07:32 | 000,000,494 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2005/12/10 17:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/06/07 01:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2005/12/12 17:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/12/02 03:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/05/06 11:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2011/04/06 14:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2011/01/09 22:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2005/11/28 16:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/01/12 12:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2010/02/27 01:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/01/22 02:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2010/07/21 12:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/05/02 21:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Smith\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/06/07 01:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Smith\Application Data\eBay
[2010/11/24 12:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Smith\Application Data\ElevatedDiagnostics
[2010/11/17 20:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Smith\Application Data\Gygan
[2005/12/09 22:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Smith\Application Data\Leadertech
[2007/02/11 17:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Smith\Application Data\OfficeUpdate12
[2010/12/01 18:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Smith\Application Data\Uniblue
[2011/05/08 00:59:49 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BBA3DE1D-12C5-4743-B18F-6153BA9C2721}.job

========== Purity Check ==========



< End of report >
  • 0

#19
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That does not look to bad now - what problems remain ?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\SANDRA CRANSTONE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2M5TV024.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\SANDRA CRANSTONE\LOCAL SETTINGS\APPLICATION DATA\{8FBB66EF-2362-4BE0-99CF-5E24FB229C45}
    File not found (No name found) -- C:\PROGRAM FILES\CLICKPOTATOLITE\BIN\10.0.644.0\FIREFOX\EXTENSIONS

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Update Malwarebytes and run a quick scan, posting the resultant log
  • 0

#20
SandyStone

SandyStone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
OTL logfile created on: 5/9/2011 1:43:34 PM - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Sandra Cranstone\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 438.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1600 3100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.77 Gb Total Space | 152.93 Gb Free Space | 66.56% Space Free | Partition Type: NTFS

Computer Name: SANDRA | User Name:Mary Smith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/08 00:10:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandra Cranstone\Desktop\OTL.exe
PRC - [2011/05/05 02:48:16 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2010/12/03 21:11:16 | 000,554,440 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.0.0.125\cltLMH.exe
PRC - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2005/06/17 08:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005/03/23 01:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (SafeList) ==========

MOD - [2011/05/08 00:10:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandra Cranstone\Desktop\OTL.exe
MOD - [2010/12/04 01:58:45 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.0.0.125\asOEHook.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 03:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\5.0.0.125\Microsoft.VC90.CRT\msvcr90.dll
MOD - [2009/07/12 03:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\5.0.0.125\Microsoft.VC90.CRT\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe -- (N360)
SRV - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 15:35:22 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/06/17 08:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®
SRV - [2004/12/16 10:26:58 | 000,462,848 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbxcoms.exe -- (dlbx_device)


========== Driver Services (SafeList) ==========

DRV - [2011/05/06 11:57:45 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110508.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/06 11:57:45 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/06 11:57:45 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/06 11:57:45 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110508.003\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/06 11:47:30 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/30 01:44:12 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110430.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/14 13:58:34 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110506.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/12/01 00:24:00 | 000,368,248 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/11/22 23:08:31 | 000,509,560 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\SRTSP.SYS -- (SRTSP)
DRV - [2010/11/22 23:08:31 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/11/17 21:59:55 | 000,652,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\SYMEFA.SYS -- (SymEFA)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\Ironx86.SYS -- (SymIRON)
DRV - [2010/10/20 21:28:36 | 000,340,016 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\SYMDS.SYS -- (SymDS)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/02/09 21:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/14 23:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2004/06/16 04:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/24 11:12:44 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2004/03/06 05:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 05:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 05:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.foxtab...m/?s=0&chnl=irn

