Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Malware


  • This topic is locked This topic is locked
21 replies to this topic

#1 wahlcoman

wahlcoman

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 30 October 2010 - 05:22 PM

I have browser redirect problem. Here are my logs:

DDS (Ver_10-10-21.02) - NTFSx86
Run by Tom at 13:56:56.70 on Sat 10/30/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.1990 [GMT -7:00]


============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tom\Desktop\HijackThis.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tom\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = https://safe-cart.com/pcdriversheadqu/.driver-detective/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_9993303B90FE6C1D.dll
BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SUPERAntiSpyware] "c:\program files\superantispyware\SUPERAntiSpyware.exe"
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [RTHDCPL] "RTHDCPL.EXE"
mRun: [SMSERIAL] "c:\program files\motorola\smserial\sm56hlpr.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\qsb.exe" /autorun
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [vptray] "c:\program files\navnt\vptray.exe"
mRun: [NeroFilterCheck] "c:\program files\common files\ahead\lib\NeroCheck.exe"
mRun: [cwcptray] "c:\program files\contentwatch\internet protection\cwtray.exe"
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\8.0"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
StartupFolder: c:\docume~1\tom\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\cwalsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238546548031
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241306819015
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1238552969482&h=6e620e9da618b3080a088be4ac8794bf/&filename=jinstall-6u13-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_9993303B90FE6C1D.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-2-25 29808]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 CwAltaService20;ContentWatch;c:\program files\contentwatch\internet protection\cwsvc.exe [2009-8-5 2100544]
R2 NAVAPEL;NAVAPEL;c:\program files\navnt\Navapel.sys [2001-9-24 9232]
R2 Norton AntiVirus Server;Norton AntiVirus Client;c:\program files\navnt\rtvscan.exe [2001-9-24 454656]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-4-5 1201640]

=============== Created Last 30 ================

2010-10-29 00:46:51 -------- d-----w- c:\docume~1\tom\applic~1\SUPERAntiSpyware.com
2010-10-29 00:46:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-10-29 00:46:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-28 01:36:07 -------- d-----w- c:\docume~1\tom\applic~1\Malwarebytes
2010-10-28 01:35:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-28 01:35:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-28 01:35:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-28 01:35:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-27 06:07:13 -------- d-----w- c:\docume~1\tom\applic~1\AskToolbar
2010-10-16 04:12:19 -------- d-----w- c:\program files\Yahoo!
2010-10-16 04:12:12 -------- d-----w- c:\program files\CCleaner
2010-10-14 02:23:03 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 02:22:16 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-13 20:38:38 -------- d-----w- c:\docume~1\tom\applic~1\Windows Search

==================== Find3M ====================

2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-10 12:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 12:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 13:57:11.67 ===============


GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-30 14:50:39
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Tom\LOCALS~1\Temp\pwdoikog.sys


---- System - GMER 1.0.15 ----

SSDT 8AD7B860 ZwAllocateVirtualMemory
SSDT 8AD760A8 ZwCreateKey
SSDT 8AD7BD38 ZwCreateProcess
SSDT 8AD6C638 ZwCreateProcessEx
SSDT 8AD7B778 ZwCreateThread
SSDT 8AD7B098 ZwDeleteKey
SSDT 8ADDEBE0 ZwDeleteValueKey
SSDT 8AD7B8D8 ZwQueueApcThread
SSDT 8ADE9508 ZwReadVirtualMemory
SSDT 8ACFC0B0 ZwRenameKey
SSDT 8ADC7FA8 ZwSetContextThread
SSDT 8AE0C608 ZwSetInformationKey
SSDT 8ADD1528 ZwSetInformationProcess
SSDT 8ADC9200 ZwSetInformationThread
SSDT 8ADB42D8 ZwSetValueKey
SSDT 8ADCB020 ZwSuspendProcess
SSDT 8ADC7F30 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0x9EBB4620]
SSDT 8ADED020 ZwTerminateThread
SSDT 8ADE9580 ZwWriteVirtualMemory

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[432] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[432] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[432] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[432] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[432] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[432] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[432] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[432] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[432] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[432] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[432] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[432] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[432] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[432] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[1864] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00450771 C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2192] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2192] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2192] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2192] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2192] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2192] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2192] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2192] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2192] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2192] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2192] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2192] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2192] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2192] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2372] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2372] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2372] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2372] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2372] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2372] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2372] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2372] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2372] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[3084] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3808] ntdll.dll!KiUserExceptionDispatcher + 9 7C90E485 5 Bytes JMP 00017DB0 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3808] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00016000 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3808] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 000169B0 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3808] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00016000 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3808] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00016960 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3808] kernel32.dll!VirtualFree 7C809B84 5 Bytes JMP 00016990 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \Driver\Tcpip \Device\Ip 89EDEA18
Device \Driver\Tcpip \Device\Ip 89F00480
Device \Driver\Tcpip \Device\Ip 89C44A38
Device \Driver\Tcpip \Device\Ip 8777FA30

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Tcpip \Device\Tcp 89EDEA18
Device \Driver\Tcpip \Device\Tcp 89F00480
Device \Driver\Tcpip \Device\Tcp 89C44A38
Device \Driver\Tcpip \Device\Tcp 8777FA30
Device \Driver\Tcpip \Device\Udp 89EDEA18
Device \Driver\Tcpip \Device\Udp 89F00480
Device \Driver\Tcpip \Device\Udp 89C44A38
Device \Driver\Tcpip \Device\Udp 8777FA30
Device \Driver\Tcpip \Device\RawIp 89EDEA18
Device \Driver\Tcpip \Device\RawIp 89F00480
Device \Driver\Tcpip \Device\RawIp 89C44A38
Device \Driver\Tcpip \Device\RawIp 8777FA30
Device \Driver\Tcpip \Device\IPMULTICAST 89EDEA18
Device \Driver\Tcpip \Device\IPMULTICAST 89F00480
Device \Driver\Tcpip \Device\IPMULTICAST 89C44A38
Device \Driver\Tcpip \Device\IPMULTICAST 8777FA30

---- EOF - GMER 1.0.15 ----

Thank you in advance for your help!
Attached File  Attach.txt   17.38KB   0 downloadsAttached File  ark.txt   17.09KB   1 downloads

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:21 PM

Posted 07 November 2010 - 05:17 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 wahlcoman

wahlcoman
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 08 November 2010 - 11:48 PM

Please see the following OTL report. I could not open the link for RKunhookerLE due to the browser redirect not allowing it. I did try to open the link by several other methods and still could not. Is there another way around this?

OTL logfile created on: 11/7/2010 4:05:29 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Tom\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 265.24 Gb Free Space | 88.98% Space Free | Partition Type: NTFS

Computer Name: TOM-LAPTOP | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/07 15:52:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
PRC - [2010/10/25 11:46:59 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/09/29 16:00:56 | 001,588,184 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2010/09/29 16:00:56 | 001,145,304 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2010/09/28 21:33:02 | 002,407,632 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/21 04:43:54 | 000,965,176 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe
PRC - [2010/07/03 09:19:42 | 000,353,600 | ---- | M] (ContentWatch, Inc.) -- C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
PRC - [2010/07/03 09:19:41 | 002,100,544 | ---- | M] (ContentWatch, Inc.) -- C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2010/01/08 18:59:22 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2009/11/06 15:19:58 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/11/06 12:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe
PRC - [2009/03/31 17:41:32 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/12 13:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/03/12 13:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/01/29 18:22:00 | 000,638,976 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2001/09/24 07:59:00 | 000,454,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\rtvscan.exe
PRC - [2001/09/24 07:59:00 | 000,073,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\vptray.exe
PRC - [2001/09/24 07:59:00 | 000,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\defwatch.exe
PRC - [2000/09/18 17:12:40 | 000,014,336 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\MSGSYS.EXE


