Jump to content

Undectable Browser Hijacker


Recommended Posts

Hello,

I recently restored a dell image to a PC and I keep getting infected with a browser Hijacker. It is undectable by malwarebytes or symantec endpoint. The machine also BSOD's when trying to run any DOS based diagnostic or removal tools. I really could use some advice on this one. I couldn't get DDS to run by a Hijackthis log revealed the following:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:57:05 PM, on 1/18/2012

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe

C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe

C:\Program Files\America Online 9.0\aoltray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\bin\IPS\IPSBHO.DLL

O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [QBReminderFlash] "C:\Program Files\Intuit\QuickBooks 2005\Atom\QBReminder.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: SEP - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Symantec Endpoint Protection (SepMasterService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe

O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe

O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe

--

End of file - 7149 bytes

Thanks in advance.

Link to post
Share on other sites

Hello TrepidatioN! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In your next reply, please include:

  • TDSSKiller log
  • OTL.Txt and Extras.Txt

Link to post
Share on other sites

Hello Maniac and thanks for your reply

Unfortunately TDSS killer will not run. When I started the machine today Symantec Endpoint detected what is called Trojan.ADH.2. I also ran Malwarebytes in safe mode and it detected the following:

Malwarebytes Anti-Malware (PRO) 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.20.04

Windows XP Service Pack 2 x86 NTFS (Safe Mode)

Internet Explorer 6.0.2900.2180

Administrator :: LESDESKTOP [administrator]

Protection: Disabled

1/20/2012 6:20:08 PM

mbam-log-2012-01-20 (18-20-08).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 174641

Time elapsed: 1 minute(s), 44 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 2

HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} (Adware.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{4D25F926-B9FE-4682-BF72-8AB8210D6D75} (Adware.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

I of course removed the threats but I feel but my problems still persist.

Thanks.

Link to post
Share on other sites

Please boot in normal mode and let's try this way:

Note: If using Firefox right-click on any download links and choose Save As

Please download OTH to your desktop

Please download OTL to your desktop

Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.

OTH_Main.gif

Then select Start OTL. OTL will now run

  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

    [*]Click the Internet Explorer button, post these logs in your Virus Removal topic.

Link to post
Share on other sites

Hello,

OTL would only run in safe mode. I hope this isn’t a problem. When running the process kill it would freeze. In the case it did manage to actually kill the processes it would not successfully launch the scanner. So I resorted to safe mode.

OTL logfile created on: 1/20/2012 7:55:54 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\LesLynn\Desktop

Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 719.44 Mb Available Physical Memory | 70.39% Memory free

2.40 Gb Paging File | 2.22 Gb Available in Paging File | 92.48% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 144.30 Gb Total Space | 133.79 Gb Free Space | 92.72% Space Free | Partition Type: NTFS

Computer Name: LESDESKTOP | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/20 19:32:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LesLynn\Desktop\OTL.scr

PRC - [2012/01/20 19:32:40 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LesLynn\Desktop\OTH.scr

PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe

========== Modules (No Company Name) ==========

MOD - [2004/08/10 05:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)

SRV - [2011/06/17 17:10:02 | 001,664,744 | ---- | M] (Symantec Corporation) [unknown | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe -- (SmcService)

SRV - [2011/06/17 16:50:28 | 000,280,496 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe -- (SNAC)

SRV - [2011/06/14 16:31:43 | 000,137,224 | ---- | M] (Symantec Corporation) [unknown | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe -- (SepMasterService)

SRV - [2005/06/17 07:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®

SRV - [2004/04/07 12:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV - [2012/01/18 17:58:55 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120120.004\NAVEX15.SYS -- (NAVEX15)

DRV - [2012/01/18 17:58:55 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120120.004\NAVENG.SYS -- (NAVENG)

DRV - [2012/01/18 17:58:48 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2012/01/18 17:58:48 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/01/18 17:56:38 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2012/01/18 17:55:57 | 000,092,080 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SysPlant.sys -- (SysPlant)

DRV - [2012/01/18 17:52:52 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2012/01/06 22:15:52 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120106.011\BHDrvx86.sys -- (BHDrvx86)

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/07/26 02:03:20 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120119.002\IDSXpx86.sys -- (IDSxpx86)

DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2011/06/17 17:06:46 | 000,023,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SyDvCtrl32.sys -- (SyDvCtrl)

DRV - [2011/05/27 20:07:29 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\srtsp.sys -- (SRTSP)

DRV - [2011/05/27 20:07:29 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV - [2011/05/20 18:50:02 | 000,118,960 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\teefer.sys -- (Teefer2)

DRV - [2011/05/17 20:32:27 | 000,756,856 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMEFA.SYS -- (SymEFA)

DRV - [2011/05/10 20:54:58 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\Ironx86.sys -- (SymIRON)

DRV - [2011/05/02 19:18:59 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMDS.SYS -- (SymDS)

DRV - [2011/04/20 22:21:31 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\symtdi.sys -- (SYMTDI)

DRV - [2005/11/28 13:56:54 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)

DRV - [2005/08/04 04:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005/06/14 22:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)

DRV - [2005/03/05 00:06:50 | 000,135,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinavxx.sys -- (ATIAVPCI)

DRV - [2004/08/03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)

DRV - [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)

DRV - [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2003/11/17 21:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3549125778-2360857574-3899148976-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

IE - HKU\S-1-5-21-3549125778-2360857574-3899148976-500\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com

IE - HKU\S-1-5-21-3549125778-2360857574-3899148976-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html

IE - HKU\S-1-5-21-3549125778-2360857574-3899148976-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

IE - HKU\S-1-5-21-3549125778-2360857574-3899148976-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\IPSFFPlgn\ [2012/01/18 17:57:06 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2004/08/10 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll File not found

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)

O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.

