[golfman128]

I get frequent page redirects when clicking on search results in yahoo (I'm using IE8). The pages have been going to super-seach-page type sites - no bizarre porn or solicitation sites as of yet. Please help in diagnosis/removal. I've had help from GTG gurus in the past - you guys rock! thanks in advance...

OTL log below.

OTL logfile created on: 6/30/2012 8:36:24 PM - Run 4
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\Jimbo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.18% Memory free
3.85 Gb Paging File | 3.21 Gb Available in Paging File | 83.36% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.29 Gb Total Space | 30.78 Gb Free Space | 34.87% Space Free | Partition Type: NTFS

Computer Name: LENOVO-10D8BD9F | User Name: Jimbo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/30 20:35:19 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jimbo\Desktop\OTL.exe
PRC - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/08/14 02:07:00 | 000,102,400 | ---- | M] () -- C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
PRC - [2006/08/10 13:10:14 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/08/10 12:38:54 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/07/31 10:00:00 | 001,116,920 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2006/04/17 17:13:00 | 000,094,208 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2006/04/17 17:12:28 | 000,151,552 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2006/04/17 17:12:26 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2006/04/17 17:09:10 | 000,409,600 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2006/04/17 16:59:10 | 000,098,304 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2005/12/14 15:51:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2005/12/01 05:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2005/11/01 19:10:32 | 000,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2005/11/01 19:04:02 | 000,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2005/10/28 14:08:32 | 000,335,872 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2005/10/26 04:44:30 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2005/09/15 17:57:42 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/08/18 21:23:16 | 001,730,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/08/18 21:22:30 | 000,085,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe
PRC - [2005/08/18 21:22:02 | 000,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
PRC - [2005/08/12 18:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/08/01 21:32:40 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
PRC - [2005/07/20 18:05:36 | 000,202,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
PRC - [2005/07/20 18:05:02 | 000,079,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
PRC - [2005/07/05 18:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005/06/07 01:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2005/06/02 13:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/06/02 13:21:44 | 000,239,216 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2005/06/02 13:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/06/02 13:21:38 | 000,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/04/05 15:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2003/10/13 17:24:14 | 001,732,608 | ---- | M] (Adobe Sytems) -- C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 19:51:46 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_08aeeeac\system.drawing.dll
MOD - [2012/06/14 19:51:40 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_f810fd5f\system.windows.forms.dll
MOD - [2012/06/14 19:51:27 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2012/02/10 18:00:07 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_79297d1a\mscorlib.dll
MOD - [2012/02/10 18:00:01 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_ea78cfa4\system.xml.dll
MOD - [2012/02/10 17:59:51 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_bb2a6f44\system.dll
MOD - [2012/02/10 17:59:43 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2012/02/10 17:59:43 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/02/10 17:59:42 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2009/12/13 02:21:26 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2009/12/13 02:21:26 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2009/12/13 02:21:26 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2006/08/14 02:07:00 | 000,102,400 | ---- | M] () -- C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
MOD - [2006/08/10 12:42:00 | 000,516,096 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
MOD - [2006/08/10 12:37:06 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2006/08/09 05:27:36 | 000,037,376 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\DLLShared\apm.dll
MOD - [2006/08/08 10:18:18 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2006/04/17 17:13:16 | 000,192,512 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcGolan.dll
MOD - [2006/04/17 17:12:34 | 000,081,920 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\SwiWanIf.dll
MOD - [2006/04/17 17:12:32 | 000,114,688 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcLocMigrator.dll
MOD - [2006/04/17 17:12:26 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
MOD - [2006/04/17 17:12:24 | 000,413,696 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvcHlpr.dll
MOD - [2006/04/17 17:12:22 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
MOD - [2006/04/17 17:12:18 | 000,532,480 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACon.dll
MOD - [2006/04/17 16:47:38 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ThinQCon.dll
MOD - [2006/04/17 16:47:18 | 000,090,112 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll
MOD - [2006/04/17 16:44:32 | 000,007,680 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
MOD - [2006/04/17 16:44:28 | 000,143,360 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
MOD - [2006/04/17 16:44:22 | 000,151,552 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll
MOD - [2006/04/17 16:43:44 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
MOD - [2006/04/17 16:43:38 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll
MOD - [2006/02/17 20:15:46 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2006/02/17 20:15:46 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/02/17 20:15:46 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/01/25 05:03:00 | 000,057,344 | ---- | M] () -- C:\Program Files\ThinkVantage\PrdCtr\US\LPRESMGR.DLL
MOD - [2005/12/07 05:12:00 | 000,073,728 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2005/12/07 05:12:00 | 000,036,864 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2005/12/01 00:16:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll
MOD - [2005/11/17 06:22:00 | 000,057,344 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\EZMAPRES.DLL
MOD - [2005/11/01 19:11:50 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2005/10/29 00:29:52 | 000,208,896 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\tpfnf7.dll
MOD - [2005/08/01 21:32:40 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
MOD - [2005/08/01 21:32:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherCommon.dll
MOD - [2005/07/20 07:34:28 | 000,126,976 | ---- | M] () -- C:\Program Files\ThinkVantage\AMSG\ahlprunl.dll
MOD - [2005/07/15 14:35:56 | 000,831,488 | ---- | M] () -- C:\WINDOWS\system32\libeay32.dll
MOD - [2005/07/05 18:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
MOD - [2005/06/30 07:54:50 | 000,180,224 | ---- | M] () -- C:\Program Files\ThinkVantage\AMSG\AcpPollingEngine.dll
MOD - [2005/06/07 01:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
MOD - [2005/04/13 20:20:48 | 000,054,872 | R--- | M] () -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\prsettg.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/08/10 05:11:14 | 000,057,344 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2006/08/10 05:10:50 | 000,294,912 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2006/04/17 17:12:28 | 000,151,552 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2006/04/17 17:12:26 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2005/12/14 15:51:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/12/01 05:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2005/11/01 19:04:02 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005/08/18 21:23:16 | 001,730,240 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/08/18 21:22:24 | 000,124,608 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/08/18 21:22:02 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/08/01 21:32:40 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe -- (UCLauncherService)
SRV - [2005/07/20 18:05:36 | 000,202,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- (SymSecurePort)
SRV - [2005/07/20 18:05:02 | 000,079,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe -- (ISSVC)
SRV - [2005/06/07 01:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2005/06/02 13:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/06/02 13:21:46 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/06/02 13:21:44 | 000,239,216 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2005/06/02 13:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/04/05 15:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/31 01:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2003/10/13 17:24:14 | 000,061,440 | ---- | M] (Adobe Sytems) [On_Demand | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe -- (AdobeVersionCue)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/02/16 05:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100409.039\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/02/16 05:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100409.039\NAVENG.SYS -- (NAVENG)
DRV - [2009/11/20 03:03:00 | 000,268,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20100402.001\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2009/11/16 14:11:12 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/11/16 14:11:12 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys -- (EraserUtilDrvI9)
DRV - [2008/04/13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (Shansrvuchmn)
DRV - [2006/08/09 05:30:42 | 000,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006/08/08 10:18:50 | 000,009,432 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/08 10:18:28 | 000,035,128 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/08 10:18:26 | 000,097,880 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/08 10:18:26 | 000,094,680 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/08 10:18:24 | 000,026,136 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/08 10:18:22 | 000,032,504 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/08 10:18:20 | 000,104,504 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/08 10:18:20 | 000,014,552 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/01 21:06:20 | 000,012,952 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/01 21:06:18 | 000,028,216 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/05/18 10:49:02 | 000,061,067 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/05/18 10:48:50 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2006/03/04 08:00:00 | 000,241,664 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\c2scsi.sys -- (c2scsi)