========== Modules (SafeList) ==========

MOD - [2010/11/07 15:52:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/08/04 13:19:26 | 000,150,576 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\PCTGMhk.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/29 16:00:56 | 001,145,304 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/03 09:19:41 | 002,100,544 | ---- | M] (ContentWatch, Inc.) [Auto | Running] -- C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe -- (CwAltaService20)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/08 18:59:22 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2001/09/24 07:59:00 | 000,454,656 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\NavNT\rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2001/09/24 07:59:00 | 000,032,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\NavNT\defwatch.exe -- (DefWatch)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Tom\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/10/13 01:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101013.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/10/13 01:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101013.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/08/18 13:51:26 | 000,237,632 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/07/07 07:05:32 | 000,014,904 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/03/20 00:18:39 | 000,305,176 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/03/04 17:58:00 | 005,045,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/01/22 16:25:00 | 000,120,064 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/01/21 11:42:56 | 006,278,560 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/11/17 07:23:00 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/10/25 05:43:02 | 001,753,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/06/24 15:55:12 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/04/14 00:16:22 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/14 00:16:22 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/14 00:16:10 | 000,049,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mstape.sys -- (MSTAPE)
DRV - [2008/04/14 00:16:08 | 000,013,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avcstrm.sys -- (AVCSTRM)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/28 01:14:00 | 000,224,672 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/29 18:26:00 | 000,984,832 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2001/09/24 07:59:00 | 000,176,208 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\NavNT\navap.sys -- (NAVAP)
DRV - [2001/09/24 07:59:00 | 000,009,232 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\NavNT\Navapel.sys -- (NAVAPEL)
DRV - [2001/09/24 01:29:00 | 000,057,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2009/05/25 16:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions
[2009/05/25 16:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2009/04/05 18:20:01 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [cwcptray] C:\Program Files\ContentWatch\Internet Protection\cwtray.exe (ContentWatch, Inc.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\qsb.exe (Google Inc.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vptray] C:\Program Files\NavNT\vptray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-2000478354-1383384898-839522115-1003..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKU\S-1-5-21-2000478354-1383384898-839522115-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-2000478354-1383384898-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2000478354-1383384898-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2000478354-1383384898-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Tom\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\Tom\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238546548031 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241306819015 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Security Packages - (indows.common-controls_6595b641) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/30 15:48:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/07 15:52:15 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
[2010/11/04 23:16:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/03 21:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\IObit
[2010/11/03 21:04:15 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/11/03 21:01:33 | 008,858,200 | ---- | C] (IObit ) -- C:\Documents and Settings\Tom\Desktop\asc-setup.exe
[2010/11/03 20:00:10 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2010/11/03 20:00:10 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2010/11/03 20:00:09 | 000,249,616 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/11/03 20:00:04 | 000,237,632 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/11/03 20:00:04 | 000,159,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/11/03 19:59:48 | 000,123,712 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys
[2010/11/03 19:59:48 | 000,087,400 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys
[2010/11/03 19:59:48 | 000,031,960 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys
[2010/11/03 19:59:42 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/11/03 19:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/11/03 19:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2010/11/03 19:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\PC Tools
[2010/11/03 19:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/11/02 20:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/02 20:39:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/11/02 20:37:53 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Tom\Desktop\spybotsd162.exe
[2010/10/31 22:10:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tom\Recent
[2010/10/31 19:22:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/31 19:21:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/31 19:21:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/31 19:21:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/31 19:21:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/31 19:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/31 19:19:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/31 12:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/10/31 11:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/31 11:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/31 11:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/10/31 11:43:40 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2010/10/31 11:43:11 | 000,755,552 | ---- | C] (Secunia) -- C:\Documents and Settings\Tom\Desktop\PSISetup.exe
[2010/10/31 11:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
[2010/10/30 14:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Desktop\gmer
[2010/10/30 12:47:07 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Tom\Desktop\HijackThis.exe
[2010/10/28 17:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\SUPERAntiSpyware.com
[2010/10/28 17:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/10/28 17:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/28 17:46:09 | 009,705,656 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Tom\Desktop\SUPERAntiSpyware.exe
[2010/10/27 18:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Malwarebytes
[2010/10/27 18:35:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/27 18:35:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/27 18:35:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/27 18:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/26 23:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\AskToolbar
[2010/10/15 21:12:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/10/15 21:12:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Yahoo!
[2010/10/15 21:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/10/15 21:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/10/13 13:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Windows Search
[2010/10/10 15:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\My Documents
[2007/07/04 09:28:52 | 000,176,128 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[6 C:\My Documents\*.tmp files -> C:\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/07 16:03:45 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2010/11/07 16:01:01 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/11/07 15:52:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
[2010/11/07 02:27:10 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5CE893F2-1E70-49B2-A05B-DAEA00DECB0F}.job
[2010/11/05 22:25:25 | 000,496,600 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/05 22:25:25 | 000,092,472 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/05 22:21:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/05 22:20:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/03 21:29:39 | 003,902,190 | R--- | M] () -- C:\Documents and Settings\Tom\Desktop\ComboFix.exe
[2010/11/03 21:04:35 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/11/03 21:04:35 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/11/03 21:04:35 | 000,000,151 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\IObit Freeware.url
[2010/11/03 21:03:48 | 008,858,200 | ---- | M] (IObit ) -- C:\Documents and Settings\Tom\Desktop\asc-setup.exe
[2010/11/03 20:00:19 | 000,800,850 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2010/11/03 20:00:01 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/11/03 19:57:18 | 000,507,360 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\sdsetup.exe
[2010/11/03 18:36:29 | 000,088,064 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/03 12:50:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/02 20:39:29 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/02 20:39:29 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Spybot - Search & Destroy.lnk
[2010/11/02 20:38:02 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Tom\Desktop\spybotsd162.exe
[2010/10/31 19:22:39 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/31 12:01:15 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/31 11:44:03 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\Tom\Start Menu\Programs\Startup\Secunia PSI.lnk
[2010/10/31 11:43:11 | 000,755,552 | ---- | M] (Secunia) -- C:\Documents and Settings\Tom\Desktop\PSISetup.exe
[2010/10/31 11:40:50 | 000,000,165 | ---- | M] () -- C:\WINDOWS\setup.iss
[2010/10/30 15:38:53 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\rkill.com
[2010/10/30 14:02:52 | 000,286,404 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\gmer.zip
[2010/10/30 13:50:16 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\dds.scr
[2010/10/30 13:45:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tom\defogger_reenable
[2010/10/30 13:45:04 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Defogger.exe
[2010/10/30 12:47:07 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Tom\Desktop\HijackThis.exe
[2010/10/29 19:42:00 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/10/28 17:46:46 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/28 17:46:10 | 009,705,656 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Tom\Desktop\SUPERAntiSpyware.exe
[2010/10/27 18:36:01 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/19 21:28:23 | 000,011,048 | ---- | M] () -- C:\My Documents\current event 4.docx
[2010/10/19 13:06:55 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\iTunes.lnk
[2010/10/18 23:01:26 | 000,011,088 | ---- | M] () -- C:\My Documents\currrrent event 3.docx
[2010/10/18 22:01:11 | 000,011,092 | ---- | M] () -- C:\My Documents\current event 2.docx
[2010/10/15 21:12:18 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\CCleaner.lnk
[2010/10/13 19:32:46 | 000,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/12 21:30:27 | 000,001,538 | ---- | M] () -- C:\Documents and Settings\Tom\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/10/12 21:27:39 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\LimeWire 5.5.16.lnk
[2010/10/10 15:05:47 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/10 14:57:11 | 136,767,488 | ---- | M] () -- C:\My Documents\Tom's Best Recruit Intro.mpg
[2010/10/10 14:57:11 | 1044,508,672 | ---- | M] () -- C:\My Documents\2010 Brophy Invite 9-25.mpg
[2010/10/10 14:56:06 | 000,147,776 | ---- | M] () -- C:\My Documents\toms complete recruit movie.pds
[6 C:\My Documents\*.tmp files -> C:\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/03 21:04:35 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/11/03 21:04:35 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/11/03 21:04:35 | 000,000,151 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\IObit Freeware.url
[2010/11/03 20:00:11 | 000,800,850 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2010/11/03 20:00:01 | 000,001,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/11/03 19:57:16 | 000,507,360 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\sdsetup.exe
[2010/11/02 20:39:29 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/02 20:39:29 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Spybot - Search & Destroy.lnk
[2010/10/31 19:22:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/31 19:22:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/31 19:21:12 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/31 19:21:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/31 19:21:12 | 000,088,064 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/31 19:21:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/31 19:21:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/31 19:19:23 | 003,902,190 | R--- | C] () -- C:\Documents and Settings\Tom\Desktop\ComboFix.exe
[2010/10/31 12:01:15 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/31 11:44:03 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\Tom\Start Menu\Programs\Startup\Secunia PSI.lnk
[2010/10/31 11:37:29 | 000,000,165 | ---- | C] () -- C:\WINDOWS\setup.iss
[2010/10/30 15:38:52 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\rkill.com
[2010/10/30 14:02:52 | 000,286,404 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\gmer.zip
[2010/10/30 13:50:16 | 000,545,280 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\dds.scr
[2010/10/30 13:45:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tom\defogger_reenable
[2010/10/30 13:45:04 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Defogger.exe
[2010/10/28 17:46:46 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/27 18:36:01 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/19 21:28:23 | 000,011,048 | ---- | C] () -- C:\My Documents\current event 4.docx
[2010/10/18 23:01:26 | 000,011,088 | ---- | C] () -- C:\My Documents\currrrent event 3.docx
[2010/10/18 22:01:11 | 000,011,092 | ---- | C] () -- C:\My Documents\current event 2.docx
[2010/10/15 21:12:17 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\CCleaner.lnk
[2010/10/12 21:30:27 | 000,001,538 | ---- | C] () -- C:\Documents and Settings\Tom\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/10/12 21:27:39 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\LimeWire 5.5.16.lnk
[2010/10/10 15:05:47 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/10 14:56:03 | 000,147,776 | ---- | C] () -- C:\My Documents\toms complete recruit movie.pds
[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/08/05 13:13:44 | 001,073,152 | ---- | C] () -- C:\WINDOWS\System32\wxcode_msw28u_wxcurl_CW.dll
[2009/08/05 13:13:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\wxcode_msw28u_wxjson_CW.dll
[2009/08/05 10:28:19 | 000,975,872 | ---- | C] () -- C:\WINDOWS\System32\libxml2_CW.dll
[2009/08/05 09:57:40 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\libexpat.dll
[2009/08/05 09:57:39 | 002,916,352 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_core_vc_CW.dll
[2009/08/05 09:57:39 | 001,236,992 | ---- | C] () -- C:\WINDOWS\System32\wxbase28u_vc_CW.dll
[2009/08/05 09:57:39 | 000,716,800 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_adv_vc_CW.dll
[2009/08/05 09:57:39 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_xrc_vc_CW.dll
[2009/08/05 09:57:39 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_html_vc_CW.dll
[2009/08/05 09:57:39 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\wxbase28u_xml_vc_CW.dll
[2009/08/05 09:57:39 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\wxbase28u_net_vc_CW.dll
[2009/08/05 09:57:39 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_media_vc_CW.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/23 20:14:20 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/02 21:17:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/02 17:03:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2009/03/31 19:34:27 | 000,000,244 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/30 08:40:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/25 05:43:02 | 001,753,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008/09/11 10:09:20 | 000,028,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/05/19 03:39:58 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2001/09/24 07:59:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2000/09/18 17:12:40 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\CSSMS_IN.DLL