O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)

O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)

O4 - HKLM..\Run: [QBReminderFlash] C:\Program Files\Intuit\QuickBooks 2005\Atom\QBReminder.exe ()

O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()

O4 - HKU\S-1-5-21-3549125778-2360857574-3899148976-500..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)

O4 - HKU\S-1-5-21-3549125778-2360857574-3899148976-500..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3549125778-2360857574-3899148976-500\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-3549125778-2360857574-3899148976-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found

O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1326864763984 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)

O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F27E899-6767-4F58-A41D-9E07693616B8}: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\dimsntfy: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

O20 - Winlogon\Notify\SEP: DllName - (C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll) - File not found

O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/20 19:00:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia

[2012/01/20 18:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Symantec

[2012/01/20 18:46:26 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2012/01/20 18:44:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com

[2012/01/20 18:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware

[2012/01/20 18:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2012/01/20 18:44:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012/01/20 18:43:51 | 014,179,112 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe

[2012/01/20 18:30:03 | 001,975,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\fixit.exe

[2012/01/20 18:19:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

[2012/01/18 19:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2012/01/18 19:11:43 | 000,000,000 | --SD | C] -- C:\ComboFix

[2012/01/18 18:50:13 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2012/01/18 18:45:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012/01/18 18:45:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012/01/18 18:45:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012/01/18 18:45:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012/01/18 18:44:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2012/01/18 18:42:10 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/01/18 17:56:38 | 000,127,096 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS

[2012/01/18 17:56:38 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL

[2012/01/18 17:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared

[2012/01/18 17:55:57 | 000,374,704 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\sysfer.dll

[2012/01/18 17:55:57 | 000,240,048 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\SymVPN.dll

[2012/01/18 17:55:57 | 000,094,128 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\FwsVpn.dll

[2012/01/18 17:55:57 | 000,092,080 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SysPlant.sys

[2012/01/18 17:55:57 | 000,032,208 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\WGX.SYS

[2012/01/18 17:55:57 | 000,010,672 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\sysferThunk.dll

[2012/01/18 17:55:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\SEP\0C01029F\136B.105\x86

[2012/01/18 17:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Symantec Endpoint Protection

[2012/01/18 17:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec

[2012/01/18 17:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec

[2012/01/18 17:55:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\SEP

[2012/01/18 17:55:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\SEP\0C01029F\136B.105

[2012/01/18 17:55:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\SEP\0C01029F

[2012/01/18 17:53:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder

[2012/01/18 17:53:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools Lite

[2012/01/18 17:52:52 | 000,239,168 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys

[2012/01/18 17:52:44 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite

[2012/01/18 17:52:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

[2012/01/18 07:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio

[2012/01/18 00:20:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2012/01/18 00:07:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2012/01/18 00:02:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting

[2012/01/18 00:02:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas

[2012/01/18 00:02:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us

[2012/01/18 00:02:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en

[2012/01/18 00:02:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits

[2012/01/18 00:00:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic

[2012/01/17 23:52:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2012/01/17 23:37:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak

[2012/01/17 23:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2012/01/17 23:34:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall

[2012/01/17 23:34:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$

[2012/01/17 23:33:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution

[2012/01/17 23:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall

[2012/01/17 23:14:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/01/17 23:14:30 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/01/17 23:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/01/17 23:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2012/01/17 23:05:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/20 19:53:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/01/20 19:38:57 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/01/20 19:38:57 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/01/20 18:44:05 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/01/20 18:40:32 | 014,179,112 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe

[2012/01/19 08:03:04 | 001,975,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\fixit.exe

[2012/01/18 18:50:32 | 000,000,325 | RHS- | M] () -- C:\boot.ini

[2012/01/18 18:06:15 | 001,083,176 | ---- | M] () -- C:\WINDOWS\System32\drivers\SEP\0C01029F\136B.105\x86\Cat.DB

[2012/01/18 17:56:38 | 000,127,096 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS

[2012/01/18 17:56:38 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL

[2012/01/18 17:56:38 | 000,007,510 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT

[2012/01/18 17:56:38 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF

[2012/01/18 17:55:57 | 000,374,704 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\sysfer.dll

[2012/01/18 17:55:57 | 000,240,048 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\SymVPN.dll

[2012/01/18 17:55:57 | 000,094,128 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\FwsVpn.dll

[2012/01/18 17:55:57 | 000,092,080 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SysPlant.sys

[2012/01/18 17:55:57 | 000,032,208 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\WGX.SYS

[2012/01/18 17:55:57 | 000,010,672 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\sysferThunk.dll

[2012/01/18 17:55:57 | 000,000,114 | ---- | M] () -- C:\WINDOWS\System32\drivers\SEP\0C01029F\136B.105\x86\isolate.ini

[2012/01/18 17:53:07 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk

[2012/01/18 17:52:52 | 000,239,168 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys

[2012/01/18 17:29:20 | 000,038,528 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF

[2012/01/18 17:28:20 | 000,204,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/01/18 00:21:31 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2012/01/18 00:21:04 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2012/01/18 00:21:04 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2012/01/18 00:11:03 | 000,250,032 | ---- | M] () -- C:\ntldr

[2012/01/17 23:44:38 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1

[2012/01/17 23:37:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/01/17 23:34:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/01/17 23:14:31 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/17 23:05:52 | 000,000,448 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf

[2012/01/17 23:05:46 | 000,000,209 | ---- | M] () -- C:\Boot.bak

[2012/01/17 23:00:33 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD

[2012/01/17 22:05:52 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill.exe

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/20 18:44:05 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/01/20 18:34:37 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.exe

[2012/01/18 18:50:29 | 000,000,209 | ---- | C] () -- C:\Boot.bak

[2012/01/18 18:50:18 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2012/01/18 18:45:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012/01/18 18:45:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012/01/18 18:45:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012/01/18 18:45:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012/01/18 18:45:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012/01/18 17:56:39 | 001,083,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\SEP\0C01029F\136B.105\x86\Cat.DB

[2012/01/18 17:56:38 | 000,007,510 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT

[2012/01/18 17:56:38 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF

[2012/01/18 17:55:57 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\drivers\SEP\0C01029F\136B.105\x86\isolate.ini

[2012/01/18 17:53:07 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk

[2012/01/17 23:59:10 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

[2012/01/17 23:58:54 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2012/01/17 23:58:48 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\msdxm.ocx

[2012/01/17 23:58:46 | 000,004,310 | ---- | C] () -- C:\WINDOWS\System32\odbcconf.rsp

[2012/01/17 23:58:37 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[2012/01/17 23:58:36 | 000,250,032 | ---- | C] () -- C:\ntldr

[2012/01/17 23:44:38 | 000,004,128 | ---- | C] () -- C:\INFCACHE.1

[2012/01/17 23:14:31 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/17 23:00:33 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD

[2005/11/28 14:06:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/11/28 14:03:38 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE

[2005/11/28 13:58:30 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2005/11/28 13:56:13 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2005/11/28 13:48:37 | 000,028,779 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe

[2005/11/28 13:48:37 | 000,024,681 | ---- | C] () -- C:\WINDOWS\System32\java.exe

[2005/11/28 13:28:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe

[2005/11/28 13:28:26 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2005/11/28 13:27:44 | 000,000,387 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005/08/16 20:52:01 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat

[2005/08/16 04:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2005/08/16 04:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2005/08/16 04:27:59 | 000,204,920 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2005/08/16 04:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2005/08/16 04:18:33 | 000,381,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2005/08/16 04:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2005/08/16 04:18:33 | 000,053,436 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2005/08/16 04:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2005/08/16 04:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2005/08/16 04:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2005/08/16 04:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2005/08/16 04:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2005/08/16 04:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2005/08/16 04:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll

[2005/04/09 17:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== LOP Check ==========

[2012/01/18 17:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

[2005/08/16 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream

[2005/11/28 13:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2012/01/18 17:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder

[2012/01/18 17:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LesLynn\Application Data\DAEMON Tools Lite

[2012/01/18 17:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LesLynn\Application Data\OpenCandy

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 1/20/2012 7:55:54 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\LesLynn\Desktop

Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 719.44 Mb Available Physical Memory | 70.39% Memory free

2.40 Gb Paging File | 2.22 Gb Available in Paging File | 92.48% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 144.30 Gb Total Space | 133.79 Gb Free Space | 92.72% Space Free | Partition Type: NTFS

Computer Name: LESDESKTOP | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)

"C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)

"C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe:*:Enabled:SNAC Service -- (Symantec Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player

"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers

"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page

"{390FF986-468D-4CA9-8830-2C4B313F447F}" = ATI Parental Control

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel® PROSet for Wired Connections

"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1

"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool

"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5

"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal

"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer

"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03

"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files

"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore

"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!

"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper

"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox

"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager

"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders

"{A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8}" = Symantec Endpoint Protection

"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio

"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update

"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1

"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy

"{C34C7BE6-51B7-4DE5-A341-F4AA684EC594}" = ASPCA Tri Reminder by We-Care.com v4.0.13.5

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant

"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player

"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic

"America Online us" = America Online (Choose which version to remove)

"AOL Connectivity Services" = AOL Connectivity Services

"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)

"ATI Display Driver" = ATI Display Driver

"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem

"DAEMON Tools Lite" = DAEMON Tools Lite

"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver

"Dell Game Console" = Dell Game Console

"EmeraldQFE2" = Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]

"ESPNMotion" = ESPNMotion

"InstallShield_{390FF986-468D-4CA9-8830-2C4B313F447F}" = ATI Parental Control

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"PROSet" = Intel® PRO Network Connections Drivers

"QuickTime" = QuickTime

"RealPlayer 6.0" = RealPlayer Basic

"StreetPlugin" = Learn2 Player (Uninstall Only)

"ViewpointMediaPlayer" = Viewpoint Media Player

"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell

"WildTangent CDA" = WildTangent Web Driver

"Windows Media Format Runtime" = Windows Media Format Runtime

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 1/18/2012 8:27:50 PM | Computer Name = LESDESKTOP | Source = Symantec AntiVirus | ID = 16711725