DRV - [2006/02/17 20:41:50 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/01/13 04:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2005/12/21 01:51:46 | 001,419,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/12/08 18:44:40 | 000,003,328 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2005/12/07 05:12:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2005/12/05 04:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/12/01 05:09:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2005/11/30 05:51:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005/11/30 05:51:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005/11/21 06:41:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2005/11/18 20:21:14 | 000,058,624 | ---- | M] (Sierra Wireless Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swmx01.sys -- (swmx01) Sierra Wireless USB MUX Driver (#01)
DRV - [2005/11/08 13:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/11/01 18:53:14 | 001,342,122 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/11/01 18:51:06 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/08/05 19:42:18 | 000,073,600 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SWNC5E01.sys -- (SWNC5E01) Sierra Wireless MUX NDIS Driver (#01)
DRV - [2005/04/05 15:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2005/04/05 15:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2005/04/05 15:16:58 | 000,036,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS)
DRV - [2005/04/05 15:16:56 | 000,047,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS)
DRV - [2005/04/05 15:16:54 | 000,173,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW)
DRV - [2005/04/05 15:16:52 | 000,011,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS)
DRV - [2005/04/02 00:36:04 | 000,123,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/03/31 01:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/02/05 00:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/02/05 00:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2001/08/17 13:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9A 3A 68 01 DA EC 58 43 8F 03 91 0B D0 85 53 36 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = Google
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{C0E507BC-7249-4180-804A-F73990F7A5F4}: "URL" = http://websearch.ask...20-8C59384176B4
IE - HKCU\..\SearchScopes\Google: "URL" = http://www.google.co...f8&oe=utf8&q=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2012/06/30 20:07:14 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/27 14:06:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/27 14:06:11 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011/06/13 23:16:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe (Adobe Sytems)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Roxio\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Sonic Solutions)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Solid State Networks] C:\Documents and Settings\Jimbo\Local Settings\Application Data\Temp\Solid State Networks\nktwjpefg.dll (Microsoft Corporation)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: PartyCasino.Net - {351B0824-098F-4a35-883E-3E65A5AA59C9} - C:\Program Files\PartyGaming.Net\PartyCasinoNet\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyCasino.Net - {351B0824-098F-4a35-883E-3E65A5AA59C9} - C:\Program Files\PartyGaming.Net\PartyCasinoNet\RunApp.exe ()
O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe ()
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.c...pport/acpir.cab (IASRunner Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1260679879613 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341070896765 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.mpix.com/...geUploader6.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.micr...loadManager.cab (Microsoft Download Manager ActiveX control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} http://shop.lenovo.c...MachineInfo.cab (MachineInfoActiveX.MachineInfoActiveX)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...all-142-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8121681-8B0C-4078-BC03-2BCFA6834E56}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\psfus: DllName - (psqlpwd.dll) - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\1600_1200 Think Americas Map.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/13 02:41:20 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/30 11:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2012/06/30 11:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jimbo\My Documents\My Downloads
[2012/06/30 11:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Download Manager
[2012/06/30 11:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Download Manager
[2012/06/24 21:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jimbo\Desktop\st joes
[2012/06/23 17:30:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jimbo\Desktop\mohonasen graduation
[2012/06/23 17:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jimbo\Desktop\colonie graduation
[2012/06/22 09:29:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jimbo\Desktop\menands grads
[2012/06/22 09:28:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jimbo\Desktop\ravena group
[2012/06/15 22:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jimbo\apr_case_temp
[2012/06/15 22:41:11 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Assembly
[2012/06/15 22:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Digital Assembly
[2012/06/15 21:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jimbo\Desktop\st marys
[2012/06/10 12:17:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jimbo\Desktop\New Folder (5)
[2012/06/06 12:33:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jimbo\Desktop\New Folder (4)
[2012/06/04 19:29:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jimbo\Desktop\New Folder (3)

========== Files - Modified Within 30 Days ==========

[2012/06/30 20:35:19 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jimbo\Desktop\OTL.exe
[2012/06/30 20:07:54 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/06/30 20:06:16 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2012/06/30 20:05:52 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012/06/30 20:05:27 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/30 20:05:14 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/30 20:04:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/30 20:04:41 | 2145,832,960 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/30 16:21:00 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\profile.dat
[2012/06/30 15:53:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/30 11:45:54 | 000,001,892 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2012/06/29 22:58:47 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/06/29 13:00:11 | 000,064,636 | ---- | M] () -- C:\Documents and Settings\Jimbo\My Documents\COLNAGO WC DECALS 4.ai
[2012/06/24 21:52:22 | 000,052,626 | ---- | M] () -- C:\Documents and Settings\Jimbo\Desktop\COLNAGO WC DECALS 4.cdr
[2012/06/22 23:07:46 | 000,054,187 | ---- | M] () -- C:\Documents and Settings\Jimbo\Desktop\ALL Payroll Election Form 07-25-11 (2).pdf
[2012/06/21 06:49:39 | 000,035,346 | ---- | M] () -- C:\Documents and Settings\Jimbo\Desktop\Menands pan.pdf
[2012/06/21 06:48:29 | 000,036,638 | ---- | M] () -- C:\Documents and Settings\Jimbo\Desktop\Ravena Grad Pan.pdf
[2012/06/20 19:30:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/15 22:41:16 | 000,001,051 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adroit Photo Recovery 2012.lnk
[2012/06/14 20:02:57 | 000,402,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/14 19:55:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/14 19:54:57 | 000,445,082 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/14 19:54:57 | 000,072,792 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2012/06/30 11:54:55 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/06/30 11:51:50 | 000,000,966 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2012/06/30 11:45:54 | 000,001,892 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2012/06/29 13:00:11 | 000,064,636 | ---- | C] () -- C:\Documents and Settings\Jimbo\My Documents\COLNAGO WC DECALS 4.ai
[2012/06/24 21:52:22 | 000,039,050 | ---- | C] () -- C:\Documents and Settings\Jimbo\Desktop\Backup_of_COLNAGO WC DECALS 4.cdr
[2012/06/22 22:55:55 | 000,054,187 | ---- | C] () -- C:\Documents and Settings\Jimbo\Desktop\ALL Payroll Election Form 07-25-11 (2).pdf
[2012/06/21 06:49:39 | 000,035,346 | ---- | C] () -- C:\Documents and Settings\Jimbo\Desktop\Menands pan.pdf
[2012/06/21 06:48:29 | 000,036,638 | ---- | C] () -- C:\Documents and Settings\Jimbo\Desktop\Ravena Grad Pan.pdf
[2012/06/17 14:10:49 | 000,374,520 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/06/15 22:41:16 | 000,001,051 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adroit Photo Recovery 2012.lnk
[2012/02/20 14:47:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/27 14:02:22 | 000,219,311 | ---- | C] () -- C:\WINDOWS\hpwins21.dat
[2011/11/27 14:02:22 | 000,000,575 | ---- | C] () -- C:\WINDOWS\hpwmdl21.dat
[2011/10/28 23:40:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/13 13:36:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/13 13:36:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/13 13:36:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/13 13:36:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/13 13:36:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/03 12:00:38 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ftdiunin.exe
[2011/01/03 12:00:38 | 000,000,133 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2010/11/09 12:19:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jimbo\Local Settings\Application Data\rx_image.Cache
[2009/12/29 16:38:29 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Jimbo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/13 02:41:13 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Jimbo\Local Settings\Application Data\fusioncache.dat

========== LOP Check ==========

[2011/10/04 05:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2010/03/22 17:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2009/12/13 02:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2011/04/26 01:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{bd78f9f661583e4dbb3c3468a905e704}
[2009/12/13 02:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jimbo\Application Data\IBM
[2009/12/17 01:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jimbo\Application Data\UBNet
[2012/06/30 20:07:54 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/06/30 20:05:52 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Jimbo\My Documents\www.usa.canon.com-consumer-controller.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Jimbo\My Documents\My Videos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Jimbo\My Documents\Adobe Acrobat Professional 7:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Jimbo\Desktop\gun_cleaning_box:Roxio EMC Stream

< End of report >

[Advertisements]

Hello golfman128 and welcome to Geeks To Go !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.
Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them.
You get an advantage as you have 2 people examining your issue.

• Please read all of my response through at least once before attempting to follow the procedures described.
• Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
• Please follow the steps exactly as written, in the same order.
• If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
• This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
• Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

I am currently going over your log file now, in the meantime would you please run this scan for me:

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it


Click the [Scan] button to start scan


On completion of the scan click [Save log], save it to your desktop and post in your next reply

[Crowbar]

Hello golfman128 and welcome to Geeks To Go !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.
Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them.
You get an advantage as you have 2 people examining your issue.

• Please read all of my response through at least once before attempting to follow the procedures described.
• Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
• Please follow the steps exactly as written, in the same order.
• If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
• This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
• Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

I am currently going over your log file now, in the meantime would you please run this scan for me:

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it


Click the [Scan] button to start scan


On completion of the scan click [Save log], save it to your desktop and post in your next reply

[golfman128]

Hello Crowbar!! Thanks for replying - I really appreciate what you guys do. I downloaded and ran aswMBR - log file is posted below.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-01 20:05:10
-----------------------------
20:05:10.656 OS Version: Windows 5.1.2600 Service Pack 3
20:05:10.656 Number of processors: 2 586 0xE08
20:05:10.656 ComputerName: LENOVO-10D8BD9F UserName: Jimbo
20:05:11.609 Initialize success
20:05:30.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:05:30.640 Disk 0 Vendor: HTS72101 MCZI Size: 95396MB BusType: 3
20:05:30.656 Disk 0 MBR read successfully
20:05:30.656 Disk 0 MBR scan
20:05:30.656 Disk 0 unknown MBR code
20:05:30.656 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 90409 MB offset 63
20:05:30.687 Disk 0 Partition 2 00 12 Compaq diag MSWIN4.1 4983 MB offset 185159520
20:05:30.687 Disk 0 scanning sectors +195365520
20:05:30.750 Disk 0 scanning C:\WINDOWS\system32\drivers
20:05:38.859 Service scanning
20:05:54.812 Modules scanning
20:06:07.953 Disk 0 trace - called modules:
20:06:07.984 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
20:06:07.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a651ab8]
20:06:08.015 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000099[0x8a626f18]
20:06:08.015 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a624030]
20:06:08.015 Scan finished successfully
20:06:19.296 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jimbo\Desktop\MBR.dat"
20:06:19.296 The log file has been saved successfully to "C:\Documents and Settings\Jimbo\Desktop\aswMBR.txt"

[Crowbar]

Hi golfman128,
I see you have run combofix recently, can you post that log for me? It should be at c:\combofix.txt
You have Acrobat 7.0 installed, and it's rather old. Can you tell me if it's got all of it's updates installed. Usually with Adobe products, you can go to Help > Check for Updates. I don't remember if version 7 does the same.

Step 1
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :commands
  [createrestorepoint]
  :OTL
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9A 3A 68 01 DA EC 58 43 8F 03 91 0B D0 85 53 36 [binary data]
  IE - HKCU\..\SearchScopes\{C0E507BC-7249-4180-804A-F73990F7A5F4}: "URL" = http://websearch.ask...20-8C59384176B4
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
  O4 - HKCU..\Run: [Solid State Networks] C:\Documents and Settings\Jimbo\Local Settings\Application Data\Temp\Solid State Networks\nktwjpefg.dll (Microsoft Corporation)
  O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...all-142-win.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
  
  :Commands
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Step 2
Please run Malwarebytes' Anti-Malware

• Go to the Update tab and check for updates, please install any updates found.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 3

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in

netsvcs
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s

• **Important: Make sure you check the Scan All Users box** Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs in your next response

In your next reply I would like to see:

• OTL fix log
• MBAM log
• OTL custom scan
• ComboFix log from it's previous run

[golfman128]

The last time I ran Combofix was 6-6-2011 - about a year ago. You may have thought the log was dated 6-6-2012. I didn't include the log, since it's old enough that it's probably not useful. If you would still like to see it, I will post in the next reply. Should I run Combofix now?

I ran the OTL fix, MBAM, and OTL scan. The OTL scan only produced one text file - no EXTRAS.txt was created. I re-read your post to make sure I was following your instuctions to the letter and ran the scan a few times - still no EXTRAS.txt log.

Logs are below.