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.geekstogo...az/page__st__15
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A D5 36 94 72 A1 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/05 02:48:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/05/06 11:50:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011/05/06 11:46:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 15:30:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/05 15:30:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sandra Cranstone\Application Data\Mozilla\Extensions
[2011/05/05 16:49:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sandra Cranstone\Application Data\Mozilla\Firefox\Profiles\2m5tv024.default\extensions
[2011/05/05 15:30:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/05/05 02:48:52 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SANDRA CRANSTONE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2M5TV024.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\SANDRA CRANSTONE\LOCAL SETTINGS\APPLICATION DATA\{8FBB66EF-2362-4BE0-99CF-5E24FB229C45}
File not found (No name found) -- C:\PROGRAM FILES\CLICKPOTATOLITE\BIN\10.0.644.0\FIREFOX\EXTENSIONS
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/09 13:35:45 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (eBay Toolbar Helper) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.0.0.125\IPS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [DLBXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.DLL ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: [SymLnch] C:\Documents and Settings\Sandra Cranstone\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Support\SymLnch\SymLnch.exe (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://static.harper...geUploader5.cab (Image Uploader Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_18)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.s...rl/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sandra Cranstone\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/08 21:03:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/08 13:22:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/08 13:17:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/08 13:17:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/08 13:17:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/08 13:17:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/08 12:48:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/08 12:47:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/08 11:46:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/08 11:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra Cranstone\Application Data\Malwarebytes
[2011/05/08 11:21:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/08 11:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/08 11:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/08 11:21:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/08 11:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/08 11:19:36 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sandra Cranstone\Desktop\mbam-setup.exe
[2011/05/08 09:08:55 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Sandra Cranstone\Desktop\aswMBR.exe
[2011/05/08 00:10:25 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sandra Cranstone\Desktop\OTL.exe
[2011/05/07 23:00:37 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Sandra Cranstone\Desktop\tdsskiller.exe
[2011/05/07 21:04:02 | 000,000,000 | ---D | C] -- C:\N360_BACKUP
[2011/05/06 11:47:31 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/05/06 11:47:30 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/05/06 11:47:20 | 000,652,336 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymEFA.sys
[2011/05/06 11:47:20 | 000,368,248 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symtdi.sys
[2011/05/06 11:47:20 | 000,330,360 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symtdiv.sys
[2011/05/06 11:47:20 | 000,295,032 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symnets.sys
[2011/05/06 11:47:19 | 000,509,560 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtsp.sys
[2011/05/06 11:47:19 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymDS.sys
[2011/05/06 11:47:19 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Ironx86.sys
[2011/05/06 11:47:19 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtspx.sys
[2011/05/06 11:46:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2011/05/06 11:46:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0500000.07D
[2011/05/06 11:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/05/06 11:46:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360
[2011/05/06 11:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2011/05/05 15:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra Cranstone\Local Settings\Application Data\Mozilla
[2011/05/05 15:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra Cranstone\Application Data\Mozilla
[2011/05/05 15:30:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/05/05 15:29:22 | 012,521,992 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 4.0.1.exe
[2011/05/05 12:52:30 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/05/05 02:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/05/05 02:48:19 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/05/05 02:48:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/05/05 01:25:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra Cranstone\Application Data\vlc
[2011/05/05 01:25:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/05/05 00:57:11 | 009,519,088 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\Shockwave_Installer_Full.exe
[2011/05/05 00:34:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/05/03 01:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\AVIAddXSub
[2011/04/30 01:11:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2011/04/30 01:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra Cranstone\Local Settings\Application Data\Microsoft Corporation
[2011/01/14 19:48:15 | 006,909,232 | ---- | C] ( ) -- C:\Program Files\Real_Alternative_202.exe
[2011/01/09 11:58:36 | 004,966,432 | ---- | C] (CheeseSoft Inc. ) -- C:\Program Files\registryeasy_lite.exe
[2010/12/21 19:57:35 | 017,063,752 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8_IEAK_XP32.exe
[2010/12/10 21:23:29 | 004,938,120 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Silverlight.exe
[2010/11/27 18:31:36 | 034,452,784 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2010/11/26 21:01:11 | 025,825,936 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer.exe
[2010/08/18 20:05:34 | 004,451,992 | ---- | C] (MTS Allstream ) -- C:\Program Files\setup-client.exe
[2007/04/05 21:21:36 | 013,667,376 | ---- | C] ( ) -- C:\Program Files\Dell_Upgrade.v2806_5_9(Dell)_DVD060410-01_R3.exe
[82 C:\Documents and Settings\Sandra Cranstone\My Documents\*.tmp files -> C:\Documents and Settings\Sandra Cranstone\My Documents\*.tmp -> ]
[7 C:\Documents and Settings\Sandra Cranstone\Desktop\*.tmp files -> C:\Documents and Settings\Sandra Cranstone\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/09 13:38:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/09 13:38:10 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3990514779-3826623117-1682299583-1006.job