========== LOP Check ==========

[2009/08/05 09:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ContentWatch
[2009/03/31 16:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/09/12 17:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/11/07 10:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2009/03/31 19:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/09/14 20:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/26 23:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\AskToolbar
[2010/11/03 21:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\IObit
[2010/11/05 22:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\LimeWire
[2009/03/31 21:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\OfficeUpdate12
[2009/03/31 18:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Windows Desktop Search
[2010/10/13 13:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Windows Search
[2010/11/07 16:01:01 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/11/07 02:27:10 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{5CE893F2-1E70-49B2-A05B-DAEA00DECB0F}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:DFC5A2B2

< End of report >
[2010/11/07 16:26:46 | 000,036,864 | -H-- | M] () -- C:\Documents and Settings\Tom\ntuser.dat.LOG
[2010/11/07 16:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Desktop
[2010/11/07 16:09:43 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Tom\Cookies
[2010/11/07 16:03:45 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2010/11/07 16:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Local Settings\Application Data\AskToolbar
[2010/11/07 16:01:01 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/11/07 15:52:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
[2010/11/07 10:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/11/07 02:27:10 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5CE893F2-1E70-49B2-A05B-DAEA00DECB0F}.job
[2010/11/05 22:25:25 | 000,496,600 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/05 22:25:25 | 000,092,472 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/05 22:25:24 | 000,600,112 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/11/05 22:21:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/05 22:21:01 | 000,000,000 | ---D | M] -- C:\Program Files\PC Tools Security
[2010/11/05 22:20:26 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Tom\Application Data
[2010/11/05 22:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\LimeWire
[2010/11/05 22:20:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/11/05 22:20:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/03 21:58:59 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/11/03 21:55:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Tom\Local Settings
[2010/11/03 21:45:32 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/11/03 21:29:39 | 003,902,190 | R--- | M] () -- C:\Documents and Settings\Tom\Desktop\ComboFix.exe
[2010/11/03 21:28:13 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\Tom\ntuser.dat
[2010/11/03 21:04:35 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/11/03 21:04:35 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/11/03 21:04:35 | 000,000,151 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\IObit Freeware.url
[2010/11/03 21:04:35 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Tom\Start Menu
[2010/11/03 21:04:35 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Tom\Favorites
[2010/11/03 21:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop
[2010/11/03 21:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\IObit
[2010/11/03 21:04:15 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2010/11/03 21:03:48 | 008,858,200 | ---- | M] (IObit ) -- C:\Documents and Settings\Tom\Desktop\asc-setup.exe
[2010/11/03 20:03:58 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tom\ntuser.ini
[2010/11/03 20:02:48 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\PC Tools
[2010/11/03 20:00:01 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/11/03 19:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/11/03 19:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\PC Tools
[2010/11/03 19:57:27 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2010/11/03 19:57:18 | 000,507,360 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\sdsetup.exe
[2010/11/03 18:36:29 | 000,088,064 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/03 12:50:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/02 20:42:16 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/02 20:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/11/02 20:39:29 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/02 20:39:29 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Spybot - Search & Destroy.lnk
[2010/11/02 20:38:02 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Tom\Desktop\spybotsd162.exe
[2010/10/31 22:10:26 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Tom\Recent
[2010/10/31 12:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/10/31 12:01:15 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/31 11:58:13 | 034,452,784 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Tom\Desktop\QuickTimeInstaller.exe
[2010/10/31 11:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/31 11:56:37 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Java
[2010/10/31 11:55:45 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/10/31 11:52:29 | 016,308,000 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Tom\Desktop\jre-6u22-windows-i586-s.exe
[2010/10/31 11:51:42 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/10/31 11:51:39 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Adobe AIR
[2010/10/31 11:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Adobe
[2010/10/31 11:51:11 | 012,675,272 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\Tom\Desktop\AdobeAIRInstaller.exe
[2010/10/31 11:50:12 | 002,788,816 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Tom\Desktop\install_flash_player.exe
[2010/10/31 11:44:03 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\Tom\Start Menu\Programs\Startup\Secunia PSI.lnk
[2010/10/31 11:43:40 | 000,000,000 | ---D | M] -- C:\Program Files\Secunia
[2010/10/31 11:43:11 | 000,755,552 | ---- | M] (Secunia) -- C:\Documents and Settings\Tom\Desktop\PSISetup.exe
[2010/10/31 11:40:50 | 000,000,165 | ---- | M] () -- C:\WINDOWS\setup.iss
[2010/10/31 11:40:37 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Tom\Application Data\Microsoft
[2010/10/31 11:40:13 | 000,000,000 | ---D | M] -- C:\Program Files\WOT
[2010/10/31 11:37:02 | 003,220,488 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Tom\Desktop\WOT-bing-latest.exe
[2010/10/30 15:38:53 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\rkill.com
[2010/10/30 14:02:52 | 000,286,404 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\gmer.zip
[2010/10/30 13:50:16 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\dds.scr
[2010/10/30 13:45:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tom\defogger_reenable
[2010/10/30 13:45:04 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Defogger.exe
[2010/10/30 12:47:07 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Tom\Desktop\HijackThis.exe
[2010/10/29 19:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Apple Computer
[2010/10/29 19:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Apple Computer
[2010/10/29 19:42:00 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/10/28 18:01:20 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2010/10/28 17:46:52 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2010/10/28 17:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\SUPERAntiSpyware.com
[2010/10/28 17:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/10/28 17:46:46 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/28 17:46:10 | 009,705,656 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Tom\Desktop\SUPERAntiSpyware.exe
[2010/10/27 18:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Malwarebytes
[2010/10/27 18:36:02 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/27 18:36:01 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/27 18:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/26 23:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\AskToolbar
[2010/10/23 14:14:15 | 006,425,730 | -H-- | M] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\IconCache.db
[2010/10/19 21:28:23 | 000,011,048 | ---- | M] () -- C:\My Documents\current event 4.docx
[2010/10/19 13:06:55 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\iTunes.lnk
[2010/10/18 23:01:26 | 000,011,088 | ---- | M] () -- C:\My Documents\currrrent event 3.docx
[2010/10/18 22:01:11 | 000,011,092 | ---- | M] () -- C:\My Documents\current event 2.docx
[2010/10/16 08:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft
[2010/10/15 23:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/10/15 21:12:33 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/10/15 21:12:31 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2010/10/15 21:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Yahoo!
[2010/10/15 21:12:18 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\CCleaner.lnk
[2010/10/13 19:32:45 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/10/13 19:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/10/13 13:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Windows Search
[2010/10/12 21:30:27 | 000,001,538 | ---- | M] () -- C:\Documents and Settings\Tom\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/10/12 21:27:39 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\LimeWire 5.5.16.lnk
[2010/10/12 21:27:39 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2010/10/10 15:05:47 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/10 15:05:42 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Adobe
[2010/10/10 15:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/10/10 15:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\My Documents
[2010/10/10 14:59:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/10/10 14:57:11 | 136,767,488 | ---- | M] () -- C:\My Documents\Tom's Best Recruit Intro.mpg
[2010/10/10 14:57:11 | 1044,508,672 | ---- | M] () -- C:\My Documents\2010 Brophy Invite 9-25.mpg
[2010/10/10 14:56:06 | 000,147,776 | ---- | M] () -- C:\My Documents\toms complete recruit movie.pds
[2010/09/26 12:53:16 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/16 16:08:17 | 000,069,232 | ---- | M] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/30 08:39:39 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Tom\Application Data\desktop.ini
[2009/03/30 08:39:39 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[6 C:\My Documents\*.tmp files -> C:\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/07 16:03:45 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2010/11/07 16:01:01 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/11/07 15:52:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
[2010/11/07 02:27:10 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5CE893F2-1E70-49B2-A05B-DAEA00DECB0F}.job
[2010/11/05 22:25:25 | 000,496,600 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/05 22:25:25 | 000,092,472 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/05 22:21:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/05 22:20:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/03 21:29:39 | 003,902,190 | R--- | M] () -- C:\Documents and Settings\Tom\Desktop\ComboFix.exe
[2010/11/03 21:04:35 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/11/03 21:04:35 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/11/03 21:04:35 | 000,000,151 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\IObit Freeware.url
[2010/11/03 21:03:48 | 008,858,200 | ---- | M] (IObit ) -- C:\Documents and Settings\Tom\Desktop\asc-setup.exe
[2010/11/03 20:00:19 | 000,800,850 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2010/11/03 20:00:01 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/11/03 19:57:18 | 000,507,360 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\sdsetup.exe
[2010/11/03 18:36:29 | 000,088,064 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/03 12:50:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/02 20:39:29 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/02 20:39:29 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Spybot - Search & Destroy.lnk
[2010/11/02 20:38:02 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Tom\Desktop\spybotsd162.exe
[2010/10/31 19:22:39 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/31 12:01:15 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/31 11:58:13 | 034,452,784 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Tom\Desktop\QuickTimeInstaller.exe
[2010/10/31 11:55:52 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/31 11:55:52 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/31 11:55:52 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/31 11:55:52 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/10/31 11:55:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/10/31 11:52:29 | 016,308,000 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Tom\Desktop\jre-6u22-windows-i586-s.exe
[2010/10/31 11:51:11 | 012,675,272 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\Tom\Desktop\AdobeAIRInstaller.exe
[2010/10/31 11:50:12 | 002,788,816 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Tom\Desktop\install_flash_player.exe
[2010/10/31 11:44:03 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\Tom\Start Menu\Programs\Startup\Secunia PSI.lnk
[2010/10/31 11:43:11 | 000,755,552 | ---- | M] (Secunia) -- C:\Documents and Settings\Tom\Desktop\PSISetup.exe
[2010/10/31 11:40:50 | 000,000,165 | ---- | M] () -- C:\WINDOWS\setup.iss
[2010/10/31 11:37:02 | 003,220,488 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Tom\Desktop\WOT-bing-latest.exe
[2010/10/30 15:38:53 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\rkill.com
[2010/10/30 14:02:52 | 000,286,404 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\gmer.zip
[2010/10/30 13:50:16 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\dds.scr
[2010/10/30 13:45:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tom\defogger_reenable
[2010/10/30 13:45:04 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Defogger.exe
[2010/10/30 12:47:07 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Tom\Desktop\HijackThis.exe
[2010/10/29 19:42:00 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/10/28 17:46:46 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/28 17:46:10 | 009,705,656 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Tom\Desktop\SUPERAntiSpyware.exe
[2010/10/27 18:36:01 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/19 21:28:23 | 000,011,048 | ---- | M] () -- C:\My Documents\current event 4.docx
[2010/10/19 13:06:55 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\iTunes.lnk
[2010/10/18 23:01:26 | 000,011,088 | ---- | M] () -- C:\My Documents\currrrent event 3.docx
[2010/10/18 22:01:11 | 000,011,092 | ---- | M] () -- C:\My Documents\current event 2.docx
[2010/10/15 21:12:18 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\CCleaner.lnk
[2010/10/13 19:32:46 | 000,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/12 21:30:27 | 000,001,538 | ---- | M] () -- C:\Documents and Settings\Tom\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/10/12 21:27:39 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\LimeWire 5.5.16.lnk
[2010/10/10 15:05:47 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/10 14:57:11 | 136,767,488 | ---- | M] () -- C:\My Documents\Tom's Best Recruit Intro.mpg
[2010/10/10 14:57:11 | 1044,508,672 | ---- | M] () -- C:\My Documents\2010 Brophy Invite 9-25.mpg
[2010/10/10 14:56:06 | 000,147,776 | ---- | M] () -- C:\My Documents\toms complete recruit movie.pds
[6 C:\My Documents\*.tmp files -> C:\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== LOP Check ==========