Description = Scan type: Tamper Protection Scan Event: Security risk detected: C:\DOCUMENTS

AND SETTINGS\LESLYNN\LOCAL SETTINGS\TEMP\RARSFX0\PEV.EXE File: C:\Program Files\Symantec\Symantec

Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe Location: Deleted or access

blocked Computer: LESDESKTOP User: LesLynn Action taken: Date found: Wednesday, January

18, 2012 6:27:50 PM

Error - 1/18/2012 8:27:50 PM | Computer Name = LESDESKTOP | Source = Symantec AntiVirus | ID = 16711725

Description = Scan type: Tamper Protection Scan Event: Security risk detected: C:\DOCUMENTS

AND SETTINGS\LESLYNN\LOCAL SETTINGS\TEMP\RARSFX0\PEV.EXE File: C:\Program Files\Symantec\Symantec

Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe Location: Deleted or access blocked

Computer:

LESDESKTOP User: LesLynn Action taken: Date found: Wednesday, January 18, 2012 6:27:50

PM

Error - 1/18/2012 8:27:50 PM | Computer Name = LESDESKTOP | Source = Symantec AntiVirus | ID = 16711725

Description = Scan type: Tamper Protection Scan Event: Security risk detected: C:\DOCUMENTS

AND SETTINGS\LESLYNN\LOCAL SETTINGS\TEMP\RARSFX0\PEV.EXE File: C:\Program Files\Symantec\Symantec

Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe Location: Deleted or access

blocked Computer: LESDESKTOP User: LesLynn Action taken: Date found: Wednesday, January

18, 2012 6:27:50 PM

Error - 1/18/2012 8:27:51 PM | Computer Name = LESDESKTOP | Source = Symantec AntiVirus | ID = 16711725

Description = Scan type: Tamper Protection Scan Event: Security risk detected: C:\DOCUMENTS

AND SETTINGS\LESLYNN\LOCAL SETTINGS\TEMP\RARSFX0\PEV.EXE File: C:\Program Files\Symantec\Symantec

Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe Location: Deleted or access

blocked Computer: LESDESKTOP User: LesLynn Action taken: Date found: Wednesday, January

18, 2012 6:27:51 PM

Error - 1/18/2012 8:27:51 PM | Computer Name = LESDESKTOP | Source = Symantec AntiVirus | ID = 16711725

Description = Scan type: Tamper Protection Scan Event: Security risk detected: C:\DOCUMENTS

AND SETTINGS\LESLYNN\LOCAL SETTINGS\TEMP\RARSFX0\PEV.EXE File: C:\Program Files\Symantec\Symantec

Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe Location: Deleted or access blocked

Computer:

LESDESKTOP User: LesLynn Action taken: Date found: Wednesday, January 18, 2012 6:27:51

PM

Error - 1/18/2012 8:27:51 PM | Computer Name = LESDESKTOP | Source = Symantec AntiVirus | ID = 16711725

Description = Scan type: Tamper Protection Scan Event: Security risk detected: C:\DOCUMENTS

AND SETTINGS\LESLYNN\LOCAL SETTINGS\TEMP\RARSFX0\PEV.EXE File: C:\Program Files\Symantec\Symantec

Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe Location: Deleted or access

blocked Computer: LESDESKTOP User: LesLynn Action taken: Date found: Wednesday, January

18, 2012 6:27:51 PM

Error - 1/18/2012 8:27:53 PM | Computer Name = LESDESKTOP | Source = Symantec AntiVirus | ID = 16711725

Description = Scan type: Tamper Protection Scan Event: Security risk detected: C:\DOCUMENTS

AND SETTINGS\LESLYNN\LOCAL SETTINGS\TEMP\RARSFX0\PEV.EXE File: C:\Program Files\Symantec\Symantec

Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe Location: Deleted or access

blocked Computer: LESDESKTOP User: LesLynn Action taken: Date found: Wednesday, January

18, 2012 6:27:53 PM

Error - 1/18/2012 8:27:53 PM | Computer Name = LESDESKTOP | Source = Symantec AntiVirus | ID = 16711725

Description = Scan type: Tamper Protection Scan Event: Security risk detected: C:\DOCUMENTS

AND SETTINGS\LESLYNN\LOCAL SETTINGS\TEMP\RARSFX0\PEV.EXE File: C:\Program Files\Symantec\Symantec

Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe Location: Deleted or access blocked

Computer:

LESDESKTOP User: LesLynn Action taken: Date found: Wednesday, January 18, 2012 6:27:53

PM

Error - 1/18/2012 8:27:53 PM | Computer Name = LESDESKTOP | Source = Symantec AntiVirus | ID = 16711725

Description = Scan type: Tamper Protection Scan Event: Security risk detected: C:\DOCUMENTS

AND SETTINGS\LESLYNN\LOCAL SETTINGS\TEMP\RARSFX0\PEV.EXE File: C:\Program Files\Symantec\Symantec

Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe Location: Deleted or access

blocked Computer: LESDESKTOP User: LesLynn Action taken: Date found: Wednesday, January

18, 2012 6:27:53 PM

Error - 1/18/2012 8:28:55 PM | Computer Name = LESDESKTOP | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting

module mshtml.dll, version 6.0.2900.2722, fault address 0x00071a78.