[2011/05/09 13:38:10 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3990514779-3826623117-1682299583-1009.job
[2011/05/09 13:37:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/09 13:37:47 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/09 13:35:45 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/09 13:35:40 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3990514779-3826623117-1682299583-1006.job
[2011/05/09 01:40:24 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BBA3DE1D-12C5-4743-B18F-6153BA9C2721}.job
[2011/05/08 16:58:16 | 004,343,905 | R--- | M] () -- C:\Documents and Settings\Sandra Cranstone\Desktop\ComboFix.exe
[2011/05/08 13:22:52 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/08 11:59:59 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Sandra Cranstone\Desktop\MBR.dat
[2011/05/08 11:57:28 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Sandra Cranstone\Desktop\aswMBR.exe
[2011/05/08 11:21:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/08 11:19:47 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sandra Cranstone\Desktop\mbam-setup.exe
[2011/05/08 00:10:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandra Cranstone\Desktop\OTL.exe
[2011/05/07 23:00:50 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Sandra Cranstone\Desktop\tdsskiller.exe
[2011/05/07 00:56:25 | 002,754,881 | ---- | M] () -- C:\Documents and Settings\Sandra Cranstone\My Documents\Horrors_of_Vaccination_Exposed.pdf
[2011/05/06 13:10:40 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Sandra Cranstone\Desktop\VLC Videos with Subs.lnk
[2011/05/06 13:03:31 | 000,000,473 | ---- | M] () -- C:\Documents and Settings\Sandra Cranstone\Desktop\Shortcut to VideoLAN.lnk
[2011/05/06 11:50:38 | 000,718,932 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Cat.DB
[2011/05/06 11:47:30 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/05/06 11:47:30 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/05/06 11:47:30 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/05/06 11:47:30 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/05/06 11:47:23 | 000,001,909 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2011/05/05 20:27:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/05 15:30:09 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Sandra Cranstone\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/05 15:30:09 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/05 10:11:15 | 000,000,593 | ---- | M] () -- C:\Documents and Settings\Sandra Cranstone\Desktop\Shortcut to RealPlayer Downloads.lnk
[2011/05/05 02:49:10 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/05/05 02:48:19 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/05/05 01:25:25 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/05/05 01:23:59 | 020,533,281 | ---- | M] () -- C:\Program Files\vlc-1.1.9-win32.exe
[2011/05/03 23:54:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3990514779-3826623117-1682299583-1009.job
[2011/05/03 19:34:12 | 000,098,304 | RHS- | M] () -- C:\WINDOWS\System32\substi.dll
[2011/05/03 01:36:32 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Sandra Cranstone\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/03 00:12:23 | 000,000,563 | ---- | M] () -- C:\Documents and Settings\Sandra Cranstone\Desktop\Real Player Shortcut.lnk
[2011/04/25 19:55:27 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/15 17:06:40 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Sandra Cranstone\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/04/15 17:06:37 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/15 17:06:37 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/15 13:57:24 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/04/15 13:54:16 | 000,216,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 13:40:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[82 C:\Documents and Settings\Sandra Cranstone\My Documents\*.tmp files -> C:\Documents and Settings\Sandra Cranstone\My Documents\*.tmp -> ]
[7 C:\Documents and Settings\Sandra Cranstone\Desktop\*.tmp files -> C:\Documents and Settings\Sandra Cranstone\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/08 13:22:52 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/08 13:22:50 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/08 13:17:10 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/08 13:17:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/08 13:17:10 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/08 13:17:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/08 13:17:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/08 13:14:58 | 004,343,905 | R--- | C] () -- C:\Documents and Settings\Sandra Cranstone\Desktop\ComboFix.exe
[2011/05/08 11:21:07 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/08 09:11:02 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Sandra Cranstone\Desktop\MBR.dat
[2011/05/07 00:56:25 | 002,754,881 | ---- | C] () -- C:\Documents and Settings\Sandra Cranstone\My Documents\Horrors_of_Vaccination_Exposed.pdf
[2011/05/06 13:03:31 | 000,000,473 | ---- | C] () -- C:\Documents and Settings\Sandra Cranstone\Desktop\Shortcut to VideoLAN.lnk
[2011/05/06 12:58:03 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Sandra Cranstone\Desktop\VLC Videos with Subs.lnk
[2011/05/06 11:50:04 | 000,718,932 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Cat.DB
[2011/05/06 11:47:30 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/05/06 11:47:30 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/05/06 11:47:23 | 000,001,909 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2011/05/06 11:46:54 | 000,003,374 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymEFA.inf
[2011/05/06 11:46:54 | 000,002,792 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymDS.inf
[2011/05/06 11:46:54 | 000,001,474 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymNetV.inf
[2011/05/06 11:46:54 | 000,001,446 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymNet.inf
[2011/05/06 11:46:54 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtspx.inf
[2011/05/06 11:46:54 | 000,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtsp.inf
[2011/05/06 11:46:54 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Iron.inf
[2011/05/06 11:46:28 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symnetv.cat
[2011/05/06 11:46:28 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\iron.cat
[2011/05/06 11:46:28 | 000,007,458 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymNet.cat
[2011/05/06 11:46:28 | 000,007,456 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymEFA.cat
[2011/05/06 11:46:28 | 000,007,454 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtspx.cat
[2011/05/06 11:46:28 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymDS.cat
[2011/05/06 11:46:28 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtsp.cat
[2011/05/06 11:46:28 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\isolate.ini
