Jump to content

Help needed - logs attached


Recommended Posts

My XP pro sp3 machine became infected with something that would not allow any programs to open. The only thing that would open was some fake anti-virus program asking if I wanted to activate it.

I was able to boot into save mode, revert back a couple days via system restore, update and run MBAM, and clean a couple things. HOWEVER, now XP appears locked in some alternate

Attach.txt

Edited by Maurice Naggar
Logs placed In-Line
Link to post
Share on other sites

DDS.txt log

DDS (Ver_10-03-17.01) - NTFSx86

Run by JimW at 0:45:10.64 on Sun 05/23/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1944.1196 [GMT -4:00]

AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {45AB79F7-2079-41B4-97A8-9709DE6E116B}

FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\DTS.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\AtService.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\WINDOWS\system32\TpKmpSVC.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

C:\WINDOWS\system32\wuauclt.exe

c:\program files\lenovo\system update\suservice.exe

C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

C:\Program Files\Trend Micro\BM\TMBMSRV.exe

C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe

C:\WINDOWS\system32\TpShocks.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe

C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe

C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\igfxext.exe

C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe

C:\Program Files\Garmin\ANT Agent\ANT Agent.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

c:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE

C:\Documents and Settings\jimw\Desktop\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = Microsoft Internet Explorer provided by Steiner Leisure, Inc.

uStart Page = hxxp://finance.yahoo.com/p;_ylt=AlpcFCPWz94ZmsBUj0XWzty7YWsA;_ylu=X3oDMTB0bmgzNGtjBHBvcwMzMgRzZWMDdG9wTmF

2BHNsawNzdGVpbmVy?k=pf_2

uDefault_Page_URL = hxxp://www.steinerleisure.com

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Lenovo ThinkVantage Toolbox: {86b9b5dd-fb75-4035-bd52-3c94f7849caf} - c:\program files\pc-doctor\ATLPcdToolbar544928.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [ANT Agent] c:\program files\garmin\ant agent\ANT Agent.exe

mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe

mRun: [TPFNF7] c:\progra~1\lenovo\npdirect\TPFNF7SP.exe /r

mRun: [TpShocks] TpShocks.exe

mRun: [tsnp2uvc] c:\windows\tsnp2uvc.exe

mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe

mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s

mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe

mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe

mRun: [CameraApplicationLauncher] c:\program files\lenovo\camera center\bin\CameraApplicationLaunchpadLauncher.exe

mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start

mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

mRun: [CreateLMBCShortCut] "c:\program files\lenovo\mobile broadband connect\UserShortcutCreator.exe"

mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe

mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe

mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper

mRun: [<NO NAME>]

mRun: [smartAudio] c:\program files\conexant\saii\SAIICpl.exe /t

mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe

dRunOnce: [WMC_WMPDBExport] c:\program files\windows media player\wmdbexport.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://edctrend.steiner.sll.com:4343/officescan/console/html/ClientInstall/WinNTChk.cab

DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://edctrend.steiner.sll.com:4343/officescan/console/html/ClientInstall/setup.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

Notify: ACNotify - ACNotify.dll

Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll

Notify: igfxcui - igfxdev.dll

Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Notification Packages = scecli ACGina

Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-2-22 24304]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-5-22 64160]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-10-23 13480]

R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-3-19 1680632]

R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-2-22 132456]

R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-3-19 98304]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-11-25 53248]

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-3-16 50704]

R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2009-9-30 230928]

R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2009-9-30 36368]

R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-10-5 62320]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-11-24 520192]

R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-11-25 482176]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-11-25 243856]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-10-5 45424]

S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 360448]

S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-3-19 106496]

S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2009-3-19 118784]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]

S3 TmPfw;OfficeScan NT Firewall;c:\program files\trend micro\officescan client\TmPfw.exe [2008-2-4 497008]

S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2008-2-4 689416]

=============== Created Last 30 ================

2010-05-23 04:40:05 1024 ----a-w- C:\.rnd

2010-05-23 04:37:19 0 ----a-w- c:\documents and settings\jimw\defogger_reenable

2010-05-22 22:23:07 15688 ----a-w- c:\windows\system32\lsdelete.exe

2010-05-22 20:23:02 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-05-22 20:21:33 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

2010-05-22 20:21:28 0 d-----w- c:\program files\Lavasoft

2010-05-22 17:30:20 0 d-----w- c:\program files\Spybot - Search & Destroy

2010-05-22 17:30:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2010-05-22 14:47:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-22 14:47:03 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-22 14:28:44 0 d-----w- c:\windows\system32\wbem\Repository

2010-05-22 06:10:29 0 d-----w- c:\docume~1\jimw\applic~1\Malwarebytes

2010-05-22 06:10:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-22 06:10:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-05-20 00:17:53 0 d-----w- c:\program files\Adobe(2)

2010-04-29 20:00:02 0 d-----w- c:\docume~1\jimw\applic~1\GARMIN

2010-04-29 19:59:12 18944 ----a-w- c:\windows\system32\drivers\SiLib.sys

2010-04-29 19:59:12 14848 ----a-w- c:\windows\system32\drivers\DSI_SiUSBXp_3_1.sys

2010-04-29 19:59:12 0 d-----w- c:\program files\Garmin

2010-04-27 19:23:18 26 ----a-w- C:\register.js

==================== Find3M ====================

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll

2009-11-26 00:11:04 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat

2010-02-17 07:01:40 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010021620100217\index.dat

============= FINISH: 0:46:23.75 ===============

Link to post
Share on other sites

Hello and welcome to MalwareBytes forums.

Please start with the following.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Download & SAVE OTL by OldTimer to your desktop from one of the following links: Link1 or

Link2

  • Please double-click OTL.com otlDesktopIcon.png to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :processes
    killallprocesses
    :files
    C:\recycler
    D:\recycler
    e:\recycler
    f:\recycler
    g:\recycler
    h:\recycler
    :Commands
    [purity]
    [emptytemp]
    [CREATERESTOREPOINT]
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 4

  • Please double-click OTL.com otlDesktopIcon.png to run it.
  • In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):

  • the contents of OTL MovedFiles log
  • the contents of OTL.txt
  • the contents of Extras.txt
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

OTL MOVED FILES LOG

All processes killed

========== PROCESSES ==========

========== FILES ==========

C:\RECYCLER\S-1-5-21-318950029-3384829000-1021126697-500 folder moved successfully.

C:\RECYCLER\S-1-5-21-2232656509-361406962-1938170613-7042 folder moved successfully.

C:\RECYCLER\S-1-5-21-2232656509-361406962-1938170613-2940 folder moved successfully.

C:\RECYCLER\S-1-5-21-157072676-3322026471-217720490-1008 folder moved successfully.

C:\RECYCLER folder moved successfully.

File\Folder D:\recycler not found.

File\Folder e:\recycler not found.

File\Folder f:\recycler not found.

File\Folder g:\recycler not found.

File\Folder h:\recycler not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 14457793 bytes

->Temporary Internet Files folder emptied: 204952 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 321 bytes

User: All Users

User: Blas

->Temp folder emptied: 145386279 bytes

->Temporary Internet Files folder emptied: 19596932 bytes

->Java cache emptied: 6438765 bytes

->Flash cache emptied: 36495 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Flash cache emptied: 321 bytes

User: jimw

->Temp folder emptied: 4773895 bytes

->Temporary Internet Files folder emptied: 174816442 bytes

->Java cache emptied: 232758 bytes

->Flash cache emptied: 51735 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 28589561 bytes

->Flash cache emptied: 5920 bytes

User: super_bp

->Temp folder emptied: 3939 bytes

->Temporary Internet Files folder emptied: 79158388 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 571 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 4648465 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 31137170 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10954598 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 497.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.5.0 log created on 05232010_174026

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL LOG

OTL logfile created on: 5/23/2010 9:22:07 PM - Run 1

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\jimw\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 292.37 Gb Total Space | 12.68 Gb Free Space | 4.34% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: SEG-JIMW

Current User Name: JimW

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/23 17:31:16 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jimw\Desktop\OTL.com

PRC - [2010/05/22 16:22:22 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2010/05/22 16:22:20 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2010/02/03 14:38:38 | 011,136,360 | ---- | M] (GARMIN Corp.) -- C:\Program Files\Garmin\ANT Agent\ANT Agent.exe

PRC - [2010/02/02 11:48:08 | 001,337,488 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe

PRC - [2010/02/02 11:46:04 | 001,385,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe

PRC - [2009/12/16 02:12:00 | 000,132,456 | ---- | M] (Lenovo.) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE

PRC - [2009/12/11 13:19:02 | 000,337,256 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe

PRC - [2009/12/10 23:34:16 | 000,181,608 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

PRC - [2009/12/10 23:34:14 | 000,431,464 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

PRC - [2009/12/10 23:34:12 | 000,230,760 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

PRC - [2009/12/10 23:34:10 | 000,103,784 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

PRC - [2009/12/10 23:10:20 | 000,167,936 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

PRC - [2009/12/01 11:13:12 | 000,345,352 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe

PRC - [2009/11/19 22:44:34 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

PRC - [2009/09/28 03:27:20 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe

PRC - [2009/09/21 16:55:12 | 000,858,384 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe

PRC - [2009/09/21 16:44:48 | 000,954,368 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

PRC - [2009/09/21 16:31:36 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

PRC - [2009/09/08 07:30:50 | 000,849,192 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe

PRC - [2009/08/19 20:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe

PRC - [2009/08/14 12:48:52 | 001,455,480 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe

PRC - [2009/08/14 12:48:52 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

PRC - [2009/08/14 12:48:52 | 000,349,528 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

PRC - [2009/08/04 05:32:00 | 000,062,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe

PRC - [2009/07/23 04:11:00 | 000,185,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE

PRC - [2009/07/23 04:11:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE

PRC - [2009/07/14 21:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

PRC - [2009/07/10 21:25:42 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe

PRC - [2009/05/28 02:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe

PRC - [2009/05/11 03:43:48 | 000,172,568 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe

PRC - [2009/04/02 20:20:04 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

PRC - [2009/03/19 06:08:44 | 000,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe

PRC - [2009/03/19 05:53:02 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\DTS.exe

PRC - [2009/03/19 05:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\system32\AtService.exe

PRC - [2009/03/13 04:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

PRC - [2009/03/12 22:12:52 | 000,172,032 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe

PRC - [2009/03/05 02:21:46 | 003,093,816 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

PRC - [2009/03/05 01:57:08 | 000,779,576 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

PRC - [2009/03/05 01:54:34 | 000,750,904 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

PRC - [2009/02/02 05:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

PRC - [2008/11/24 19:42:48 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

PRC - [2008/11/24 19:42:44 | 001,155,072 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

PRC - [2008/11/24 19:36:22 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

PRC - [2008/11/24 19:34:02 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

PRC - [2008/11/21 22:57:44 | 000,960,528 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

PRC - [2008/11/21 22:48:02 | 000,165,144 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

PRC - [2008/11/21 22:47:52 | 000,554,264 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

PRC - [2008/11/21 22:20:22 | 004,352,832 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

PRC - [2008/10/07 14:38:00 | 000,256,576 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE

PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

PRC - [2006/11/03 19:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe

PRC - [2006/06/29 22:57:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe

========== Modules (SafeList) ==========

MOD - [2010/05/23 17:31:16 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jimw\Desktop\OTL.com

MOD - [2009/08/14 12:47:02 | 000,094,273 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll

MOD - [2008/04/14 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/05/22 16:22:20 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2010/02/02 11:48:08 | 001,337,488 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)

SRV - [2010/02/02 11:46:04 | 001,385,768 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)

SRV - [2009/12/16 02:12:00 | 000,132,456 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)

SRV - [2009/12/16 02:12:00 | 000,053,248 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)

SRV - [2009/12/10 23:34:12 | 000,230,760 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)

SRV - [2009/12/10 23:34:10 | 000,103,784 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)

SRV - [2009/12/01 11:13:12 | 000,345,352 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe -- (TMBMServer)

SRV - [2009/10/09 13:12:30 | 000,039,976 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)

SRV - [2009/09/21 16:55:12 | 000,858,384 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®

SRV - [2009/09/21 16:44:48 | 000,954,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®

SRV - [2009/09/21 16:31:36 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®

SRV - [2009/08/14 12:48:52 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)

SRV - [2009/07/15 21:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)

SRV - [2009/07/15 18:39:06 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw)

SRV - [2009/07/14 21:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)

SRV - [2009/07/10 21:25:42 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)

SRV - [2009/07/03 05:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)

SRV - [2009/03/19 06:08:44 | 000,038,176 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)

SRV - [2009/03/19 05:55:36 | 000,118,784 | ---- | M] (AuthenTec,Inc) [On_Demand | Stopped] -- C:\WINDOWS\system32\FpLogonServ.exe -- (FingerprintServer)

SRV - [2009/03/19 05:53:02 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\DTS.exe -- (dtsvc)

SRV - [2009/03/19 05:52:56 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\ADMonitor.exe -- (ADMonitor)

SRV - [2009/03/19 05:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\WINDOWS\system32\AtService.exe -- (ATService)

SRV - [2009/03/05 01:57:08 | 000,779,576 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)

SRV - [2009/03/05 01:54:34 | 000,750,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)

SRV - [2008/11/24 19:42:44 | 001,155,072 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)

SRV - [2008/11/24 19:36:22 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)

SRV - [2008/11/24 19:34:02 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)

SRV - [2008/11/21 22:47:52 | 000,554,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2008/10/09 05:05:16 | 000,360,448 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)

SRV - [2008/04/25 12:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)

SRV - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

SRV - [2006/06/29 22:57:50 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)

========== Driver Services (SafeList) ==========

DRV - [2010/05/22 16:22:40 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2010/02/24 12:11:48 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)

DRV - [2010/02/24 12:11:43 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)

DRV - [2010/02/24 12:11:43 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2010/02/24 12:11:36 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)

DRV - [2009/12/16 02:12:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)

DRV - [2009/12/16 02:12:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)

DRV - [2009/12/04 16:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)

DRV - [2009/12/04 16:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)

DRV - [2009/12/04 16:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)

DRV - [2009/11/25 20:23:28 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)

DRV - [2009/11/25 20:23:07 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)

DRV - [2009/11/19 22:45:08 | 000,230,448 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2009/11/17 20:02:46 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)

DRV - [2009/11/17 20:02:44 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)

DRV - [2009/10/09 13:12:02 | 000,120,360 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)

DRV - [2009/10/09 13:10:24 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)

DRV - [2009/10/06 09:54:20 | 000,814,592 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)

DRV - [2009/09/15 13:34:10 | 005,977,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®

DRV - [2009/08/10 02:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2009/08/06 16:17:26 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)

DRV - [2009/08/04 05:32:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)

DRV - [2009/07/15 21:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)

DRV - [2009/07/09 13:45:00 | 000,991,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2009/07/06 18:11:50 | 000,059,920 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)

DRV - [2009/07/06 18:11:46 | 000,050,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)

DRV - [2009/07/06 18:11:12 | 000,158,224 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)

DRV - [2009/06/30 12:59:00 | 000,986,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2009/06/30 12:58:00 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2009/06/30 12:58:00 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2009/06/21 10:56:14 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2009/04/30 22:52:58 | 006,315,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)

DRV - [2009/03/19 22:09:40 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)

DRV - [2009/03/19 06:08:06 | 000,025,000 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)

DRV - [2008/11/25 21:37:48 | 001,754,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

DRV - [2008/09/25 04:49:52 | 000,031,680 | R--- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)

DRV - [2008/09/19 03:29:54 | 000,243,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®

DRV - [2008/05/12 09:14:16 | 000,017,844 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)

DRV - [2008/05/12 05:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)

DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008/04/14 03:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)

DRV - [2008/04/14 03:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2008/03/26 00:21:06 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)

DRV - [2008/03/26 00:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®

DRV - [2008/02/22 19:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)

DRV - [2007/09/06 16:53:12 | 000,014,848 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DSI_SiUSBXp_3_1.sys -- (DSI_SiUSBXp_3_1)

DRV - [2007/06/18 20:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)

DRV - [2007/06/18 20:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)

DRV - [2007/06/18 20:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2007/06/18 20:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2007/06/18 20:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2007/06/18 20:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2007/06/18 20:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2007/06/18 20:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2007/03/12 05:25:28 | 000,099,848 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)

DRV - [2007/02/09 16:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)

DRV - [2007/02/09 00:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)

DRV - [2007/02/09 00:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2001/08/17 17:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)

DRV - [2001/08/17 17:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)

DRV - [2001/08/17 17:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)

DRV - [2001/08/17 17:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)

DRV - [2001/08/17 17:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)

DRV - [2001/08/17 16:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)

DRV - [2001/08/17 16:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)

DRV - [2001/08/17 16:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)

DRV - [2001/08/17 16:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)

DRV - [2001/08/17 16:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)

DRV - [2001/08/17 16:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)

DRV - [2001/08/17 16:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)

DRV - [2001/08/17 16:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)

DRV - [2001/08/17 16:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

DRV - [2001/08/17 16:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.steinerleisure.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/p;_ylt=AlpcFCPWz9...dGVpbmVy?k=pf_2

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010/05/22 14:46:54 | 000,395,292 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 13652 more lines...

O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O3 - HKLM\..\Toolbar: (Lenovo ThinkVantage Toolbox) - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:\Program Files\PC-Doctor\ATLPcdToolbar544928.dll (PC-Doctor, Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )

O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )

O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

O4 - HKLM..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe ()

O4 - HKLM..\Run: [CreateLMBCShortCut] C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe ()

O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)

O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc)

O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()

O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)

O4 - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()

O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)

O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKLM..\Run: [tsnp2uvc] C:\WINDOWS\tsnp2uvc.exe File not found

O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)

O4 - HKCU..\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send To Bluetooth - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://edctrend.steiner.sll.com:4343/offic...ll/WinNTChk.cab (ObjWinNTCheck Class)

O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://edctrend.steiner.sll.com:4343/offic...stall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = steiner.sll.com

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: GinaDLL - (ATGinaHook.dll) - C:\WINDOWS\System32\ATGinaHook.dll (AuthenTec, Inc.)

O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )

O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/07/21 18:02:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/23 17:43:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/05/23 17:40:26 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/05/23 17:31:13 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jimw\Desktop\OTL.com

[2010/05/23 17:29:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/05/23 17:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2010/05/23 17:26:50 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\jimw\Desktop\erunt-setup.exe

[2010/05/22 22:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/05/22 22:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2010/05/22 16:23:02 | 000,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2010/05/22 16:21:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

[2010/05/22 16:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2010/05/22 16:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2010/05/22 13:30:20 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/05/22 13:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2010/05/22 10:47:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/05/22 10:47:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/05/22 10:46:34 | 003,371,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\jimw\Desktop\mbam-setup.exe

[2010/05/22 10:28:19 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2010/05/22 02:28:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/05/22 02:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jimw\Application Data\Malwarebytes

[2010/05/22 02:10:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/05/22 02:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/05/19 20:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe(2)

[2010/05/07 15:12:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jimw\My Documents\pre backup

[2010/04/29 16:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jimw\Application Data\GARMIN

[2010/04/29 15:59:12 | 000,018,944 | ---- | C] (Silicon Laboratories) -- C:\WINDOWS\System32\drivers\SiLib.sys

[2010/04/29 15:59:12 | 000,014,848 | ---- | C] (Silicon Laboratories) -- C:\WINDOWS\System32\drivers\DSI_SiUSBXp_3_1.sys

[2010/04/29 15:59:12 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin

[2010/04/29 15:58:20 | 012,098,416 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\jimw\My Documents\ANTAgent_229.exe

[2009/11/25 20:06:05 | 000,176,128 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll

[2009/11/25 20:06:02 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2010/05/23 21:20:58 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job

[2010/05/23 17:45:22 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/05/23 17:44:50 | 000,001,024 | ---- | M] () -- C:\.rnd

[2010/05/23 17:44:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/05/23 17:44:41 | 2038,460,416 | -HS- | M] () -- C:\hiberfil.sys

[2010/05/23 17:44:07 | 008,126,464 | ---- | M] () -- C:\Documents and Settings\jimw\ntuser.dat

[2010/05/23 17:44:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/05/23 17:44:05 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\jimw\ntuser.ini

[2010/05/23 17:31:16 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jimw\Desktop\OTL.com

[2010/05/23 17:26:56 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\jimw\Desktop\erunt-setup.exe

[2010/05/23 17:22:28 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\jimw\.rnd

[2010/05/23 10:55:02 | 002,799,556 | -H-- | M] () -- C:\Documents and Settings\jimw\Local Settings\Application Data\IconCache.db

[2010/05/23 10:41:52 | 000,127,488 | ---- | M] () -- C:\Documents and Settings\jimw\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/23 06:00:01 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job

[2010/05/23 00:44:25 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\jimw\Desktop\ixcgx0dr.exe

[2010/05/23 00:44:04 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\jimw\Desktop\dds.scr

[2010/05/23 00:37:19 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jimw\defogger_reenable

[2010/05/23 00:36:58 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\jimw\Desktop\Defogger.exe

[2010/05/22 23:43:49 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\mbam2.doc

[2010/05/22 18:24:14 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\mbam.doc

[2010/05/22 16:23:18 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/05/22 16:22:57 | 000,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe

[2010/05/22 16:22:40 | 000,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2010/05/22 16:21:31 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2010/05/22 14:46:54 | 000,395,292 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/05/21 23:01:57 | 000,097,298 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\v6.JPG

[2010/05/19 22:48:52 | 039,858,492 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\HSRS_06-30-04_CF.mp3

[2010/05/19 22:38:23 | 567,036,162 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\Howard Stern - FOX Pilot - Episode 01 [WDM].avi

[2010/05/19 22:36:12 | 236,731,166 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\Howard Stern - Channel 9 Show - Episode 01 [WDM].avi

[2010/05/19 22:35:37 | 082,546,360 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\Bubba Raw - Jesse Jane & Teagan Presley - 10-16-06 [WDM].avi

[2010/05/19 10:14:26 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\ROI calc.xls

[2010/05/18 15:46:54 | 000,122,594 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\345_54_deck_Lawn_Tractor.pdf

[2010/05/18 09:25:39 | 000,066,933 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\deere 92_93.pdf

[2010/05/18 02:16:16 | 000,016,313 | ---- | M] () -- C:\WINDOWS\cfgall.ini

[2010/05/13 16:27:19 | 000,527,398 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/05/13 16:27:19 | 000,455,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/05/13 16:27:19 | 000,075,788 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/05/13 15:29:30 | 005,098,496 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\piggy chronicles.doc

[2010/05/11 11:41:49 | 000,260,842 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\May exp report.pdf

[2010/05/10 15:43:12 | 000,187,011 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\12193 fairway.pdf

[2010/05/10 12:00:00 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job

[2010/05/04 16:57:51 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\keys boat rental.xls

[2010/05/03 17:28:53 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\music.xls

[2010/05/03 16:26:09 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\Apple v2.xls

[2010/04/30 14:08:00 | 000,124,855 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\7241 Venetian - Wharton POF.pdf

[2010/04/29 16:45:30 | 000,072,936 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\W-9.pdf

[2010/04/29 15:58:20 | 012,098,416 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\jimw\My Documents\ANTAgent_229.exe

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/04/27 15:44:50 | 000,268,932 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\Wharton credit app-financial stmt.pdf

[2010/04/27 15:23:18 | 000,000,026 | ---- | M] () -- C:\register.js

[2010/04/27 15:11:39 | 000,083,176 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\doc20100427141312.pdf

[2010/04/27 14:20:15 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\Personal Financial Statement 4-27-10.xls

[2010/04/27 14:17:14 | 000,083,176 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\doc20100427131846.pdf

[2010/04/27 11:18:02 | 001,210,735 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\Wharton, James & Maria 09 1040.pdf

[2010/04/25 13:26:18 | 029,330,111 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\CDNN2010-2.pdf

[2010/04/23 21:42:43 | 000,450,349 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\12193 Fairway Ave Contract.PDF

========== Files Created - No Company Name ==========

[2010/05/23 17:20:39 | 000,001,024 | ---- | C] () -- C:\.rnd

[2010/05/23 00:44:23 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\jimw\Desktop\ixcgx0dr.exe

[2010/05/23 00:44:01 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\jimw\Desktop\dds.scr

[2010/05/23 00:37:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jimw\defogger_reenable

[2010/05/23 00:36:58 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\jimw\Desktop\Defogger.exe

[2010/05/22 23:43:48 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\mbam2.doc

[2010/05/22 23:32:35 | 2038,460,416 | -HS- | C] () -- C:\hiberfil.sys

[2010/05/22 18:24:13 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\mbam.doc

[2010/05/22 18:23:07 | 000,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe

[2010/05/22 16:23:18 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/05/22 16:21:31 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2010/05/21 23:01:56 | 000,097,298 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\v6.JPG

[2010/05/19 22:48:51 | 039,858,492 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\HSRS_06-30-04_CF.mp3

[2010/05/19 22:36:21 | 567,036,162 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\Howard Stern - FOX Pilot - Episode 01 [WDM].avi

[2010/05/19 22:36:02 | 236,731,166 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\Howard Stern - Channel 9 Show - Episode 01 [WDM].avi

[2010/05/19 22:35:30 | 082,546,360 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\Bubba Raw - Jesse Jane & Teagan Presley - 10-16-06 [WDM].avi

[2010/05/19 20:18:21 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/05/19 10:50:57 | 008,126,464 | ---- | C] () -- C:\Documents and Settings\jimw\ntuser.dat

[2010/05/18 15:46:54 | 000,122,594 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\345_54_deck_Lawn_Tractor.pdf

[2010/05/18 09:25:39 | 000,066,933 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\deere 92_93.pdf

[2010/05/11 11:41:49 | 000,260,842 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\May exp report.pdf

[2010/05/10 15:43:12 | 000,187,011 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\12193 fairway.pdf

[2010/05/10 12:37:57 | 005,098,496 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\piggy chronicles.doc

[2010/05/04 16:57:51 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\keys boat rental.xls

[2010/05/03 17:28:53 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\music.xls

[2010/04/30 14:08:00 | 000,124,855 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\7241 Venetian - Wharton POF.pdf

[2010/04/29 16:45:30 | 000,072,936 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\W-9.pdf

[2010/04/27 15:44:50 | 000,268,932 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\Wharton credit app-financial stmt.pdf

[2010/04/27 15:23:18 | 000,000,026 | ---- | C] () -- C:\register.js

[2010/04/27 15:11:39 | 000,083,176 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\doc20100427141312.pdf

[2010/04/27 14:17:14 | 000,083,176 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\doc20100427131846.pdf

[2010/04/27 11:18:02 | 001,210,735 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\Wharton, James & Maria 09 1040.pdf

[2010/04/26 19:27:05 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\Personal Financial Statement 4-27-10.xls

[2010/04/25 13:26:17 | 029,330,111 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\CDNN2010-2.pdf

[2010/04/23 21:42:41 | 000,450,349 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\12193 Fairway Ave Contract.PDF

[2010/02/28 22:47:42 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010/02/28 22:47:42 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2010/02/28 22:47:40 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010/02/28 22:47:40 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010/02/28 22:47:38 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2010/02/28 22:47:35 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010/02/28 22:47:35 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2010/02/23 17:13:03 | 000,016,313 | ---- | C] () -- C:\WINDOWS\cfgall.ini

[2010/02/22 19:42:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/11/25 20:43:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2009/11/25 20:22:19 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys

[2009/11/25 20:21:13 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS

[2009/11/25 20:17:35 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL

[2009/11/25 20:17:35 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009/11/25 20:14:39 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2009/11/25 20:14:39 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2009/11/25 20:14:39 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2009/11/25 20:14:39 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2009/11/25 20:14:39 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2009/11/25 20:14:39 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2009/11/25 20:06:05 | 001,754,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys

[2009/11/25 20:06:05 | 000,028,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys

[2009/11/25 20:06:05 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini

[2009/11/25 20:04:24 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS

[2009/08/14 12:47:34 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll

[2008/07/22 11:22:09 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005/02/17 13:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest

[2005/02/17 13:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest

[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010/02/24 12:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis

[2009/11/25 20:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo

[2010/02/22 18:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr

[2009/11/25 20:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall

[2010/05/22 22:50:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

[2010/02/24 13:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jimw\Application Data\Acronis

[2009/11/25 20:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jimw\Application Data\CachedFiles

[2009/11/25 20:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jimw\Application Data\Downloaded Installations

[2010/04/29 16:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jimw\Application Data\GARMIN

[2010/03/09 15:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jimw\Application Data\ICAClient

[2010/02/28 14:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jimw\Application Data\InterVideo

[2009/11/25 20:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jimw\Application Data\Lenovo

[2010/05/22 10:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jimw\Application Data\uTorrent

[2010/05/22 16:23:18 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2010/05/10 12:00:00 | 000,000,528 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job

[2010/05/23 21:20:58 | 000,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

[2010/05/23 06:00:01 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========

< End of report >

EXTRAS LOG

OTL Extras logfile created on: 5/23/2010 9:22:07 PM - Run 1

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\jimw\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 292.37 Gb Total Space | 12.68 Gb Free Space | 4.34% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: SEG-JIMW

Current User Name: JimW

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"44668:TCP" = 44668:TCP:*:Enabled:Trend Micro OfficeScan Listener

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"44668:TCP" = 44668:TCP:*:Enabled:Trend Micro OfficeScan Listener

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:

Link to post
Share on other sites

First make sure to turn OFF Ad-Watch. And temporarily, turn off your Antivirus program.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

Link 3

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

RE-Enable your AntiVirus and AntiSpyware applications.

Copy and Paste into a reply the contents of C:\Combofix.txt

Link to post
Share on other sites

A couple issues with the combofix run:

- I thought I had the antivirus disabled as the status in the system tray said "offline" but combofix still said it was active. So as it stands I cannot disable the antivirus on the infected machine.

- I am unable to connect to the internet on the infected machine since your first reply, so I was unable to install the recovery console as combofix said an active internet connection was needed.

In any event, here is the log from the run:

ComboFix 10-05-23.08 - JimW 05/24/2010 14:27:35.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1944.1355 [GMT -4:00]

Running from: c:\documents and settings\jimw\Desktop\Combo-Fix.exe

AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {45AB79F7-2079-41B4-97A8-9709DE6E116B}

FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\windows\system32\Thumbs.db

----- BITS: Possible infected sites -----

hxxp://edcmgmt03

Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected

Restored copy from - Kitty had a snack :blink:

.

((((((((((((((((((((((((( Files Created from 2010-04-24 to 2010-05-24 )))))))))))))))))))))))))))))))

.

2010-05-23 21:40 . 2010-05-23 21:40 -------- d-----w- C:\_OTL

2010-05-23 21:28 . 2010-05-23 21:28 -------- d-----w- c:\program files\ERUNT

2010-05-23 02:56 . 2010-05-23 02:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-05-22 22:23 . 2010-05-22 20:22 15688 ----a-w- c:\windows\system32\lsdelete.exe

2010-05-22 20:23 . 2010-05-22 20:22 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-05-22 20:21 . 2010-05-23 02:50 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

2010-05-22 20:21 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe

2010-05-22 20:21 . 2010-05-23 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-05-22 20:21 . 2010-05-22 20:21 -------- d-----w- c:\program files\Lavasoft

2010-05-22 17:30 . 2010-05-23 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-05-22 17:30 . 2010-05-23 02:50 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-05-22 14:47 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-22 14:47 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-22 14:46 . 2010-05-22 14:46 503808 ----a-w- c:\documents and settings\jimw\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-16254add-n\msvcp71.dll

2010-05-22 14:46 . 2010-05-22 14:46 499712 ----a-w- c:\documents and settings\jimw\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-16254add-n\jmc.dll

2010-05-22 14:46 . 2010-05-22 14:46 348160 ----a-w- c:\documents and settings\jimw\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-16254add-n\msvcr71.dll

2010-05-22 14:46 . 2010-05-22 14:46 61440 ----a-w- c:\documents and settings\jimw\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-277d2c7a-n\decora-sse.dll

2010-05-22 14:46 . 2010-05-22 14:46 12800 ----a-w- c:\documents and settings\jimw\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-277d2c7a-n\decora-d3d.dll

2010-05-22 14:28 . 2010-05-22 14:28 -------- d-----w- c:\windows\system32\wbem\Repository

2010-05-22 06:10 . 2010-05-22 06:10 -------- d-----w- c:\documents and settings\jimw\Application Data\Malwarebytes

2010-05-22 06:10 . 2010-05-22 14:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-22 06:10 . 2010-05-22 06:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-05-20 00:17 . 2010-05-23 02:50 -------- d-----w- c:\program files\Adobe(2)

2010-04-29 20:00 . 2010-04-29 20:00 -------- d-----w- c:\documents and settings\jimw\Application Data\GARMIN

2010-04-29 19:59 . 2010-04-29 19:59 -------- d-----w- c:\program files\Garmin

2010-04-29 19:59 . 2007-09-06 20:53 18944 ----a-w- c:\windows\system32\drivers\SiLib.sys

2010-04-29 19:59 . 2007-09-06 20:53 14848 ----a-w- c:\windows\system32\drivers\DSI_SiUSBXp_3_1.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-23 02:50 . 2009-11-26 00:13 -------- d-----w- c:\program files\Common Files\Adobe

2010-05-22 14:28 . 2010-03-16 01:14 -------- d-----w- c:\documents and settings\jimw\Application Data\uTorrent

2010-04-29 19:59 . 2009-11-26 00:11 -------- d-----w- c:\program files\DIFX

2010-03-10 06:15 . 2008-07-21 22:50 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-03-02 22:52 . 2010-03-02 22:52 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-02-28 19:45 . 2010-02-28 19:45 503808 ----a-w- c:\documents and settings\jimw\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-196fe5b9-n\msvcp71.dll

2010-02-28 19:45 . 2010-02-28 19:45 499712 ----a-w- c:\documents and settings\jimw\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-196fe5b9-n\jmc.dll

2010-02-28 19:45 . 2010-02-28 19:45 348160 ----a-w- c:\documents and settings\jimw\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-196fe5b9-n\msvcr71.dll

2010-02-28 19:45 . 2010-02-28 19:45 61440 ----a-w- c:\documents and settings\jimw\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5ace40fe-n\decora-sse.dll

2010-02-28 19:45 . 2010-02-28 19:45 12800 ----a-w- c:\documents and settings\jimw\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5ace40fe-n\decora-d3d.dll

2010-02-25 06:24 . 2008-07-21 22:50 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-24 18:52 . 2010-02-22 23:03 606184 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-02-24 16:11 . 2010-02-24 16:11 971552 ----a-w- c:\windows\system32\drivers\tdrpm174.sys

2010-02-24 16:11 . 2010-02-24 16:11 540000 ----a-w- c:\windows\system32\drivers\timntr.sys

2010-02-24 16:11 . 2010-02-24 16:11 44704 ----a-w- c:\windows\system32\drivers\tifsfilt.sys

2010-02-24 16:11 . 2010-02-24 16:11 134272 ----a-w- c:\windows\system32\drivers\snman380.sys

2010-02-24 15:28 . 2010-02-24 15:27 83904 ----a-w- c:\documents and settings\jimw\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-02-24 13:11 . 2008-07-21 22:49 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"ANT Agent"="c:\program files\Garmin\ANT Agent\ANT Agent.exe" [2010-02-03 11136360]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]

"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-07 256576]

"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-08-04 62240]

"TpShocks"="TpShocks.exe" [2009-12-11 337256]

"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]

"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-20 1594664]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-11 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-11 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-11 142872]

"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-07-23 185688]

"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]

"CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2009-03-13 16384]

"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]

"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-12-16 513384]

"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-07-16 40960]

"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-12-11 431464]

"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-12-11 181608]

"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]

"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2009-09-08 849192]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-11-22 4352832]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-11-22 960528]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-11-22 165144]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-05-22 524632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"WMC_WMPDBExport"="c:\program files\Windows Media Player\wmdbexport.exe" [2006-10-19 493568]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-8-14 607584]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-2-22 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]

2009-03-19 09:55 180224 ----a-w- c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2232656509-361406962-1938170613-2940\Scripts\Logon\0\0]

"Script"=SEG-DriveMappings.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2232656509-361406962-1938170613-2940\Scripts\Logon\1\0]

"Script"=Accounting.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2232656509-361406962-1938170613-2940\Scripts\Logon\2\0]

"Script"=SMS-Public.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"44668:TCP"= 44668:TCP:Trend Micro OfficeScan Listener

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2/22/2010 6:57 PM 24304]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/22/2010 4:23 PM 64160]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/9/2009 1:10 PM 20520]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [10/23/2008 4:15 AM 13480]

R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [3/19/2009 5:48 AM 1680632]

R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2/22/2010 6:57 PM 132456]

R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [3/19/2009 5:53 AM 98304]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [11/25/2009 8:21 PM 53248]

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/16/2010 9:43 AM 50704]

R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [9/30/2009 3:38 PM 230928]

R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [9/30/2009 3:37 PM 36368]

R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [10/5/2009 10:21 PM 62320]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 7:34 PM 520192]

R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [11/25/2009 8:11 PM 482176]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [11/25/2009 7:49 PM 243856]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 7:54 PM 37312]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [10/5/2009 10:21 PM 45424]

S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 9:50 PM 360448]

S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [3/19/2009 5:52 AM 106496]

S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [3/19/2009 5:55 AM 118784]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 12:15 PM 1120752]

S3 TmPfw;OfficeScan NT Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [2/4/2008 4:00 PM 497008]

S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [2/4/2008 4:00 PM 689416]

.

Contents of the 'Scheduled Tasks' folder

2010-05-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 20:22]

2010-05-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]

2010-05-24 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-11-26 06:12]

2010-05-23 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-11-22 09:14]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://finance.yahoo.com/p;_ylt=AlpcFCPWz94ZmsBUj0XWzty7YWsA;_ylu=X3oDMTB0bmgzNGtjBHBvcwMzMgRzZWMDdG9wTmF

2BHNsawNzdGVpbmVy?k=pf_2

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-tsnp2uvc - c:\windows\tsnp2uvc.exe

Notify-ACNotify - ACNotify.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-24 14:35

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1108)

c:\windows\system32\ATGinaHook.dll

c:\program files\Lenovo Fingerprint Software\ATCSSINT.DLL

c:\program files\Lenovo Fingerprint Software\SharedResources.dll

c:\program files\Lenovo Fingerprint Software\FPResource.dll

c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll

c:\program files\Lenovo\Client Security Solution\css_banner.dll

c:\windows\system32\cssuserdatadispatcher.dll

c:\windows\system32\tvttsp.dll

c:\windows\system32\tcsrpc.dll

c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll

c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll

c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll

c:\windows\system32\FpWinLogonNp.dll

c:\windows\system32\AFSSClientLib.dll

c:\windows\System32\ntlanman.dll

- - - - - - - > 'explorer.exe'(4112)

c:\windows\system32\WININET.dll

c:\windows\system32\btmmhook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\program files\Lenovo\Drag-to-Disc\Shellex.dll

c:\windows\system32\DLAAPI_W.DLL

c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ibmpmsvc.exe

c:\program files\Intel\WiFi\bin\S24EvMon.exe

c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

c:\program files\Common Files\Acronis\Schedule2\schedul2.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Trend Micro\OfficeScan Client\ntrtscan.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

c:\windows\system32\TpKmpSVC.exe

c:\program files\Lenovo\Client Security Solution\tvttcsd.exe

c:\program files\Lenovo\Rescue and Recovery\rrservice.exe

c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe

c:\program files\lenovo\system update\suservice.exe

c:\program files\Trend Micro\OfficeScan Client\tmlisten.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe

c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

c:\program files\Trend Micro\BM\TMBMSRV.exe

c:\windows\system32\TpShocks.exe

c:\program files\Lenovo\HOTKEY\TPONSCR.exe

c:\program files\Lenovo\Zoom\TpScrex.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Synaptics\SynTP\SynTPLpr.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\igfxext.exe

c:\program files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe

c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE

.

**************************************************************************

.

Completion time: 2010-05-24 14:40:06 - machine was rebooted

ComboFix-quarantined-files.txt 2010-05-24 18:40

Pre-Run: 14,430,720,000 bytes free

Post-Run: 14,284,996,608 bytes free

- - End Of File - - 0CF020BE4B7A38C8411A192877DA67D8

Link to post
Share on other sites

Right click on the Ad-Watch icon in the system tray.

At the bottom of the screen there will be two checkable items called "Active" and "Automatic".

Active: This will turn Ad-Watch On\Off without closing it.

Automatic: Suspicious activity will be blocked automatically.

Uncheck both of those boxes.

More important:

Your logs showed some peer-to-peer filesharing apps, like uTorrent. I do not recommend their use since such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.

"File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

You must de-install uTorrent before we get going, and then restart the system fresh.

And then cofirm that you have de-installed.

Link to post
Share on other sites

utorrent is now uninstalled.

When I right click on Ad Aware in the sys tray, I see no check boxes for Ad Watch. I do see an item for "disable ad watch live" and have done that. Is there something else in the ad aware settings that I need to change?

Link to post
Share on other sites

You did the right thing on turning off Ad-Watch. And I do not want a new run of Combofix.

Please do the following:

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Step 2

Java security maintenance:

javaicon.gif

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Windows 7/XP/Vista/2000/2003/2008 Offline and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586-s.exe to install the newest version.

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

If you want to also un-check the "Check for updates automatically" you may:

Click the Update tab. un-check the line if it is checked.

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml

When all is well, you should see Java Version: Java 6 Update 20 from Sun Microsystems Inc.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Using Internet Explorer browser only, go to ESET Online Scanner website:

Vista users should start IE by Start (Vista Orb) >> Internet Explorer >> Right-Click and select Run As Administrator.

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://www.eset.com/onlinescan/cac4.php?page=faq

    • From ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.
      Otherwise the scan will take twice as long to do:
      everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.
    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.

Re-enable your antivirus app.

Reply with copy of the latest MBAM log

and the ESET scan log

and tell me, How is your system now ?

Link to post
Share on other sites

Everything seems better, thanks for all your help.

The ESET scan didn't save a log in the directory you specified and I searched my c drive for a "log.txt" file with no luck. The scan completed successfully though and showed no threats detected.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4140

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/24/2010 11:50:36 PM

mbam-log-2010-05-24 (23-50-36).txt

Scan type: Quick scan

Objects scanned: 147470

Time elapsed: 6 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Very good. You've done well.

If you have a problem with these steps, or something does not quite work here, do let me know.

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader: Use Control Panel's Add-Remove programs, Remove Adobe Reader.

De-install also ESET Online

Exit Control Panel.

Get latest Adobe Reader version 9.3

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan

The following few steps will remove tools we used; followed by advice on staying safer.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it combo-fix icon_exclaim.gif), put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

  • Click Start, then click Run.
    In the RUN box that opens, type or copy/paste
    Combo-Fix /uninstall
    and then click OK.

  • Please double-click OTL.com otlDesktopIcon.png to run it.
  • Click on the CleanUp! button at upper Right corner. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTL attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
  • This step removes the files, folders, and shortcuts created by the tools I had you download and run.

We are finished here. Best regards.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.