[ System Events ]

Error - 1/20/2012 9:49:15 PM | Computer Name = LESDESKTOP | Source = Service Control Manager | ID = 7034

Description = The MBAMService service terminated unexpectedly. It has done this

1 time(s).

Error - 1/20/2012 9:49:15 PM | Computer Name = LESDESKTOP | Source = Service Control Manager | ID = 7034

Description = The Intel® Matrix Storage Event Monitor service terminated unexpectedly.

It has done this 1 time(s).

Error - 1/20/2012 9:54:12 PM | Computer Name = LESDESKTOP | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service netman with

arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 1/20/2012 9:54:23 PM | Computer Name = LESDESKTOP | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/20/2012 9:55:32 PM | Computer Name = LESDESKTOP | Source = Service Control Manager | ID = 7001

Description = The DHCP Client service depends on the NetBios over Tcpip service

which failed to start because of the following error: %%31

Error - 1/20/2012 9:55:32 PM | Computer Name = LESDESKTOP | Source = Service Control Manager | ID = 7001

Description = The DNS Client service depends on the TCP/IP Protocol Driver service

which failed to start because of the following error: %%31

Error - 1/20/2012 9:55:32 PM | Computer Name = LESDESKTOP | Source = Service Control Manager | ID = 7001

Description = The TCP/IP NetBIOS Helper service depends on the AFD service which

failed to start because of the following error: %%31

Error - 1/20/2012 9:55:32 PM | Computer Name = LESDESKTOP | Source = Service Control Manager | ID = 7001

Description = The IPSEC Services service depends on the IPSEC driver service which

failed to start because of the following error: %%31

Error - 1/20/2012 9:55:32 PM | Computer Name = LESDESKTOP | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

AFD BHDrvx86 eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL

SRTSP

SRTSPX

SymIRON

SYMTDI

SysPlant

Tcpip

WS2IFSL

Error - 1/20/2012 9:55:32 PM | Computer Name = LESDESKTOP | Source = Service Control Manager | ID = 7031

Description = The SAS Core Service service terminated unexpectedly. It has done

this 1 time(s). The following corrective action will be taken in 1000 milliseconds:

Restart the service.

< End of report >

Link to post
Share on other sites

Please boot in Normal mode and try to uninstall MyWay Search Assistant and Viewpoint Media Player. Next:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    [2012/01/17 23:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
    [2005/11/28 13:48:37 | 000,028,779 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
    [2005/11/28 13:48:37 | 000,024,681 | ---- | C] () -- C:\WINDOWS\System32\java.exe

    :files
    C:\Program Files\MyWaySA

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log file.

Link to post
Share on other sites

Ok so I managed to just run OTL without killing the processes.

OTL logfile created on: 1/29/2012 10:57:27 AM - Run 2

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\LesLynn\Desktop

Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 305.69 Mb Available Physical Memory | 29.91% Memory free

2.40 Gb Paging File | 1.48 Gb Available in Paging File | 61.58% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 144.30 Gb Total Space | 132.24 Gb Free Space | 91.64% Space Free | Partition Type: NTFS

Drive F: | 3.82 Gb Total Space | 2.11 Gb Free Space | 55.24% Space Free | Partition Type: FAT32

Computer Name: LESDESKTOP | User Name: LesLynn | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/20 19:32:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LesLynn\Desktop\OTL.scr

PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe

PRC - [2011/06/17 17:10:02 | 001,664,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe

PRC - [2011/06/14 16:31:43 | 000,137,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe

PRC - [2005/11/28 13:56:51 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe

PRC - [2005/09/08 19:20:46 | 000,464,384 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe

PRC - [2005/09/08 19:20:46 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe

PRC - [2005/06/17 07:56:14 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2005/06/17 07:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

PRC - [2005/03/23 00:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

PRC - [2004/08/10 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2004/04/07 12:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

PRC - [2003/11/19 17:48:14 | 000,032,881 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

========== Modules (No Company Name) ==========

MOD - [2005/09/01 07:51:14 | 000,122,880 | ---- | M] () -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmgit.dll

MOD - [2005/08/05 14:01:54 | 000,356,352 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll

MOD - [2005/08/05 14:01:54 | 000,282,112 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll

MOD - [2005/08/05 14:01:54 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\VBICodec.ax

MOD - [2005/08/05 13:06:50 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax

MOD - [2005/06/28 13:55:08 | 001,287,680 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll

MOD - [2004/08/10 05:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

MOD - [2004/08/10 05:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2003/11/19 17:48:14 | 000,032,881 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

MOD - [2003/09/23 01:00:00 | 000,106,496 | ---- | M] () -- C:\Program Files\Dell\ShareDLL\djbsdk.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)

SRV - [2011/06/17 17:10:02 | 001,664,744 | ---- | M] (Symantec Corporation) [unknown | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe -- (SmcService)

SRV - [2011/06/17 16:50:28 | 000,280,496 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe -- (SNAC)

SRV - [2011/06/14 16:31:43 | 000,137,224 | ---- | M] (Symantec Corporation) [unknown | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe -- (SepMasterService)

SRV - [2005/06/17 07:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®

SRV - [2004/04/07 12:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV - [2012/01/18 17:58:55 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120128.009\NAVEX15.SYS -- (NAVEX15)

DRV - [2012/01/18 17:58:55 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120128.009\NAVENG.SYS -- (NAVENG)