[2009/08/05 09:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ContentWatch
[2009/03/31 16:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/09/12 17:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/11/07 10:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2009/03/31 19:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/09/14 20:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/26 23:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\AskToolbar
[2010/11/03 21:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\IObit
[2010/11/05 22:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\LimeWire
[2009/03/31 21:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\OfficeUpdate12
[2009/03/31 18:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Windows Desktop Search
[2010/10/13 13:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Windows Search
[2010/11/07 16:01:01 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/11/07 02:27:10 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{5CE893F2-1E70-49B2-A05B-DAEA00DECB0F}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:DFC5A2B2

< End of report >
OTL Extras logfile created on: 11/7/2010 4:14:24 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Tom\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 36.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 265.24 Gb Free Space | 88.98% Space Free | Partition Type: NTFS

Computer Name: TOM-LAPTOP | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Disabled:Nero Home -- (Nero AG)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{43FFE159-3199-4188-A1CD-629166AD1033}" = Nero 7 Ultra Edition
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}" = Norton AntiVirus Corporate Edition
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F99520C7-7EE6-472E-8DD8-E60003A9292F}" = WOT for Internet Explorer
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator CS2" = Adobe Illustrator CS2
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"ALTACPHOME_is1" = Net Nanny Parental Controls 5.5
"CCleaner" = CCleaner
"DVD Shrink_is1" = DVD Shrink 3.2
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"LimeWire" = LimeWire 5.5.16
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROPLUS" = Microsoft Office Professional Plus 2007
"Secunia PSI" = Secunia PSI
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Spyware Doctor" = Spyware Doctor 8.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2000478354-1383384898-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/23/2010 1:52:49 AM | Computer Name = TOM-LAPTOP | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Downloader in File: C:\Documents and Settings\Tom\Local
Settings\Temp\0.7235449589826508.gif by: Manual scan. Action: Clean failed : Leave
Alone succeeded :

Error - 10/23/2010 1:55:21 AM | Computer Name = TOM-LAPTOP | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Trojan.FakeAV!gen39 in File: C:\Documents
and Settings\Tom\Local Settings\Temp\0.2066404171061953.exe by: Realtime Protection
scan. Action: Clean failed : Quarantine succeeded : Access denied

Error - 10/29/2010 10:19:16 PM | Computer Name = TOM-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module limewi~2.dll, version 5.1.0.1000, fault address 0x0005d09d.

Error - 10/29/2010 10:56:07 PM | Computer Name = TOM-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module limewi~2.dll, version 5.1.0.1000, fault address 0x0005d09d.

Error - 10/31/2010 1:43:49 AM | Computer Name = TOM-LAPTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/31/2010 1:43:50 AM | Computer Name = TOM-LAPTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/31/2010 3:31:25 PM | Computer Name = TOM-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module limewi~2.dll, version 5.1.0.1000, fault address 0x0005d09d.

Error - 10/31/2010 3:32:05 PM | Computer Name = TOM-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module limewi~2.dll, version 5.1.0.1000, fault address 0x0005d09d.

Error - 10/31/2010 3:43:15 PM | Computer Name = TOM-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module yt.dll, version 2008.7.28.1, fault address 0x00056d54.

Error - 11/6/2010 1:21:07 AM | Computer Name = TOM-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application luall.exe, version 1.63.12.0, faulting module
luall.exe, version 1.63.12.0, fault address 0x0001f3fb.

[ OSession Events ]
Error - 6/3/2009 12:53:47 PM | Computer Name = TOM-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/3/2009 12:54:00 PM | Computer Name = TOM-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/3/2009 12:54:07 PM | Computer Name = TOM-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/3/2009 12:54:16 PM | Computer Name = TOM-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/3/2009 12:54:55 PM | Computer Name = TOM-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 32
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/3/2009 12:55:08 PM | Computer Name = TOM-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/8/2010 7:44:41 PM | Computer Name = TOM-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26419
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/5/2010 9:52:31 PM | Computer Name = TOM-LAPTOP | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.4
with the system having network hardware address C4:2C:03:E9:5A:68. Network operations
on this system may be disrupted as a result.

Error - 10/6/2010 1:17:24 PM | Computer Name = TOM-LAPTOP | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.4 on
the Network Card with network address 001F3B91E375.

Error - 10/16/2010 11:41:23 AM | Computer Name = TOM-LAPTOP | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001F3B91E375. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 10/27/2010 8:19:46 PM | Computer Name = TOM-LAPTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
address 001F3B91E375 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/28/2010 1:21:11 AM | Computer Name = TOM-LAPTOP | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.9
with the system having network hardware address 00:25:4B:20:F9:A1. Network operations
on this system may be disrupted as a result.

Error - 10/31/2010 7:39:32 PM | Computer Name = TOM-LAPTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001F3B91E375 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

#4 wahlcoman

wahlcoman
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 08 November 2010 - 11:55 PM

Please see the following OTL report. I could not open the link for RKUnhookerLE due to the browser constantly redirecting to other sites. Is there another way around this?

OTL logfile created on: 11/7/2010 4:05:29 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Tom\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 265.24 Gb Free Space | 88.98% Space Free | Partition Type: NTFS

Computer Name: TOM-LAPTOP | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/07 15:52:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
PRC - [2010/10/25 11:46:59 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/09/29 16:00:56 | 001,588,184 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2010/09/29 16:00:56 | 001,145,304 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2010/09/28 21:33:02 | 002,407,632 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/21 04:43:54 | 000,965,176 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe
PRC - [2010/07/03 09:19:42 | 000,353,600 | ---- | M] (ContentWatch, Inc.) -- C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
PRC - [2010/07/03 09:19:41 | 002,100,544 | ---- | M] (ContentWatch, Inc.) -- C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2010/01/08 18:59:22 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2009/11/06 15:19:58 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/11/06 12:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe
PRC - [2009/03/31 17:41:32 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/12 13:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/03/12 13:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/01/29 18:22:00 | 000,638,976 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2001/09/24 07:59:00 | 000,454,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\rtvscan.exe
PRC - [2001/09/24 07:59:00 | 000,073,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\vptray.exe
PRC - [2001/09/24 07:59:00 | 000,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\defwatch.exe
PRC - [2000/09/18 17:12:40 | 000,014,336 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\MSGSYS.EXE


========== Modules (SafeList) ==========

MOD - [2010/11/07 15:52:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/08/04 13:19:26 | 000,150,576 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\PCTGMhk.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/29 16:00:56 | 001,145,304 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/03 09:19:41 | 002,100,544 | ---- | M] (ContentWatch, Inc.) [Auto | Running] -- C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe -- (CwAltaService20)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/08 18:59:22 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2001/09/24 07:59:00 | 000,454,656 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\NavNT\rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2001/09/24 07:59:00 | 000,032,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\NavNT\defwatch.exe -- (DefWatch)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Tom\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/10/13 01:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101013.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/10/13 01:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101013.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/08/18 13:51:26 | 000,237,632 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/07/07 07:05:32 | 000,014,904 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/03/20 00:18:39 | 000,305,176 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/03/04 17:58:00 | 005,045,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/01/22 16:25:00 | 000,120,064 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/01/21 11:42:56 | 006,278,560 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/11/17 07:23:00 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/10/25 05:43:02 | 001,753,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/06/24 15:55:12 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/04/14 00:16:22 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/14 00:16:22 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/14 00:16:10 | 000,049,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mstape.sys -- (MSTAPE)
DRV - [2008/04/14 00:16:08 | 000,013,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avcstrm.sys -- (AVCSTRM)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/28 01:14:00 | 000,224,672 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/29 18:26:00 | 000,984,832 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2001/09/24 07:59:00 | 000,176,208 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\NavNT\navap.sys -- (NAVAP)
DRV - [2001/09/24 07:59:00 | 000,009,232 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\NavNT\Navapel.sys -- (NAVAPEL)
DRV - [2001/09/24 01:29:00 | 000,057,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2009/05/25 16:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions
[2009/05/25 16:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2009/04/05 18:20:01 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [cwcptray] C:\Program Files\ContentWatch\Internet Protection\cwtray.exe (ContentWatch, Inc.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\qsb.exe (Google Inc.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vptray] C:\Program Files\NavNT\vptray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-2000478354-1383384898-839522115-1003..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKU\S-1-5-21-2000478354-1383384898-839522115-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-2000478354-1383384898-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2000478354-1383384898-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2000478354-1383384898-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Tom\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\Tom\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-2000478354-1383384898-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238546548031 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241306819015 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Security Packages - (indows.common-controls_6595b641) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/30 15:48:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/07 15:52:15 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
[2010/11/04 23:16:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/03 21:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\IObit
[2010/11/03 21:04:15 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/11/03 21:01:33 | 008,858,200 | ---- | C] (IObit ) -- C:\Documents and Settings\Tom\Desktop\asc-setup.exe
[2010/11/03 20:00:10 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2010/11/03 20:00:10 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2010/11/03 20:00:09 | 000,249,616 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/11/03 20:00:04 | 000,237,632 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/11/03 20:00:04 | 000,159,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/11/03 19:59:48 | 000,123,712 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys
[2010/11/03 19:59:48 | 000,087,400 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys
[2010/11/03 19:59:48 | 000,031,960 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys
[2010/11/03 19:59:42 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/11/03 19:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/11/03 19:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2010/11/03 19:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\PC Tools
[2010/11/03 19:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/11/02 20:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/02 20:39:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/11/02 20:37:53 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Tom\Desktop\spybotsd162.exe
[2010/10/31 22:10:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tom\Recent
[2010/10/31 19:22:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/31 19:21:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/31 19:21:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/31 19:21:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/31 19:21:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/31 19:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/31 19:19:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/31 12:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/10/31 11:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/31 11:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/31 11:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/10/31 11:43:40 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2010/10/31 11:43:11 | 000,755,552 | ---- | C] (Secunia) -- C:\Documents and Settings\Tom\Desktop\PSISetup.exe
[2010/10/31 11:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
[2010/10/30 14:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Desktop\gmer
[2010/10/30 12:47:07 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Tom\Desktop\HijackThis.exe
[2010/10/28 17:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\SUPERAntiSpyware.com
[2010/10/28 17:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/10/28 17:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/28 17:46:09 | 009,705,656 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Tom\Desktop\SUPERAntiSpyware.exe
[2010/10/27 18:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Malwarebytes
[2010/10/27 18:35:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/27 18:35:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/27 18:35:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/27 18:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/26 23:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\AskToolbar
[2010/10/15 21:12:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/10/15 21:12:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Yahoo!
[2010/10/15 21:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/10/15 21:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/10/13 13:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Windows Search
[2010/10/10 15:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\My Documents
[2007/07/04 09:28:52 | 000,176,128 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[6 C:\My Documents\*.tmp files -> C:\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/07 16:03:45 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2010/11/07 16:01:01 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/11/07 15:52:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
[2010/11/07 02:27:10 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5CE893F2-1E70-49B2-A05B-DAEA00DECB0F}.job
[2010/11/05 22:25:25 | 000,496,600 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/05 22:25:25 | 000,092,472 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/05 22:21:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/05 22:20:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/03 21:29:39 | 003,902,190 | R--- | M] () -- C:\Documents and Settings\Tom\Desktop\ComboFix.exe
[2010/11/03 21:04:35 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/11/03 21:04:35 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/11/03 21:04:35 | 000,000,151 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\IObit Freeware.url
[2010/11/03 21:03:48 | 008,858,200 | ---- | M] (IObit ) -- C:\Documents and Settings\Tom\Desktop\asc-setup.exe
[2010/11/03 20:00:19 | 000,800,850 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2010/11/03 20:00:01 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/11/03 19:57:18 | 000,507,360 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\sdsetup.exe
[2010/11/03 18:36:29 | 000,088,064 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/03 12:50:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/02 20:39:29 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/02 20:39:29 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Spybot - Search & Destroy.lnk
[2010/11/02 20:38:02 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Tom\Desktop\spybotsd162.exe
[2010/10/31 19:22:39 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/31 12:01:15 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/31 11:44:03 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\Tom\Start Menu\Programs\Startup\Secunia PSI.lnk
[2010/10/31 11:43:11 | 000,755,552 | ---- | M] (Secunia) -- C:\Documents and Settings\Tom\Desktop\PSISetup.exe
[2010/10/31 11:40:50 | 000,000,165 | ---- | M] () -- C:\WINDOWS\setup.iss
[2010/10/30 15:38:53 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\rkill.com
[2010/10/30 14:02:52 | 000,286,404 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\gmer.zip
[2010/10/30 13:50:16 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\dds.scr
[2010/10/30 13:45:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tom\defogger_reenable
[2010/10/30 13:45:04 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Defogger.exe
[2010/10/30 12:47:07 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Tom\Desktop\HijackThis.exe
[2010/10/29 19:42:00 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/10/28 17:46:46 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/28 17:46:10 | 009,705,656 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Tom\Desktop\SUPERAntiSpyware.exe
[2010/10/27 18:36:01 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/19 21:28:23 | 000,011,048 | ---- | M] () -- C:\My Documents\current event 4.docx
[2010/10/19 13:06:55 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\iTunes.lnk
[2010/10/18 23:01:26 | 000,011,088 | ---- | M] () -- C:\My Documents\currrrent event 3.docx
[2010/10/18 22:01:11 | 000,011,092 | ---- | M] () -- C:\My Documents\current event 2.docx
[2010/10/15 21:12:18 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\CCleaner.lnk
[2010/10/13 19:32:46 | 000,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/12 21:30:27 | 000,001,538 | ---- | M] () -- C:\Documents and Settings\Tom\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/10/12 21:27:39 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\LimeWire 5.5.16.lnk
[2010/10/10 15:05:47 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/10 14:57:11 | 136,767,488 | ---- | M] () -- C:\My Documents\Tom's Best Recruit Intro.mpg
[2010/10/10 14:57:11 | 1044,508,672 | ---- | M] () -- C:\My Documents\2010 Brophy Invite 9-25.mpg
[2010/10/10 14:56:06 | 000,147,776 | ---- | M] () -- C:\My Documents\toms complete recruit movie.pds
[6 C:\My Documents\*.tmp files -> C:\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/03 21:04:35 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/11/03 21:04:35 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/11/03 21:04:35 | 000,000,151 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\IObit Freeware.url
[2010/11/03 20:00:11 | 000,800,850 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2010/11/03 20:00:01 | 000,001,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/11/03 19:57:16 | 000,507,360 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\sdsetup.exe
[2010/11/02 20:39:29 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/02 20:39:29 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Spybot - Search & Destroy.lnk
[2010/10/31 19:22:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/31 19:22:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/31 19:21:12 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/31 19:21:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/31 19:21:12 | 000,088,064 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/31 19:21:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/31 19:21:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/31 19:19:23 | 003,902,190 | R--- | C] () -- C:\Documents and Settings\Tom\Desktop\ComboFix.exe
[2010/10/31 12:01:15 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/31 11:44:03 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\Tom\Start Menu\Programs\Startup\Secunia PSI.lnk
[2010/10/31 11:37:29 | 000,000,165 | ---- | C] () -- C:\WINDOWS\setup.iss
[2010/10/30 15:38:52 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\rkill.com
[2010/10/30 14:02:52 | 000,286,404 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\gmer.zip
[2010/10/30 13:50:16 | 000,545,280 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\dds.scr
[2010/10/30 13:45:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tom\defogger_reenable
[2010/10/30 13:45:04 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Defogger.exe
[2010/10/28 17:46:46 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/27 18:36:01 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/19 21:28:23 | 000,011,048 | ---- | C] () -- C:\My Documents\current event 4.docx
[2010/10/18 23:01:26 | 000,011,088 | ---- | C] () -- C:\My Documents\currrrent event 3.docx
[2010/10/18 22:01:11 | 000,011,092 | ---- | C] () -- C:\My Documents\current event 2.docx
[2010/10/15 21:12:17 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\CCleaner.lnk
[2010/10/12 21:30:27 | 000,001,538 | ---- | C] () -- C:\Documents and Settings\Tom\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/10/12 21:27:39 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\LimeWire 5.5.16.lnk
[2010/10/10 15:05:47 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/10 14:56:03 | 000,147,776 | ---- | C] () -- C:\My Documents\toms complete recruit movie.pds
[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/08/05 13:13:44 | 001,073,152 | ---- | C] () -- C:\WINDOWS\System32\wxcode_msw28u_wxcurl_CW.dll
[2009/08/05 13:13:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\wxcode_msw28u_wxjson_CW.dll
[2009/08/05 10:28:19 | 000,975,872 | ---- | C] () -- C:\WINDOWS\System32\libxml2_CW.dll
[2009/08/05 09:57:40 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\libexpat.dll
[2009/08/05 09:57:39 | 002,916,352 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_core_vc_CW.dll
[2009/08/05 09:57:39 | 001,236,992 | ---- | C] () -- C:\WINDOWS\System32\wxbase28u_vc_CW.dll
[2009/08/05 09:57:39 | 000,716,800 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_adv_vc_CW.dll
[2009/08/05 09:57:39 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_xrc_vc_CW.dll
[2009/08/05 09:57:39 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_html_vc_CW.dll
[2009/08/05 09:57:39 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\wxbase28u_xml_vc_CW.dll
[2009/08/05 09:57:39 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\wxbase28u_net_vc_CW.dll
[2009/08/05 09:57:39 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_media_vc_CW.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/23 20:14:20 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/02 21:17:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/02 17:03:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2009/03/31 19:34:27 | 000,000,244 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/30 08:40:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/25 05:43:02 | 001,753,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008/09/11 10:09:20 | 000,028,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/05/19 03:39:58 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2001/09/24 07:59:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2000/09/18 17:12:40 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\CSSMS_IN.DLL

========== LOP Check ==========

[2009/08/05 09:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ContentWatch
[2009/03/31 16:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/09/12 17:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/11/07 10:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2009/03/31 19:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/09/14 20:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/26 23:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\AskToolbar
[2010/11/03 21:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\IObit
[2010/11/05 22:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\LimeWire
[2009/03/31 21:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\OfficeUpdate12
[2009/03/31 18:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Windows Desktop Search
[2010/10/13 13:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Windows Search
[2010/11/07 16:01:01 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/11/07 02:27:10 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{5CE893F2-1E70-49B2-A05B-DAEA00DECB0F}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:DFC5A2B2

< End of report >
[2010/11/07 16:26:46 | 000,036,864 | -H-- | M] () -- C:\Documents and Settings\Tom\ntuser.dat.LOG
[2010/11/07 16:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Desktop
[2010/11/07 16:09:43 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Tom\Cookies
[2010/11/07 16:03:45 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2010/11/07 16:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Local Settings\Application Data\AskToolbar
[2010/11/07 16:01:01 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/11/07 15:52:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
[2010/11/07 10:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/11/07 02:27:10 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5CE893F2-1E70-49B2-A05B-DAEA00DECB0F}.job
[2010/11/05 22:25:25 | 000,496,600 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/05 22:25:25 | 000,092,472 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/05 22:25:24 | 000,600,112 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/11/05 22:21:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/05 22:21:01 | 000,000,000 | ---D | M] -- C:\Program Files\PC Tools Security
[2010/11/05 22:20:26 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Tom\Application Data
[2010/11/05 22:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\LimeWire
[2010/11/05 22:20:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/11/05 22:20:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/03 21:58:59 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/11/03 21:55:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Tom\Local Settings
[2010/11/03 21:45:32 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/11/03 21:29:39 | 003,902,190 | R--- | M] () -- C:\Documents and Settings\Tom\Desktop\ComboFix.exe
[2010/11/03 21:28:13 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\Tom\ntuser.dat
[2010/11/03 21:04:35 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/11/03 21:04:35 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/11/03 21:04:35 | 000,000,151 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\IObit Freeware.url
[2010/11/03 21:04:35 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Tom\Start Menu
[2010/11/03 21:04:35 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Tom\Favorites
[2010/11/03 21:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop
[2010/11/03 21:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\IObit
[2010/11/03 21:04:15 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2010/11/03 21:03:48 | 008,858,200 | ---- | M] (IObit ) -- C:\Documents and Settings\Tom\Desktop\asc-setup.exe
[2010/11/03 20:03:58 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tom\ntuser.ini
[2010/11/03 20:02:48 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\PC Tools
[2010/11/03 20:00:01 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/11/03 19:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/11/03 19:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\PC Tools
[2010/11/03 19:57:27 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2010/11/03 19:57:18 | 000,507,360 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\sdsetup.exe
[2010/11/03 18:36:29 | 000,088,064 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/03 12:50:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/02 20:42:16 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/02 20:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/11/02 20:39:29 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/02 20:39:29 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Spybot - Search & Destroy.lnk
[2010/11/02 20:38:02 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Tom\Desktop\spybotsd162.exe
[2010/10/31 22:10:26 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Tom\Recent
[2010/10/31 12:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/10/31 12:01:15 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/31 11:58:13 | 034,452,784 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Tom\Desktop\QuickTimeInstaller.exe
[2010/10/31 11:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/31 11:56:37 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Java
[2010/10/31 11:55:45 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/10/31 11:52:29 | 016,308,000 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Tom\Desktop\jre-6u22-windows-i586-s.exe
[2010/10/31 11:51:42 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/10/31 11:51:39 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Adobe AIR
[2010/10/31 11:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Adobe
[2010/10/31 11:51:11 | 012,675,272 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\Tom\Desktop\AdobeAIRInstaller.exe
[2010/10/31 11:50:12 | 002,788,816 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Tom\Desktop\install_flash_player.exe
[2010/10/31 11:44:03 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\Tom\Start Menu\Programs\Startup\Secunia PSI.lnk
[2010/10/31 11:43:40 | 000,000,000 | ---D | M] -- C:\Program Files\Secunia
[2010/10/31 11:43:11 | 000,755,552 | ---- | M] (Secunia) -- C:\Documents and Settings\Tom\Desktop\PSISetup.exe
[2010/10/31 11:40:50 | 000,000,165 | ---- | M] () -- C:\WINDOWS\setup.iss
[2010/10/31 11:40:37 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Tom\Application Data\Microsoft
[2010/10/31 11:40:13 | 000,000,000 | ---D | M] -- C:\Program Files\WOT
[2010/10/31 11:37:02 | 003,220,488 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Tom\Desktop\WOT-bing-latest.exe
[2010/10/30 15:38:53 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\rkill.com
[2010/10/30 14:02:52 | 000,286,404 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\gmer.zip
[2010/10/30 13:50:16 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\dds.scr
[2010/10/30 13:45:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tom\defogger_reenable
[2010/10/30 13:45:04 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Defogger.exe
[2010/10/30 12:47:07 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Tom\Desktop\HijackThis.exe
[2010/10/29 19:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Apple Computer
[2010/10/29 19:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Apple Computer
[2010/10/29 19:42:00 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/10/28 18:01:20 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2010/10/28 17:46:52 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2010/10/28 17:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\SUPERAntiSpyware.com
[2010/10/28 17:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/10/28 17:46:46 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/28 17:46:10 | 009,705,656 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Tom\Desktop\SUPERAntiSpyware.exe
[2010/10/27 18:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Malwarebytes
[2010/10/27 18:36:02 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/27 18:36:01 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/27 18:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/26 23:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\AskToolbar
[2010/10/23 14:14:15 | 006,425,730 | -H-- | M] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\IconCache.db
[2010/10/19 21:28:23 | 000,011,048 | ---- | M] () -- C:\My Documents\current event 4.docx
[2010/10/19 13:06:55 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\iTunes.lnk
[2010/10/18 23:01:26 | 000,011,088 | ---- | M] () -- C:\My Documents\currrrent event 3.docx
[2010/10/18 22:01:11 | 000,011,092 | ---- | M] () -- C:\My Documents\current event 2.docx
[2010/10/16 08:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft
[2010/10/15 23:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/10/15 21:12:33 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/10/15 21:12:31 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2010/10/15 21:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Yahoo!
[2010/10/15 21:12:18 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\CCleaner.lnk
[2010/10/13 19:32:45 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/10/13 19:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/10/13 13:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Windows Search
[2010/10/12 21:30:27 | 000,001,538 | ---- | M] () -- C:\Documents and Settings\Tom\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/10/12 21:27:39 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\LimeWire 5.5.16.lnk
[2010/10/12 21:27:39 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2010/10/10 15:05:47 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/10 15:05:42 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Adobe
[2010/10/10 15:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/10/10 15:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\My Documents
[2010/10/10 14:59:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/10/10 14:57:11 | 136,767,488 | ---- | M] () -- C:\My Documents\Tom's Best Recruit Intro.mpg
[2010/10/10 14:57:11 | 1044,508,672 | ---- | M] () -- C:\My Documents\2010 Brophy Invite 9-25.mpg
[2010/10/10 14:56:06 | 000,147,776 | ---- | M] () -- C:\My Documents\toms complete recruit movie.pds
[2010/09/26 12:53:16 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/16 16:08:17 | 000,069,232 | ---- | M] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/30 08:39:39 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Tom\Application Data\desktop.ini
[2009/03/30 08:39:39 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[6 C:\My Documents\*.tmp files -> C:\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/07 16:03:45 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2010/11/07 16:01:01 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/11/07 15:52:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
[2010/11/07 02:27:10 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5CE893F2-1E70-49B2-A05B-DAEA00DECB0F}.job
[2010/11/05 22:25:25 | 000,496,600 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/05 22:25:25 | 000,092,472 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/05 22:21:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/05 22:20:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/03 21:29:39 | 003,902,190 | R--- | M] () -- C:\Documents and Settings\Tom\Desktop\ComboFix.exe
[2010/11/03 21:04:35 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/11/03 21:04:35 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/11/03 21:04:35 | 000,000,151 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\IObit Freeware.url
[2010/11/03 21:03:48 | 008,858,200 | ---- | M] (IObit ) -- C:\Documents and Settings\Tom\Desktop\asc-setup.exe
[2010/11/03 20:00:19 | 000,800,850 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2010/11/03 20:00:01 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/11/03 19:57:18 | 000,507,360 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\sdsetup.exe
[2010/11/03 18:36:29 | 000,088,064 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/03 12:50:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/02 20:39:29 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/02 20:39:29 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Spybot - Search & Destroy.lnk
[2010/11/02 20:38:02 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Tom\Desktop\spybotsd162.exe
[2010/10/31 19:22:39 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/31 12:01:15 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/31 11:58:13 | 034,452,784 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Tom\Desktop\QuickTimeInstaller.exe
[2010/10/31 11:55:52 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/31 11:55:52 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/31 11:55:52 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/31 11:55:52 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/10/31 11:55:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/10/31 11:52:29 | 016,308,000 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Tom\Desktop\jre-6u22-windows-i586-s.exe
[2010/10/31 11:51:11 | 012,675,272 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\Tom\Desktop\AdobeAIRInstaller.exe
[2010/10/31 11:50:12 | 002,788,816 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Tom\Desktop\install_flash_player.exe
[2010/10/31 11:44:03 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\Tom\Start Menu\Programs\Startup\Secunia PSI.lnk
[2010/10/31 11:43:11 | 000,755,552 | ---- | M] (Secunia) -- C:\Documents and Settings\Tom\Desktop\PSISetup.exe
[2010/10/31 11:40:50 | 000,000,165 | ---- | M] () -- C:\WINDOWS\setup.iss
[2010/10/31 11:37:02 | 003,220,488 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Tom\Desktop\WOT-bing-latest.exe
[2010/10/30 15:38:53 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\rkill.com
[2010/10/30 14:02:52 | 000,286,404 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\gmer.zip
[2010/10/30 13:50:16 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\dds.scr
[2010/10/30 13:45:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tom\defogger_reenable
[2010/10/30 13:45:04 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Defogger.exe
[2010/10/30 12:47:07 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Tom\Desktop\HijackThis.exe
[2010/10/29 19:42:00 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/10/28 17:46:46 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/28 17:46:10 | 009,705,656 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Tom\Desktop\SUPERAntiSpyware.exe
[2010/10/27 18:36:01 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/19 21:28:23 | 000,011,048 | ---- | M] () -- C:\My Documents\current event 4.docx
[2010/10/19 13:06:55 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\iTunes.lnk
[2010/10/18 23:01:26 | 000,011,088 | ---- | M] () -- C:\My Documents\currrrent event 3.docx
[2010/10/18 22:01:11 | 000,011,092 | ---- | M] () -- C:\My Documents\current event 2.docx
[2010/10/15 21:12:18 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\CCleaner.lnk
[2010/10/13 19:32:46 | 000,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/12 21:30:27 | 000,001,538 | ---- | M] () -- C:\Documents and Settings\Tom\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/10/12 21:27:39 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\LimeWire 5.5.16.lnk
[2010/10/10 15:05:47 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/10 14:57:11 | 136,767,488 | ---- | M] () -- C:\My Documents\Tom's Best Recruit Intro.mpg
[2010/10/10 14:57:11 | 1044,508,672 | ---- | M] () -- C:\My Documents\2010 Brophy Invite 9-25.mpg
[2010/10/10 14:56:06 | 000,147,776 | ---- | M] () -- C:\My Documents\toms complete recruit movie.pds
[6 C:\My Documents\*.tmp files -> C:\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== LOP Check ==========

[2009/08/05 09:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ContentWatch
[2009/03/31 16:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/09/12 17:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/11/07 10:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2009/03/31 19:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/09/14 20:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/26 23:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\AskToolbar
[2010/11/03 21:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\IObit
[2010/11/05 22:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\LimeWire
[2009/03/31 21:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\OfficeUpdate12
[2009/03/31 18:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Windows Desktop Search
[2010/10/13 13:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Windows Search
[2010/11/07 16:01:01 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/11/07 02:27:10 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{5CE893F2-1E70-49B2-A05B-DAEA00DECB0F}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:DFC5A2B2

< End of report >
OTL Extras logfile created on: 11/7/2010 4:14:24 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Tom\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 36.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 265.24 Gb Free Space | 88.98% Space Free | Partition Type: NTFS

Computer Name: TOM-LAPTOP | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Disabled:Nero Home -- (Nero AG)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{43FFE159-3199-4188-A1CD-629166AD1033}" = Nero 7 Ultra Edition
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}" = Norton AntiVirus Corporate Edition
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F99520C7-7EE6-472E-8DD8-E60003A9292F}" = WOT for Internet Explorer
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator CS2" = Adobe Illustrator CS2
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"ALTACPHOME_is1" = Net Nanny Parental Controls 5.5
"CCleaner" = CCleaner
"DVD Shrink_is1" = DVD Shrink 3.2
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"LimeWire" = LimeWire 5.5.16
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROPLUS" = Microsoft Office Professional Plus 2007
"Secunia PSI" = Secunia PSI
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Spyware Doctor" = Spyware Doctor 8.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2000478354-1383384898-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/23/2010 1:52:49 AM | Computer Name = TOM-LAPTOP | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Downloader in File: C:\Documents and Settings\Tom\Local
Settings\Temp\0.7235449589826508.gif by: Manual scan. Action: Clean failed : Leave
Alone succeeded :

Error - 10/23/2010 1:55:21 AM | Computer Name = TOM-LAPTOP | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Trojan.FakeAV!gen39 in File: C:\Documents
and Settings\Tom\Local Settings\Temp\0.2066404171061953.exe by: Realtime Protection
scan. Action: Clean failed : Quarantine succeeded : Access denied

Error - 10/29/2010 10:19:16 PM | Computer Name = TOM-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module limewi~2.dll, version 5.1.0.1000, fault address 0x0005d09d.

Error - 10/29/2010 10:56:07 PM | Computer Name = TOM-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module limewi~2.dll, version 5.1.0.1000, fault address 0x0005d09d.

Error - 10/31/2010 1:43:49 AM | Computer Name = TOM-LAPTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/31/2010 1:43:50 AM | Computer Name = TOM-LAPTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/31/2010 3:31:25 PM | Computer Name = TOM-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module limewi~2.dll, version 5.1.0.1000, fault address 0x0005d09d.

Error - 10/31/2010 3:32:05 PM | Computer Name = TOM-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module limewi~2.dll, version 5.1.0.1000, fault address 0x0005d09d.

Error - 10/31/2010 3:43:15 PM | Computer Name = TOM-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module yt.dll, version 2008.7.28.1, fault address 0x00056d54.

Error - 11/6/2010 1:21:07 AM | Computer Name = TOM-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application luall.exe, version 1.63.12.0, faulting module
luall.exe, version 1.63.12.0, fault address 0x0001f3fb.

[ OSession Events ]
Error - 6/3/2009 12:53:47 PM | Computer Name = TOM-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/3/2009 12:54:00 PM | Computer Name = TOM-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/3/2009 12:54:07 PM | Computer Name = TOM-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/3/2009 12:54:16 PM | Computer Name = TOM-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/3/2009 12:54:55 PM | Computer Name = TOM-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 32
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/3/2009 12:55:08 PM | Computer Name = TOM-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/8/2010 7:44:41 PM | Computer Name = TOM-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26419
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/5/2010 9:52:31 PM | Computer Name = TOM-LAPTOP | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.4
with the system having network hardware address C4:2C:03:E9:5A:68. Network operations
on this system may be disrupted as a result.

Error - 10/6/2010 1:17:24 PM | Computer Name = TOM-LAPTOP | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.4 on
the Network Card with network address 001F3B91E375.

Error - 10/16/2010 11:41:23 AM | Computer Name = TOM-LAPTOP | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001F3B91E375. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 10/27/2010 8:19:46 PM | Computer Name = TOM-LAPTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
address 001F3B91E375 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/28/2010 1:21:11 AM | Computer Name = TOM-LAPTOP | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.9
with the system having network hardware address 00:25:4B:20:F9:A1. Network operations
on this system may be disrupted as a result.

Error - 10/31/2010 7:39:32 PM | Computer Name = TOM-LAPTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001F3B91E375 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:21 PM

Posted 09 November 2010 - 04:25 AM

Hi there, the RKU link seems down, so lets skip that for now.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 wahlcoman

wahlcoman
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 09 November 2010 - 10:38 AM

Here is the combofix report

ComboFix 10-11-07.A2 - Tom 11/09/2010 8:08.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.1995 [GMT -7:00]
Running from: c:\documents and settings\Tom\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-10-09 to 2010-11-09 )))))))))))))))))))))))))))))))
.