[2011/05/05 15:30:09 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Sandra Cranstone\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/05 15:30:09 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/05 15:30:09 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/05 10:11:15 | 000,000,593 | ---- | C] () -- C:\Documents and Settings\Sandra Cranstone\Desktop\Shortcut to RealPlayer Downloads.lnk
[2011/05/05 02:49:10 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/05/05 01:25:25 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/05/05 01:23:45 | 020,533,281 | ---- | C] () -- C:\Program Files\vlc-1.1.9-win32.exe
[2011/05/03 19:34:12 | 000,098,304 | RHS- | C] () -- C:\WINDOWS\System32\substi.dll
[2011/05/03 00:12:23 | 000,000,563 | ---- | C] () -- C:\Documents and Settings\Sandra Cranstone\Desktop\Real Player Shortcut.lnk
[2011/01/14 19:43:32 | 014,786,095 | ---- | C] () -- C:\Program Files\K-Lite_Codec_Pack_666_Full.exe
[2010/12/02 13:43:00 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/11/29 03:17:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/21 16:40:44 | 000,043,548 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/11/14 22:47:54 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/10/12 23:59:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2007/11/19 14:07:58 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/10/10 10:18:17 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/03/15 14:14:58 | 000,001,387 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/09 16:02:06 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2007/03/05 17:43:07 | 000,798,186 | ---- | C] () -- C:\Program Files\E113.ZIP
[2006/03/16 21:14:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2006/03/08 02:50:25 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Blink.ini
[2006/01/20 00:35:12 | 000,000,021 | ---- | C] () -- C:\WINDOWS\FxSetDll.INI
[2006/01/19 15:47:36 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Sandra Cranstone\Application Data\PFP120JPR.{PB
[2006/01/19 15:47:36 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Sandra Cranstone\Application Data\PFP120JCM.{PB
[2005/12/18 18:33:29 | 000,000,046 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/12/15 22:53:34 | 000,007,866 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/12/14 12:20:33 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\mpnatapi.dll
[2005/12/11 13:09:56 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Sandra Cranstone\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/10 17:32:33 | 000,000,861 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/12/10 17:30:02 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbxins.dll
[2005/12/10 17:30:02 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsr.dll
[2005/12/10 17:30:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbxvs.dll
[2005/12/10 17:29:59 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbxutil.dll
[2005/12/10 17:29:59 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbxcu.dll
[2005/12/10 17:29:59 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbxcur.dll
[2005/12/10 17:29:57 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsb.dll
[2005/12/10 17:29:57 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbxjswr.dll
[2005/12/10 17:29:57 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbxcub.dll
[2005/12/08 10:58:05 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/12/08 10:58:05 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\54FD0C73B9.sys
[2005/12/08 10:46:35 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2005/12/08 01:01:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/07 23:39:46 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/11/28 16:40:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/28 16:37:05 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/11/28 16:31:09 | 000,000,564 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/28 16:27:19 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/11/28 16:08:18 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[2005/11/28 16:08:08 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/11/28 16:08:00 | 000,114,630 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/11/28 16:07:32 | 000,000,494 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2005/12/10 17:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/06/07 01:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2005/12/12 17:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/12/02 03:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/05/06 11:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2011/04/06 14:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2011/01/09 22:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2005/11/28 16:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/01/12 12:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2010/02/27 01:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/01/22 02:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2010/07/21 12:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/05/02 21:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra Cranstone\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/06/07 01:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra Cranstone\Application Data\eBay
[2010/11/24 12:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra Cranstone\Application Data\ElevatedDiagnostics
[2010/11/17 20:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra Cranstone\Application Data\Gygan
[2005/12/09 22:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra Cranstone\Application Data\Leadertech
[2007/02/11 17:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra Cranstone\Application Data\OfficeUpdate12
[2010/12/01 18:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra Cranstone\Application Data\Uniblue
[2011/05/09 01:40:24 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BBA3DE1D-12C5-4743-B18F-6153BA9C2721}.job

========== Purity Check ==========



< End of report >
  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What problems are outstanding ?

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#22
SandyStone

SandyStone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Google appears to be working agian. That was the only problem that I noticed, that the malware was causing. So everything appears to be in fine order.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6540

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/9/2011 2:01:48 PM
mbam-log-2011-05-09 (14-01-48).txt

Scan type: Quick scan
Objects scanned: 158730
Time elapsed: 5 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :unsure:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :yes:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check

Posted Image


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#24
SandyStone

SandyStone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Thank you so very, very much! I could have NEVER figured it out myself! Very clear instructions! You are a great volunteer. Consider yourself virtually hugged! :)

Edited by SandyStone, 09 May 2011 - 06:52 PM.

  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP