Help needed - logs attached

jdwharton · May 23, 2010

My XP pro sp3 machine became infected with something that would not allow any programs to open. The only thing that would open was some fake anti-virus program asking if I wanted to activate it.

I was able to boot into save mode, revert back a couple days via system restore, update and run MBAM, and clean a couple things. HOWEVER, now XP appears locked in some alternate

Attach.txt

Edited May 23, 2010 by Maurice Naggar
Logs placed In-Line

Maurice Naggar · May 23, 2010

DDS.txt log

DDS (Ver_10-03-17.01) - NTFSx86

Run by JimW at 0:45:10.64 on Sun 05/23/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1944.1196 [GMT -4:00]

AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {45AB79F7-2079-41B4-97A8-9709DE6E116B}

FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\DTS.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\AtService.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\WINDOWS\system32\TpKmpSVC.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

C:\WINDOWS\system32\wuauclt.exe

c:\program files\lenovo\system update\suservice.exe

C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

C:\Program Files\Trend Micro\BM\TMBMSRV.exe

C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe

C:\WINDOWS\system32\TpShocks.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe

C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe

C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\igfxext.exe

C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe

C:\Program Files\Garmin\ANT Agent\ANT Agent.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

c:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE

C:\Documents and Settings\jimw\Desktop\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = Microsoft Internet Explorer provided by Steiner Leisure, Inc.

uStart Page = hxxp://finance.yahoo.com/p;_ylt=AlpcFCPWz94ZmsBUj0XWzty7YWsA;_ylu=X3oDMTB0bmgzNGtjBHBvcwMzMgRzZWMDdG9wTmF

2BHNsawNzdGVpbmVy?k=pf_2

uDefault_Page_URL = hxxp://www.steinerleisure.com

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Lenovo ThinkVantage Toolbox: {86b9b5dd-fb75-4035-bd52-3c94f7849caf} - c:\program files\pc-doctor\ATLPcdToolbar544928.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [ANT Agent] c:\program files\garmin\ant agent\ANT Agent.exe

mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe

mRun: [TPFNF7] c:\progra~1\lenovo\npdirect\TPFNF7SP.exe /r

mRun: [TpShocks] TpShocks.exe

mRun: [tsnp2uvc] c:\windows\tsnp2uvc.exe

mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe

mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s

mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe

mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe

mRun: [CameraApplicationLauncher] c:\program files\lenovo\camera center\bin\CameraApplicationLaunchpadLauncher.exe

mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start

mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

mRun: [CreateLMBCShortCut] "c:\program files\lenovo\mobile broadband connect\UserShortcutCreator.exe"

mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe

mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe

mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper

mRun: [<NO NAME>]

mRun: [smartAudio] c:\program files\conexant\saii\SAIICpl.exe /t

mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe

dRunOnce: [WMC_WMPDBExport] c:\program files\windows media player\wmdbexport.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://edctrend.steiner.sll.com:4343/officescan/console/html/ClientInstall/WinNTChk.cab

DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://edctrend.steiner.sll.com:4343/officescan/console/html/ClientInstall/setup.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

Notify: ACNotify - ACNotify.dll

Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll

Notify: igfxcui - igfxdev.dll

Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Notification Packages = scecli ACGina

Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-2-22 24304]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-5-22 64160]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-10-23 13480]

R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-3-19 1680632]

R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-2-22 132456]

R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-3-19 98304]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-11-25 53248]

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-3-16 50704]

R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2009-9-30 230928]

R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2009-9-30 36368]

R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-10-5 62320]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-11-24 520192]

R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-11-25 482176]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-11-25 243856]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-10-5 45424]

S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 360448]

S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-3-19 106496]

S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2009-3-19 118784]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]

S3 TmPfw;OfficeScan NT Firewall;c:\program files\trend micro\officescan client\TmPfw.exe [2008-2-4 497008]

S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2008-2-4 689416]

=============== Created Last 30 ================

2010-05-23 04:40:05 1024 ----a-w- C:\.rnd

2010-05-23 04:37:19 0 ----a-w- c:\documents and settings\jimw\defogger_reenable

2010-05-22 22:23:07 15688 ----a-w- c:\windows\system32\lsdelete.exe

2010-05-22 20:23:02 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-05-22 20:21:33 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

2010-05-22 20:21:28 0 d-----w- c:\program files\Lavasoft

2010-05-22 17:30:20 0 d-----w- c:\program files\Spybot - Search & Destroy

2010-05-22 17:30:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2010-05-22 14:47:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-22 14:47:03 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-22 14:28:44 0 d-----w- c:\windows\system32\wbem\Repository

2010-05-22 06:10:29 0 d-----w- c:\docume~1\jimw\applic~1\Malwarebytes

2010-05-22 06:10:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-22 06:10:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-05-20 00:17:53 0 d-----w- c:\program files\Adobe(2)

2010-04-29 20:00:02 0 d-----w- c:\docume~1\jimw\applic~1\GARMIN

2010-04-29 19:59:12 18944 ----a-w- c:\windows\system32\drivers\SiLib.sys

2010-04-29 19:59:12 14848 ----a-w- c:\windows\system32\drivers\DSI_SiUSBXp_3_1.sys

2010-04-29 19:59:12 0 d-----w- c:\program files\Garmin

2010-04-27 19:23:18 26 ----a-w- C:\register.js

==================== Find3M ====================

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll

2009-11-26 00:11:04 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat

2010-02-17 07:01:40 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010021620100217\index.dat

============= FINISH: 0:46:23.75 ===============

Maurice Naggar · May 23, 2010

Hello and welcome to MalwareBytes forums.

Please start with the following.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Download & SAVE OTL by OldTimer to your desktop from one of the following links: Link1 or

Link2

Please double-click OTL.com to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
*****************************************************************
:processes
killallprocesses
:files
C:\recycler
D:\recycler
e:\recycler
f:\recycler
g:\recycler
h:\recycler
:Commands
[purity]
[emptytemp]
[CREATERESTOREPOINT]
*****************************************************************
Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
Close any browser(s) windows that may be open.
Using your mouse, click on the red-lettered button Run Fix.
Once you see a message box "Fix complete! Click OK to open the fix log."
Click the OK button
The log will open in Notepad (your default text editor).
Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 4

Please double-click OTL.com to run it.
In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

Run Security Check
Follow the onscreen instructions inside of the command window.
A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):

the contents of OTL MovedFiles log
the contents of OTL.txt
the contents of Extras.txt
the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

jdwharton · May 24, 2010

OTL MOVED FILES LOG

All processes killed

========== PROCESSES ==========

========== FILES ==========

C:\RECYCLER\S-1-5-21-318950029-3384829000-1021126697-500 folder moved successfully.

C:\RECYCLER\S-1-5-21-2232656509-361406962-1938170613-7042 folder moved successfully.

C:\RECYCLER\S-1-5-21-2232656509-361406962-1938170613-2940 folder moved successfully.

C:\RECYCLER\S-1-5-21-157072676-3322026471-217720490-1008 folder moved successfully.

C:\RECYCLER folder moved successfully.

File\Folder D:\recycler not found.

File\Folder e:\recycler not found.

File\Folder f:\recycler not found.

File\Folder g:\recycler not found.

File\Folder h:\recycler not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 14457793 bytes

->Temporary Internet Files folder emptied: 204952 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 321 bytes

User: All Users

User: Blas

->Temp folder emptied: 145386279 bytes

->Temporary Internet Files folder emptied: 19596932 bytes

->Java cache emptied: 6438765 bytes

->Flash cache emptied: 36495 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Flash cache emptied: 321 bytes

User: jimw

->Temp folder emptied: 4773895 bytes

->Temporary Internet Files folder emptied: 174816442 bytes

->Java cache emptied: 232758 bytes

->Flash cache emptied: 51735 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 28589561 bytes

->Flash cache emptied: 5920 bytes

User: super_bp

->Temp folder emptied: 3939 bytes

->Temporary Internet Files folder emptied: 79158388 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 571 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 4648465 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 31137170 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10954598 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 497.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.5.0 log created on 05232010_174026

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL LOG

OTL logfile created on: 5/23/2010 9:22:07 PM - Run 1

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\jimw\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 292.37 Gb Total Space | 12.68 Gb Free Space | 4.34% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: SEG-JIMW

Current User Name: JimW

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/23 17:31:16 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jimw\Desktop\OTL.com

PRC - [2010/05/22 16:22:22 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2010/05/22 16:22:20 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2010/02/03 14:38:38 | 011,136,360 | ---- | M] (GARMIN Corp.) -- C:\Program Files\Garmin\ANT Agent\ANT Agent.exe

PRC - [2010/02/02 11:48:08 | 001,337,488 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe

PRC - [2010/02/02 11:46:04 | 001,385,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe

PRC - [2009/12/16 02:12:00 | 000,132,456 | ---- | M] (Lenovo.) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE

PRC - [2009/12/11 13:19:02 | 000,337,256 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe

PRC - [2009/12/10 23:34:16 | 000,181,608 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

PRC - [2009/12/10 23:34:14 | 000,431,464 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

PRC - [2009/12/10 23:34:12 | 000,230,760 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

PRC - [2009/12/10 23:34:10 | 000,103,784 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

PRC - [2009/12/10 23:10:20 | 000,167,936 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

PRC - [2009/12/01 11:13:12 | 000,345,352 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe

PRC - [2009/11/19 22:44:34 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

PRC - [2009/09/28 03:27:20 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe

PRC - [2009/09/21 16:55:12 | 000,858,384 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe

PRC - [2009/09/21 16:44:48 | 000,954,368 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

PRC - [2009/09/21 16:31:36 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

PRC - [2009/09/08 07:30:50 | 000,849,192 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe

PRC - [2009/08/19 20:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe

PRC - [2009/08/14 12:48:52 | 001,455,480 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe

PRC - [2009/08/14 12:48:52 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

PRC - [2009/08/14 12:48:52 | 000,349,528 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

PRC - [2009/08/04 05:32:00 | 000,062,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe

PRC - [2009/07/23 04:11:00 | 000,185,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE

PRC - [2009/07/23 04:11:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE

PRC - [2009/07/14 21:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

PRC - [2009/07/10 21:25:42 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe

PRC - [2009/05/28 02:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe

PRC - [2009/05/11 03:43:48 | 000,172,568 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe

PRC - [2009/04/02 20:20:04 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

PRC - [2009/03/19 06:08:44 | 000,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe

PRC - [2009/03/19 05:53:02 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\DTS.exe

PRC - [2009/03/19 05:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\system32\AtService.exe

PRC - [2009/03/13 04:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

PRC - [2009/03/12 22:12:52 | 000,172,032 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe

PRC - [2009/03/05 02:21:46 | 003,093,816 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

PRC - [2009/03/05 01:57:08 | 000,779,576 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

PRC - [2009/03/05 01:54:34 | 000,750,904 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

PRC - [2009/02/02 05:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

PRC - [2008/11/24 19:42:48 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

PRC - [2008/11/24 19:42:44 | 001,155,072 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

PRC - [2008/11/24 19:36:22 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

PRC - [2008/11/24 19:34:02 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

PRC - [2008/11/21 22:57:44 | 000,960,528 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

PRC - [2008/11/21 22:48:02 | 000,165,144 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

PRC - [2008/11/21 22:47:52 | 000,554,264 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

PRC - [2008/11/21 22:20:22 | 004,352,832 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

PRC - [2008/10/07 14:38:00 | 000,256,576 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE

PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

PRC - [2006/11/03 19:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe

PRC - [2006/06/29 22:57:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe

========== Modules (SafeList) ==========

MOD - [2010/05/23 17:31:16 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jimw\Desktop\OTL.com

MOD - [2009/08/14 12:47:02 | 000,094,273 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll

MOD - [2008/04/14 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/05/22 16:22:20 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2010/02/02 11:48:08 | 001,337,488 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)

SRV - [2010/02/02 11:46:04 | 001,385,768 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)

SRV - [2009/12/16 02:12:00 | 000,132,456 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)

SRV - [2009/12/16 02:12:00 | 000,053,248 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)

SRV - [2009/12/10 23:34:12 | 000,230,760 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)

SRV - [2009/12/10 23:34:10 | 000,103,784 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)

SRV - [2009/12/01 11:13:12 | 000,345,352 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe -- (TMBMServer)

SRV - [2009/10/09 13:12:30 | 000,039,976 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)

SRV - [2009/09/21 16:55:12 | 000,858,384 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®

SRV - [2009/09/21 16:44:48 | 000,954,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®

SRV - [2009/09/21 16:31:36 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®

SRV - [2009/08/14 12:48:52 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)

SRV - [2009/07/15 21:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)

SRV - [2009/07/15 18:39:06 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw)

SRV - [2009/07/14 21:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)

SRV - [2009/07/10 21:25:42 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)

SRV - [2009/07/03 05:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)

SRV - [2009/03/19 06:08:44 | 000,038,176 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)

SRV - [2009/03/19 05:55:36 | 000,118,784 | ---- | M] (AuthenTec,Inc) [On_Demand | Stopped] -- C:\WINDOWS\system32\FpLogonServ.exe -- (FingerprintServer)

SRV - [2009/03/19 05:53:02 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\DTS.exe -- (dtsvc)

SRV - [2009/03/19 05:52:56 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\ADMonitor.exe -- (ADMonitor)

SRV - [2009/03/19 05:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\WINDOWS\system32\AtService.exe -- (ATService)

SRV - [2009/03/05 01:57:08 | 000,779,576 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)

SRV - [2009/03/05 01:54:34 | 000,750,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)

SRV - [2008/11/24 19:42:44 | 001,155,072 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)

SRV - [2008/11/24 19:36:22 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)

SRV - [2008/11/24 19:34:02 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)

SRV - [2008/11/21 22:47:52 | 000,554,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2008/10/09 05:05:16 | 000,360,448 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)

SRV - [2008/04/25 12:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)

SRV - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

SRV - [2006/06/29 22:57:50 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)

========== Driver Services (SafeList) ==========

DRV - [2010/05/22 16:22:40 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2010/02/24 12:11:48 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)

DRV - [2010/02/24 12:11:43 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)

DRV - [2010/02/24 12:11:43 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2010/02/24 12:11:36 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)

DRV - [2009/12/16 02:12:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)

DRV - [2009/12/16 02:12:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)

DRV - [2009/12/04 16:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)

DRV - [2009/12/04 16:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)

DRV - [2009/12/04 16:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)

DRV - [2009/11/25 20:23:28 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)

DRV - [2009/11/25 20:23:07 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)

DRV - [2009/11/19 22:45:08 | 000,230,448 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2009/11/17 20:02:46 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)

DRV - [2009/11/17 20:02:44 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)

DRV - [2009/10/09 13:12:02 | 000,120,360 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)

DRV - [2009/10/09 13:10:24 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)

DRV - [2009/10/06 09:54:20 | 000,814,592 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)

DRV - [2009/09/15 13:34:10 | 005,977,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®

DRV - [2009/08/10 02:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2009/08/06 16:17:26 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)

DRV - [2009/08/04 05:32:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)

DRV - [2009/07/15 21:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)

DRV - [2009/07/09 13:45:00 | 000,991,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2009/07/06 18:11:50 | 000,059,920 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)

DRV - [2009/07/06 18:11:46 | 000,050,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)

DRV - [2009/07/06 18:11:12 | 000,158,224 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)

DRV - [2009/06/30 12:59:00 | 000,986,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2009/06/30 12:58:00 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2009/06/30 12:58:00 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2009/06/21 10:56:14 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2009/04/30 22:52:58 | 006,315,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)

DRV - [2009/03/19 22:09:40 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)

DRV - [2009/03/19 06:08:06 | 000,025,000 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)

DRV - [2008/11/25 21:37:48 | 001,754,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

DRV - [2008/09/25 04:49:52 | 000,031,680 | R--- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)

DRV - [2008/09/19 03:29:54 | 000,243,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®

DRV - [2008/05/12 09:14:16 | 000,017,844 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)

DRV - [2008/05/12 05:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)

DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008/04/14 03:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)

DRV - [2008/04/14 03:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2008/03/26 00:21:06 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)

DRV - [2008/03/26 00:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®

DRV - [2008/02/22 19:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)

DRV - [2007/09/06 16:53:12 | 000,014,848 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DSI_SiUSBXp_3_1.sys -- (DSI_SiUSBXp_3_1)

DRV - [2007/06/18 20:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)

DRV - [2007/06/18 20:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)

DRV - [2007/06/18 20:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2007/06/18 20:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2007/06/18 20:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2007/06/18 20:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2007/06/18 20:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2007/06/18 20:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2007/03/12 05:25:28 | 000,099,848 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)

DRV - [2007/02/09 16:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)

DRV - [2007/02/09 00:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)

DRV - [2007/02/09 00:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2001/08/17 17:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)

DRV - [2001/08/17 17:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)

DRV - [2001/08/17 17:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)

DRV - [2001/08/17 17:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)

DRV - [2001/08/17 17:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)

DRV - [2001/08/17 16:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)

DRV - [2001/08/17 16:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)

DRV - [2001/08/17 16:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)

DRV - [2001/08/17 16:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)

DRV - [2001/08/17 16:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)

DRV - [2001/08/17 16:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)

DRV - [2001/08/17 16:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)

DRV - [2001/08/17 16:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)

DRV - [2001/08/17 16:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

DRV - [2001/08/17 16:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.steinerleisure.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/p;_ylt=AlpcFCPWz9...dGVpbmVy?k=pf_2

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010/05/22 14:46:54 | 000,395,292 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 13652 more lines...

O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O3 - HKLM\..\Toolbar: (Lenovo ThinkVantage Toolbox) - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:\Program Files\PC-Doctor\ATLPcdToolbar544928.dll (PC-Doctor, Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )

O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )

O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

O4 - HKLM..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe ()

O4 - HKLM..\Run: [CreateLMBCShortCut] C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe ()

O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)

O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc)

O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()

O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)

O4 - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()

O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)

O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKLM..\Run: [tsnp2uvc] C:\WINDOWS\tsnp2uvc.exe File not found

O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)

O4 - HKCU..\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send To Bluetooth - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://edctrend.steiner.sll.com:4343/offic...ll/WinNTChk.cab (ObjWinNTCheck Class)

O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://edctrend.steiner.sll.com:4343/offic...stall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = steiner.sll.com

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: GinaDLL - (ATGinaHook.dll) - C:\WINDOWS\System32\ATGinaHook.dll (AuthenTec, Inc.)

O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )

O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/07/21 18:02:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/23 17:43:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/05/23 17:40:26 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/05/23 17:31:13 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jimw\Desktop\OTL.com

[2010/05/23 17:29:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/05/23 17:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2010/05/23 17:26:50 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\jimw\Desktop\erunt-setup.exe

[2010/05/22 22:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/05/22 22:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2010/05/22 16:23:02 | 000,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2010/05/22 16:21:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

[2010/05/22 16:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2010/05/22 16:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2010/05/22 13:30:20 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/05/22 13:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2010/05/22 10:47:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/05/22 10:47:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/05/22 10:46:34 | 003,371,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\jimw\Desktop\mbam-setup.exe

[2010/05/22 10:28:19 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2010/05/22 02:28:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/05/22 02:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jimw\Application Data\Malwarebytes

[2010/05/22 02:10:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/05/22 02:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/05/19 20:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe(2)

[2010/05/07 15:12:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jimw\My Documents\pre backup

[2010/04/29 16:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jimw\Application Data\GARMIN

[2010/04/29 15:59:12 | 000,018,944 | ---- | C] (Silicon Laboratories) -- C:\WINDOWS\System32\drivers\SiLib.sys

[2010/04/29 15:59:12 | 000,014,848 | ---- | C] (Silicon Laboratories) -- C:\WINDOWS\System32\drivers\DSI_SiUSBXp_3_1.sys

[2010/04/29 15:59:12 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin

[2010/04/29 15:58:20 | 012,098,416 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\jimw\My Documents\ANTAgent_229.exe

[2009/11/25 20:06:05 | 000,176,128 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll

[2009/11/25 20:06:02 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2010/05/23 21:20:58 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job

[2010/05/23 17:45:22 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/05/23 17:44:50 | 000,001,024 | ---- | M] () -- C:\.rnd

[2010/05/23 17:44:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/05/23 17:44:41 | 2038,460,416 | -HS- | M] () -- C:\hiberfil.sys

[2010/05/23 17:44:07 | 008,126,464 | ---- | M] () -- C:\Documents and Settings\jimw\ntuser.dat

[2010/05/23 17:44:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/05/23 17:44:05 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\jimw\ntuser.ini

[2010/05/23 17:31:16 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jimw\Desktop\OTL.com

[2010/05/23 17:26:56 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\jimw\Desktop\erunt-setup.exe

[2010/05/23 17:22:28 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\jimw\.rnd

[2010/05/23 10:55:02 | 002,799,556 | -H-- | M] () -- C:\Documents and Settings\jimw\Local Settings\Application Data\IconCache.db

[2010/05/23 10:41:52 | 000,127,488 | ---- | M] () -- C:\Documents and Settings\jimw\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/23 06:00:01 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job

[2010/05/23 00:44:25 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\jimw\Desktop\ixcgx0dr.exe

[2010/05/23 00:44:04 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\jimw\Desktop\dds.scr

[2010/05/23 00:37:19 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jimw\defogger_reenable

[2010/05/23 00:36:58 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\jimw\Desktop\Defogger.exe

[2010/05/22 23:43:49 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\mbam2.doc

[2010/05/22 18:24:14 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\mbam.doc

[2010/05/22 16:23:18 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/05/22 16:22:57 | 000,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe

[2010/05/22 16:22:40 | 000,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2010/05/22 16:21:31 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2010/05/22 14:46:54 | 000,395,292 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/05/21 23:01:57 | 000,097,298 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\v6.JPG

[2010/05/19 22:48:52 | 039,858,492 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\HSRS_06-30-04_CF.mp3

[2010/05/19 22:38:23 | 567,036,162 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\Howard Stern - FOX Pilot - Episode 01 [WDM].avi

[2010/05/19 22:36:12 | 236,731,166 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\Howard Stern - Channel 9 Show - Episode 01 [WDM].avi

[2010/05/19 22:35:37 | 082,546,360 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\Bubba Raw - Jesse Jane & Teagan Presley - 10-16-06 [WDM].avi

[2010/05/19 10:14:26 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\ROI calc.xls

[2010/05/18 15:46:54 | 000,122,594 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\345_54_deck_Lawn_Tractor.pdf

[2010/05/18 09:25:39 | 000,066,933 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\deere 92_93.pdf

[2010/05/18 02:16:16 | 000,016,313 | ---- | M] () -- C:\WINDOWS\cfgall.ini

[2010/05/13 16:27:19 | 000,527,398 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/05/13 16:27:19 | 000,455,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/05/13 16:27:19 | 000,075,788 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/05/13 15:29:30 | 005,098,496 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\piggy chronicles.doc

[2010/05/11 11:41:49 | 000,260,842 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\May exp report.pdf

[2010/05/10 15:43:12 | 000,187,011 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\12193 fairway.pdf

[2010/05/10 12:00:00 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job

[2010/05/04 16:57:51 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\keys boat rental.xls

[2010/05/03 17:28:53 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\music.xls

[2010/05/03 16:26:09 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\Apple v2.xls

[2010/04/30 14:08:00 | 000,124,855 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\7241 Venetian - Wharton POF.pdf

[2010/04/29 16:45:30 | 000,072,936 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\W-9.pdf

[2010/04/29 15:58:20 | 012,098,416 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\jimw\My Documents\ANTAgent_229.exe

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/04/27 15:44:50 | 000,268,932 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\Wharton credit app-financial stmt.pdf

[2010/04/27 15:23:18 | 000,000,026 | ---- | M] () -- C:\register.js

[2010/04/27 15:11:39 | 000,083,176 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\doc20100427141312.pdf

[2010/04/27 14:20:15 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\Personal Financial Statement 4-27-10.xls

[2010/04/27 14:17:14 | 000,083,176 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\doc20100427131846.pdf

[2010/04/27 11:18:02 | 001,210,735 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\Wharton, James & Maria 09 1040.pdf

[2010/04/25 13:26:18 | 029,330,111 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\CDNN2010-2.pdf

[2010/04/23 21:42:43 | 000,450,349 | ---- | M] () -- C:\Documents and Settings\jimw\My Documents\12193 Fairway Ave Contract.PDF

========== Files Created - No Company Name ==========

[2010/05/23 17:20:39 | 000,001,024 | ---- | C] () -- C:\.rnd

[2010/05/23 00:44:23 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\jimw\Desktop\ixcgx0dr.exe

[2010/05/23 00:44:01 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\jimw\Desktop\dds.scr

[2010/05/23 00:37:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jimw\defogger_reenable

[2010/05/23 00:36:58 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\jimw\Desktop\Defogger.exe

[2010/05/22 23:43:48 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\mbam2.doc

[2010/05/22 23:32:35 | 2038,460,416 | -HS- | C] () -- C:\hiberfil.sys

[2010/05/22 18:24:13 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\mbam.doc

[2010/05/22 18:23:07 | 000,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe

[2010/05/22 16:23:18 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/05/22 16:21:31 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2010/05/21 23:01:56 | 000,097,298 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\v6.JPG

[2010/05/19 22:48:51 | 039,858,492 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\HSRS_06-30-04_CF.mp3

[2010/05/19 22:36:21 | 567,036,162 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\Howard Stern - FOX Pilot - Episode 01 [WDM].avi

[2010/05/19 22:36:02 | 236,731,166 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\Howard Stern - Channel 9 Show - Episode 01 [WDM].avi

[2010/05/19 22:35:30 | 082,546,360 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\Bubba Raw - Jesse Jane & Teagan Presley - 10-16-06 [WDM].avi

[2010/05/19 20:18:21 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/05/19 10:50:57 | 008,126,464 | ---- | C] () -- C:\Documents and Settings\jimw\ntuser.dat

[2010/05/18 15:46:54 | 000,122,594 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\345_54_deck_Lawn_Tractor.pdf

[2010/05/18 09:25:39 | 000,066,933 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\deere 92_93.pdf

[2010/05/11 11:41:49 | 000,260,842 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\May exp report.pdf

[2010/05/10 15:43:12 | 000,187,011 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\12193 fairway.pdf

[2010/05/10 12:37:57 | 005,098,496 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\piggy chronicles.doc

[2010/05/04 16:57:51 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\keys boat rental.xls

[2010/05/03 17:28:53 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\music.xls

[2010/04/30 14:08:00 | 000,124,855 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\7241 Venetian - Wharton POF.pdf

[2010/04/29 16:45:30 | 000,072,936 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\W-9.pdf

[2010/04/27 15:44:50 | 000,268,932 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\Wharton credit app-financial stmt.pdf

[2010/04/27 15:23:18 | 000,000,026 | ---- | C] () -- C:\register.js

[2010/04/27 15:11:39 | 000,083,176 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\doc20100427141312.pdf

[2010/04/27 14:17:14 | 000,083,176 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\doc20100427131846.pdf

[2010/04/27 11:18:02 | 001,210,735 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\Wharton, James & Maria 09 1040.pdf

[2010/04/26 19:27:05 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\Personal Financial Statement 4-27-10.xls

[2010/04/25 13:26:17 | 029,330,111 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\CDNN2010-2.pdf

[2010/04/23 21:42:41 | 000,450,349 | ---- | C] () -- C:\Documents and Settings\jimw\My Documents\12193 Fairway Ave Contract.PDF

[2010/02/28 22:47:42 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010/02/28 22:47:42 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2010/02/28 22:47:40 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010/02/28 22:47:40 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010/02/28 22:47:38 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2010/02/28 22:47:35 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010/02/28 22:47:35 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2010/02/23 17:13:03 | 000,016,313 | ---- | C] () -- C:\WINDOWS\cfgall.ini

[2010/02/22 19:42:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/11/25 20:43:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2009/11/25 20:22:19 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys

[2009/11/25 20:21:13 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS

[2009/11/25 20:17:35 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL

[2009/11/25 20:17:35 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009/11/25 20:14:39 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2009/11/25 20:14:39 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2009/11/25 20:14:39 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2009/11/25 20:14:39 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2009/11/25 20:14:39 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2009/11/25 20:14:39 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2009/11/25 20:06:05 | 001,754,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys

[2009/11/25 20:06:05 | 000,028,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys

[2009/11/25 20:06:05 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini

[2009/11/25 20:04:24 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS

[2009/08/14 12:47:34 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll

[2008/07/22 11:22:09 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005/02/17 13:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest

[2005/02/17 13:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest

[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010/02/24 12:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis

[2009/11/25 20:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo

[2010/02/22 18:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr

[2009/11/25 20:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall

[2010/05/22 22:50:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

[2010/02/24 13:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jimw\Application Data\Acronis

[2009/11/25 20:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jimw\Application Data\CachedFiles

[2009/11/25 20:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jimw\Application Data\Downloaded Installations

[2010/04/29 16:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jimw\Application Data\GARMIN

[2010/03/09 15:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jimw\Application Data\ICAClient

[2010/02/28 14:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jimw\Application Data\InterVideo

[2009/11/25 20:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jimw\Application Data\Lenovo

[2010/05/22 10:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jimw\Application Data\uTorrent

[2010/05/22 16:23:18 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2010/05/10 12:00:00 | 000,000,528 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job

[2010/05/23 21:20:58 | 000,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

[2010/05/23 06:00:01 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========

< End of report >

EXTRAS LOG

OTL Extras logfile created on: 5/23/2010 9:22:07 PM - Run 1

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\jimw\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 292.37 Gb Total Space | 12.68 Gb Free Space | 4.34% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: SEG-JIMW

Current User Name: JimW

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"44668:TCP" = 44668:TCP:*:Enabled:Trend Micro OfficeScan Listener

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]