DRV - [2012/01/18 17:58:48 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2012/01/18 17:58:48 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/01/18 17:56:38 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2012/01/18 17:55:57 | 000,092,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SysPlant.sys -- (SysPlant)

DRV - [2012/01/18 17:52:52 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2012/01/06 22:15:52 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120123.011\BHDrvx86.sys -- (BHDrvx86)

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/07/26 02:03:20 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120128.001\IDSXpx86.sys -- (IDSxpx86)

DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2011/06/17 17:06:46 | 000,023,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SyDvCtrl32.sys -- (SyDvCtrl)

DRV - [2011/05/27 20:07:29 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\srtsp.sys -- (SRTSP)

DRV - [2011/05/27 20:07:29 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV - [2011/05/20 18:50:02 | 000,118,960 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\teefer.sys -- (Teefer2)

DRV - [2011/05/17 20:32:27 | 000,756,856 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMEFA.SYS -- (SymEFA)

DRV - [2011/05/10 20:54:58 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\Ironx86.sys -- (SymIRON)

DRV - [2011/05/02 19:18:59 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMDS.SYS -- (SymDS)

DRV - [2011/04/20 22:21:31 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\symtdi.sys -- (SYMTDI)

DRV - [2005/11/28 13:56:54 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)

DRV - [2005/08/04 04:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005/06/14 22:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)

DRV - [2005/03/05 00:06:50 | 000,135,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavxx.sys -- (ATIAVPCI)

DRV - [2004/08/03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)

DRV - [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)

DRV - [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2003/11/17 21:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\IPSFFPlgn\ [2012/01/18 17:57:06 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/27 20:29:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/01/27 20:29:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LesLynn\Application Data\Mozilla\Extensions

[2012/01/27 20:29:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/12/21 01:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/12/20 22:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/12/20 22:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004/08/10 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)

O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.

O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)

O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)

O4 - HKLM..\Run: [QBReminderFlash] C:\Program Files\Intuit\QuickBooks 2005\Atom\QBReminder.exe ()

O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found

O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1326864763984 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)

O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F27E899-6767-4F58-A41D-9E07693616B8}: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\dimsntfy: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

O20 - Winlogon\Notify\SEP: DllName - (C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll) - File not found

O24 - Desktop WallPaper: C:\Documents and Settings\LesLynn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\LesLynn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/27 20:29:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LesLynn\Local Settings\Application Data\Mozilla

[2012/01/27 20:29:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LesLynn\Application Data\Mozilla

[2012/01/27 20:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2012/01/27 18:48:18 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/01/27 18:17:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[2012/01/20 19:37:46 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\LesLynn\Desktop\OTH.scr

[2012/01/20 19:37:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\LesLynn\Desktop\OTL.scr

[2012/01/20 18:46:26 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2012/01/20 18:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware

[2012/01/20 18:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2012/01/20 18:44:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012/01/20 18:10:48 | 001,975,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\LesLynn\Desktop\tdsskiller.exe

[2012/01/18 19:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LesLynn\Start Menu\Programs\HiJackThis

[2012/01/18 19:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2012/01/18 19:26:47 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\LesLynn\Desktop\dds.scr

[2012/01/18 19:11:43 | 000,000,000 | --SD | C] -- C:\ComboFix

[2012/01/18 18:50:13 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2012/01/18 18:45:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012/01/18 18:45:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012/01/18 18:45:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012/01/18 18:45:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012/01/18 18:44:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2012/01/18 18:42:10 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/01/18 18:41:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LesLynn\My Documents\My Videos

[2012/01/18 18:41:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LesLynn\Start Menu\Programs\Administrative Tools

[2012/01/18 17:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LesLynn\Local Settings\Application Data\Symantec

[2012/01/18 17:56:38 | 000,127,096 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS

[2012/01/18 17:56:38 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL

[2012/01/18 17:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared

[2012/01/18 17:55:57 | 000,374,704 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\sysfer.dll

[2012/01/18 17:55:57 | 000,240,048 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\SymVPN.dll

[2012/01/18 17:55:57 | 000,094,128 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\FwsVpn.dll

[2012/01/18 17:55:57 | 000,092,080 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SysPlant.sys

[2012/01/18 17:55:57 | 000,032,208 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\WGX.SYS

[2012/01/18 17:55:57 | 000,010,672 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\sysferThunk.dll

[2012/01/18 17:55:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\SEP\0C01029F\136B.105\x86

[2012/01/18 17:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Symantec Endpoint Protection

[2012/01/18 17:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec

[2012/01/18 17:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec

[2012/01/18 17:55:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\SEP

[2012/01/18 17:55:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\SEP\0C01029F\136B.105

[2012/01/18 17:55:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\SEP\0C01029F

[2012/01/18 17:53:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder

[2012/01/18 17:53:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LesLynn\Application Data\OpenCandy

[2012/01/18 17:53:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools Lite

[2012/01/18 17:52:52 | 000,239,168 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys

[2012/01/18 17:52:44 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite

[2012/01/18 17:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LesLynn\Application Data\DAEMON Tools Lite

[2012/01/18 17:52:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

[2012/01/18 07:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio

[2012/01/18 00:20:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2012/01/18 00:07:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2012/01/18 00:02:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting

[2012/01/18 00:02:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas

[2012/01/18 00:02:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us

[2012/01/18 00:02:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en

[2012/01/18 00:02:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits

[2012/01/18 00:00:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic

[2012/01/17 23:52:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2012/01/17 23:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LesLynn\Local Settings\Application Data\Identities