2010-11-04 04:04 . 2010-11-04 04:04 -------- d-----w- c:\documents and settings\Tom\Application Data\IObit
2010-11-04 04:04 . 2010-11-04 04:04 -------- d-----w- c:\program files\IObit
2010-11-04 03:00 . 2010-07-16 21:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2010-11-04 03:00 . 2010-07-16 21:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2010-11-04 03:00 . 2010-10-05 18:10 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-11-04 03:00 . 2010-09-30 15:58 159936 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-11-04 03:00 . 2010-08-18 20:51 237632 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-11-04 02:59 . 2010-10-05 18:11 123712 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-11-04 02:59 . 2010-09-03 19:28 87400 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-11-04 02:59 . 2010-08-11 00:58 31960 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-11-04 02:59 . 2010-08-27 16:26 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-11-04 02:59 . 2010-11-04 03:02 -------- d-----w- c:\program files\Common Files\PC Tools
2010-11-04 02:59 . 2010-11-09 13:19 -------- d-----w- c:\program files\PC Tools Security
2010-11-04 02:59 . 2010-11-04 02:59 -------- d-----w- c:\documents and settings\Tom\Application Data\PC Tools
2010-11-04 02:57 . 2010-11-04 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-11-03 03:39 . 2010-11-03 03:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-03 03:39 . 2010-11-03 03:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-31 19:01 . 2010-10-31 19:01 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-10-31 19:01 . 2010-10-31 19:01 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-10-31 19:01 . 2010-10-31 19:01 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-10-31 19:01 . 2010-10-31 19:01 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-10-31 19:01 . 2010-10-31 19:01 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-10-31 19:01 . 2010-10-31 19:01 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-10-31 19:01 . 2010-10-31 19:01 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-10-31 19:00 . 2010-10-31 19:01 -------- d-----w- c:\program files\QuickTime
2010-10-31 18:56 . 2010-10-31 18:56 -------- d-----w- c:\program files\Common Files\Java
2010-10-31 18:56 . 2010-10-31 18:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-31 18:56 . 2010-10-31 18:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-31 18:55 . 2010-10-31 18:55 -------- d-----w- c:\program files\Java
2010-10-31 18:43 . 2010-10-31 18:43 -------- d-----w- c:\program files\Secunia
2010-10-31 18:40 . 2010-10-31 18:40 -------- d-----w- c:\program files\WOT
2010-10-29 00:46 . 2010-10-29 00:46 -------- d-----w- c:\documents and settings\Tom\Application Data\SUPERAntiSpyware.com
2010-10-29 00:46 . 2010-10-29 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-10-29 00:46 . 2010-10-29 00:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-28 01:36 . 2010-10-28 01:36 -------- d-----w- c:\documents and settings\Tom\Application Data\Malwarebytes
2010-10-28 01:35 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-28 01:35 . 2010-10-28 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-28 01:35 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-28 01:35 . 2010-10-28 01:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-27 06:07 . 2010-10-27 06:07 -------- d-----w- c:\documents and settings\Tom\Application Data\AskToolbar
2010-10-16 04:12 . 2010-10-16 06:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-10-16 04:12 . 2010-10-16 04:12 -------- d-----w- c:\documents and settings\Tom\Application Data\Yahoo!
2010-10-16 04:12 . 2010-10-16 04:12 -------- d-----w- c:\program files\Yahoo!
2010-10-16 04:12 . 2010-10-16 04:12 -------- d-----w- c:\program files\CCleaner
2010-10-14 02:23 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 02:22 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-13 20:38 . 2010-10-13 20:38 -------- d-----w- c:\documents and settings\Tom\Application Data\Windows Search
2010-10-13 04:34 . 2010-10-13 04:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 19:23 . 2002-08-29 11:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2002-08-29 11:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-08-29 11:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-08-29 11:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2002-08-29 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2002-08-29 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2002-08-29 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 18:17 . 2010-09-08 18:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17 . 2010-09-08 18:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2002-08-29 11:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2002-08-29 11:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2002-08-29 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2002-08-29 11:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2002-08-29 11:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-05-02 23:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2002-08-29 11:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2002-08-29 11:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2002-08-29 11:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-10-11 23:12 1244040 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-01 39408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-25 2424560]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-09-29 2407632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-02 17530368]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-30 638976]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\qsb.exe" [2009-04-01 68592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1040384]
"vptray"="c:\program files\NavNT\vptray.exe" [2001-09-24 73728]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-10 153136]
"cwcptray"="c:\program files\ContentWatch\Internet Protection\cwtray.exe" [2010-07-03 353600]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2010-09-29 1588184]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]

c:\documents and settings\Tom\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-9-30 503808]
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-7-21 965176]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/3/2010 8:00 PM 237632]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [11/3/2010 8:00 PM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [11/3/2010 8:00 PM 656320]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2/25/2009 3:24 PM 29808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 CwAltaService20;ContentWatch;c:\program files\ContentWatch\Internet Protection\cwsvc.exe [8/5/2009 9:57 AM 2100544]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [11/3/2010 7:59 PM 366840]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [4/5/2009 6:16 PM 1201640]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7/7/2010 7:05 AM 14904]

--- Other Services/Drivers In Memory ---

*Deregistered* - NAVAP
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - PCTSDInjDriver32
.
Contents of the 'Scheduled Tasks' folder

2010-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-11-09 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-10-11 23:12]

2010-11-09 c:\windows\Tasks\User_Feed_Synchronization-{5CE893F2-1E70-49B2-A05B-DAEA00DECB0F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = https://safe-cart.com/pcdriversheadqu/.driver-detective/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\cwalsp.dll
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-09 08:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\NavLogon.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'lsass.exe'(1068)
c:\windows\system32\cwalsp.dll
c:\windows\system32\wxbase28u_vc_CW.dll
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(5808)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-11-09 08:31:23
ComboFix-quarantined-files.txt 2010-11-09 15:31
ComboFix2.txt 2010-11-04 05:07
ComboFix3.txt 2010-11-01 02:30

Pre-Run: 284,651,712,512 bytes free
Post-Run: 284,869,869,568 bytes free

- - End Of File - - EA48C7D68D759EF45D41471446DA27A8

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:21 PM

Posted 09 November 2010 - 10:53 AM

If you still have the redirect issue at this point, please reset your router.

If you have trouble doing so, let me know what type of router your have (or contact your ISP to ask how to reset it).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 wahlcoman

wahlcoman
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 09 November 2010 - 11:09 AM

So the router is causing this? I thought it might since all computers on this router are having the same redirect issues. I have updated the router and tried resetting it with no improved results. Router is a Netgear WNDR3700 and will try to reset again.

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:21 PM

Posted 09 November 2010 - 11:18 AM

See here: ftp://downloads.netgear.com/files/WNDR3700/Documentation/SM/WNDR3700_SM_04JUN2010.pdf

Scroll down to: Restoring the Default Password and Configuration
Settings

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:21 PM

Posted 14 November 2010 - 06:06 AM

Hi, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 wahlcoman

wahlcoman
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 15 November 2010 - 07:43 PM

yes, I reset the modem to factory settings and still have the problem.

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:21 PM

Posted 16 November 2010 - 05:35 AM

Please try this:

Please right click on your Internet Connection icon in the System Tray and select Status. In the Status window click the Options button.

Look under "this connection uses the following items" and highlight Internet Protocol (TCP/IP). Click Properties.

On the General tab, make sure "Obtain an IP address automatically" and "Obtain DNS server address automatically" are both ticked.
On the Alternate Configuration tab, make sure "Automatic private IP address" is ticked.

Click OK to exit the Properties and OK to exit the other windows as well.

Now, click Start > Run and type cmd in the runbox.

A command window will open. Type ipconfig /flushdns and press enter.


Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:
@echo off
(ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print) >>Log1.txt
start notepad Log1.txt
del %0
Go to the File menu at the top of the Notepad and select Save as.
Select save in: desktop
Fill in File name: test.bat
Save as type: All file types (*.*)
Click save.
Close the Notepad.
Locate and double-click tast.bat on the desktop.
A notepad opens, copy and paste the content it (log1.txt) to your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 wahlcoman

wahlcoman
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 17 November 2010 - 02:39 PM

Here is the log report:

Windows IP Configuration



Host Name . . . . . . . . . . . . : tom-laptop

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-1E-68-64-48-E2



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN

Physical Address. . . . . . . . . : 00-1F-3B-91-E3-75

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Wednesday, November 17, 2010 1:14:40 AM

Lease Expires . . . . . . . . . . : Thursday, November 18, 2010 1:14:40 AM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 72.14.204.147, 72.14.204.99, 72.14.204.103, 72.14.204.104

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 69.147.125.65, 209.191.122.70
67.195.160.76



Pinging google.com [72.14.204.99] with 32 bytes of data:



Reply from 72.14.204.99: bytes=32 time=87ms TTL=56

Reply from 72.14.204.99: bytes=32 time=98ms TTL=56



Ping statistics for 72.14.204.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 87ms, Maximum = 98ms, Average = 92ms



Pinging yahoo.com [69.147.125.65] with 32 bytes of data:



Reply from 69.147.125.65: bytes=32 time=178ms TTL=56

Reply from 69.147.125.65: bytes=32 time=93ms TTL=56



Ping statistics for 69.147.125.65:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 93ms, Maximum = 178ms, Average = 135ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1e 68 64 48 e2 ...... Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
0x3 ...00 1f 3b 91 e3 75 ...... Intel® Wireless WiFi Link 4965AGN - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.2 192.168.1.2 20
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 10
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 10
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 10
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
255.255.255.255 255.255.255.255 192.168.1.2 2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:21 PM

Posted 17 November 2010 - 02:58 PM

Do all computers connecting to this router still have the problem? What is your ISP (internet service provider)?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 wahlcoman

wahlcoman
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 17 November 2010 - 06:01 PM

yes all computers connected to the router have the same problem. ISP is Cox.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users