[2012/01/17 23:42:02 | 014,717,808 | ---- | C] (DT Soft Ltd.) -- C:\Documents and Settings\LesLynn\Desktop\DTLite4451-0236.exe

[2012/01/17 23:37:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak

[2012/01/17 23:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2012/01/17 23:34:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall

[2012/01/17 23:34:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$

[2012/01/17 23:33:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution

[2012/01/17 23:32:32 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LesLynn\UserData

[2012/01/17 23:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall

[2012/01/17 23:14:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LesLynn\Application Data\Malwarebytes

[2012/01/17 23:14:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/01/17 23:14:30 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/01/17 23:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/01/17 23:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2012/01/17 23:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LesLynn\Application Data\Macromedia

[2012/01/17 23:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LesLynn\Application Data\McAfee.com Personal Firewall

[2012/01/17 23:06:14 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LesLynn\Application Data\Microsoft

[2012/01/17 23:06:14 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LesLynn\Cookies

[2012/01/17 23:06:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LesLynn\SendTo

[2012/01/17 23:06:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LesLynn\Recent

[2012/01/17 23:06:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LesLynn\Application Data

[2012/01/17 23:06:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LesLynn\Start Menu\Programs\Startup

[2012/01/17 23:06:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LesLynn\Start Menu

[2012/01/17 23:06:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LesLynn\My Documents\My Pictures

[2012/01/17 23:06:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LesLynn\My Documents\My Music

[2012/01/17 23:06:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LesLynn\My Documents

[2012/01/17 23:06:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LesLynn\Favorites

[2012/01/17 23:06:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LesLynn\Start Menu\Programs\Accessories

[2012/01/17 23:06:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LesLynn\Templates

[2012/01/17 23:06:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LesLynn\PrintHood

[2012/01/17 23:06:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LesLynn\NetHood

[2012/01/17 23:06:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LesLynn\Local Settings

[2012/01/17 23:06:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LesLynn\Application Data\Gtek

[2012/01/17 23:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LesLynn\Local Settings\Application Data\Wildtangent

[2012/01/17 23:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LesLynn\Application Data\Sun

[2012/01/17 23:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LesLynn\Local Settings\Application Data\Musicmatch

[2012/01/17 23:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LesLynn\Local Settings\Application Data\Microsoft

[2012/01/17 23:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LesLynn\Application Data\Identities

[2012/01/17 23:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LesLynn\Desktop

[2012/01/17 23:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LesLynn\Start Menu\Programs\Dell Accessories

[2012/01/17 23:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LesLynn\Start Menu\Programs\Dell

[2012/01/17 23:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LesLynn\My Documents\CCWin

[2012/01/17 23:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LesLynn\Local Settings\Application Data\BVRP Software

[2012/01/17 23:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LesLynn\Local Settings\Application Data\ApplicationHistory

[2012/01/17 23:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LesLynn\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}

[2012/01/17 23:05:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles

[2012/01/10 14:36:38 | 004,763,456 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\LesLynn\Desktop\procexp.exe

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/29 10:58:14 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/01/29 10:58:14 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/01/29 10:53:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/01/29 10:53:42 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys

[2012/01/27 20:29:29 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\LesLynn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012/01/27 20:29:29 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2012/01/20 19:32:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LesLynn\Desktop\OTL.scr

[2012/01/20 19:32:40 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LesLynn\Desktop\OTH.scr

[2012/01/20 18:44:05 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/01/19 08:03:04 | 001,975,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\LesLynn\Desktop\tdsskiller.exe

[2012/01/18 19:56:52 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\LesLynn\Desktop\HiJackThis.lnk

[2012/01/18 19:54:22 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\LesLynn\Desktop\HiJackThis.msi

[2012/01/18 19:21:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\LesLynn\Desktop\dds.scr

[2012/01/18 18:50:32 | 000,000,325 | RHS- | M] () -- C:\boot.ini

[2012/01/18 18:06:15 | 001,083,176 | ---- | M] () -- C:\WINDOWS\System32\drivers\SEP\0C01029F\136B.105\x86\Cat.DB

[2012/01/18 17:56:38 | 000,127,096 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS

[2012/01/18 17:56:38 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL

[2012/01/18 17:56:38 | 000,007,510 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT

[2012/01/18 17:56:38 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF

[2012/01/18 17:55:57 | 000,374,704 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\sysfer.dll

[2012/01/18 17:55:57 | 000,240,048 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\SymVPN.dll

[2012/01/18 17:55:57 | 000,094,128 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\FwsVpn.dll

[2012/01/18 17:55:57 | 000,092,080 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SysPlant.sys

[2012/01/18 17:55:57 | 000,032,208 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\WGX.SYS

[2012/01/18 17:55:57 | 000,010,672 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\sysferThunk.dll

[2012/01/18 17:55:57 | 000,000,114 | ---- | M] () -- C:\WINDOWS\System32\drivers\SEP\0C01029F\136B.105\x86\isolate.ini

[2012/01/18 17:53:07 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk

[2012/01/18 17:52:52 | 000,239,168 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys

[2012/01/18 17:29:20 | 000,038,528 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF

[2012/01/18 17:28:20 | 000,204,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/01/18 00:21:31 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2012/01/18 00:21:04 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2012/01/18 00:21:04 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2012/01/18 00:11:03 | 000,250,032 | ---- | M] () -- C:\ntldr

[2012/01/17 23:50:22 | 004,763,456 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\LesLynn\Desktop\procexp.exe

[2012/01/17 23:50:22 | 000,072,268 | ---- | M] () -- C:\Documents and Settings\LesLynn\Desktop\procexp.chm

[2012/01/17 23:44:38 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1

[2012/01/17 23:42:11 | 014,717,808 | ---- | M] (DT Soft Ltd.) -- C:\Documents and Settings\LesLynn\Desktop\DTLite4451-0236.exe

[2012/01/17 23:37:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/01/17 23:34:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/01/17 23:14:31 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/17 23:06:39 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\LesLynn\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/01/17 23:06:31 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\LesLynn\Desktop\Windows Media Player.lnk

[2012/01/17 23:06:24 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\LesLynn\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk

[2012/01/17 23:05:52 | 000,000,448 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf

[2012/01/17 23:05:46 | 000,000,209 | ---- | M] () -- C:\Boot.bak

[2012/01/17 23:00:33 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/27 20:29:29 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\LesLynn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012/01/27 20:29:29 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2012/01/27 20:29:29 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2012/01/20 20:00:48 | 1071,812,608 | -HS- | C] () -- C:\hiberfil.sys

[2012/01/20 18:44:05 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/01/18 19:56:42 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\LesLynn\Desktop\HiJackThis.lnk

[2012/01/18 19:56:27 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\LesLynn\Desktop\HiJackThis.msi

[2012/01/18 18:50:29 | 000,000,209 | ---- | C] () -- C:\Boot.bak

[2012/01/18 18:50:18 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2012/01/18 18:45:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012/01/18 18:45:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012/01/18 18:45:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012/01/18 18:45:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012/01/18 18:45:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012/01/18 17:56:39 | 001,083,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\SEP\0C01029F\136B.105\x86\Cat.DB

[2012/01/18 17:56:38 | 000,007,510 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT

[2012/01/18 17:56:38 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF

[2012/01/18 17:55:57 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\drivers\SEP\0C01029F\136B.105\x86\isolate.ini

[2012/01/18 17:53:07 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk

[2012/01/17 23:59:10 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

[2012/01/17 23:58:54 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2012/01/17 23:58:48 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\msdxm.ocx

[2012/01/17 23:58:46 | 000,004,310 | ---- | C] () -- C:\WINDOWS\System32\odbcconf.rsp

[2012/01/17 23:58:37 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[2012/01/17 23:58:36 | 000,250,032 | ---- | C] () -- C:\ntldr

[2012/01/17 23:44:38 | 000,004,128 | ---- | C] () -- C:\INFCACHE.1

[2012/01/17 23:14:31 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/17 23:06:31 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\LesLynn\Desktop\Windows Media Player.lnk

[2012/01/17 23:06:15 | 000,002,007 | ---- | C] () -- C:\Documents and Settings\LesLynn\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk

[2012/01/17 23:06:15 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\LesLynn\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk

[2012/01/17 23:06:15 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\LesLynn\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk

[2012/01/17 23:06:15 | 000,001,298 | ---- | C] () -- C:\Documents and Settings\LesLynn\Desktop\Media Center.lnk

[2012/01/17 23:06:15 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\LesLynn\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/01/17 23:06:15 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\LesLynn\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk

[2012/01/17 23:06:15 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\LesLynn\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk

[2012/01/17 23:06:15 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\LesLynn\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

[2012/01/17 23:06:14 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\LesLynn\Start Menu\Programs\Remote Assistance.lnk

[2012/01/17 23:06:14 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\LesLynn\Start Menu\Programs\Windows Media Player.lnk

[2012/01/17 23:06:14 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\LesLynn\Start Menu\Programs\Internet Explorer.lnk

[2012/01/17 23:06:14 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\LesLynn\Start Menu\Programs\Outlook Express.lnk

[2012/01/17 23:06:14 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\LesLynn\Local Settings\Application Data\fusioncache.dat

[2012/01/17 23:00:33 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD

[2005/11/28 14:06:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/11/28 14:03:38 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE

[2005/11/28 13:58:30 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2005/11/28 13:56:13 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2005/11/28 13:48:37 | 000,028,779 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe

[2005/11/28 13:48:37 | 000,024,681 | ---- | C] () -- C:\WINDOWS\System32\java.exe

[2005/11/28 13:28:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe

[2005/11/28 13:28:26 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2005/11/28 13:27:44 | 000,000,387 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005/08/16 04:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2005/08/16 04:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2005/08/16 04:27:59 | 000,204,920 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2005/08/16 04:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2005/08/16 04:18:33 | 000,381,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2005/08/16 04:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2005/08/16 04:18:33 | 000,053,436 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2005/08/16 04:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2005/08/16 04:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2005/08/16 04:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2005/08/16 04:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2005/08/16 04:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2005/08/16 04:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2005/08/16 04:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll

[2005/04/09 17:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== LOP Check ==========

[2012/01/18 17:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

[2005/08/16 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream

[2012/01/18 17:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder

[2012/01/18 17:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LesLynn\Application Data\DAEMON Tools Lite

[2012/01/18 17:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LesLynn\Application Data\OpenCandy

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.