OTL logfile created on: 7/3/2012 11:14:31 PM - Run 8
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\Jimbo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 58.97% Memory free
3.85 Gb Paging File | 3.15 Gb Available in Paging File | 81.91% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.29 Gb Total Space | 47.26 Gb Free Space | 53.52% Space Free | Partition Type: NTFS
Drive F: | 3.68 Gb Total Space | 3.62 Gb Free Space | 98.34% Space Free | Partition Type: FAT32

Computer Name: LENOVO-10D8BD9F | User Name: Jimbo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/30 20:35:19 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jimbo\Desktop\OTL.exe
PRC - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/08/14 02:07:00 | 000,102,400 | ---- | M] () -- C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
PRC - [2006/08/10 13:10:14 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/08/10 12:38:54 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/07/31 10:00:00 | 001,116,920 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2006/04/17 17:13:00 | 000,094,208 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2006/04/17 17:12:28 | 000,151,552 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2006/04/17 17:12:26 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2006/04/17 17:09:10 | 000,409,600 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2006/04/17 16:59:10 | 000,098,304 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2005/12/14 15:51:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2005/12/01 05:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2005/11/01 19:10:32 | 000,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2005/11/01 19:04:02 | 000,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2005/10/28 14:08:32 | 000,335,872 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2005/10/26 04:44:30 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2005/09/15 17:57:42 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/08/18 21:23:16 | 001,730,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/08/18 21:22:30 | 000,085,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe
PRC - [2005/08/18 21:22:02 | 000,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
PRC - [2005/08/12 18:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/08/01 21:32:40 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
PRC - [2005/07/20 18:05:36 | 000,202,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
PRC - [2005/07/20 18:05:02 | 000,079,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
PRC - [2005/07/05 18:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005/06/07 01:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2005/06/02 13:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/06/02 13:21:44 | 000,239,216 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2005/06/02 13:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/06/02 13:21:38 | 000,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/04/05 15:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2003/10/13 17:24:14 | 001,732,608 | ---- | M] (Adobe Sytems) -- C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 19:51:46 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_08aeeeac\system.drawing.dll
MOD - [2012/06/14 19:51:40 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_f810fd5f\system.windows.forms.dll
MOD - [2012/06/14 19:51:27 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2012/02/10 18:00:07 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_79297d1a\mscorlib.dll
MOD - [2012/02/10 18:00:01 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_ea78cfa4\system.xml.dll
MOD - [2012/02/10 17:59:51 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_bb2a6f44\system.dll
MOD - [2012/02/10 17:59:43 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2012/02/10 17:59:43 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/02/10 17:59:42 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2009/12/13 02:21:26 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2009/12/13 02:21:26 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2009/12/13 02:21:26 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2006/08/14 02:07:00 | 000,102,400 | ---- | M] () -- C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
MOD - [2006/08/10 12:42:00 | 000,516,096 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
MOD - [2006/08/10 12:37:06 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2006/08/09 05:27:36 | 000,037,376 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\DLLShared\apm.dll
MOD - [2006/08/08 10:18:18 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2006/04/17 17:13:16 | 000,192,512 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcGolan.dll
MOD - [2006/04/17 17:12:34 | 000,081,920 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\SwiWanIf.dll
MOD - [2006/04/17 17:12:32 | 000,114,688 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcLocMigrator.dll
MOD - [2006/04/17 17:12:26 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
MOD - [2006/04/17 17:12:24 | 000,413,696 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvcHlpr.dll
MOD - [2006/04/17 17:12:22 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
MOD - [2006/04/17 17:12:18 | 000,532,480 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACon.dll
MOD - [2006/04/17 16:47:38 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ThinQCon.dll
MOD - [2006/04/17 16:47:18 | 000,090,112 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll
MOD - [2006/04/17 16:44:32 | 000,007,680 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
MOD - [2006/04/17 16:44:28 | 000,143,360 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
MOD - [2006/04/17 16:44:22 | 000,151,552 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll
MOD - [2006/04/17 16:43:44 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
MOD - [2006/04/17 16:43:38 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll
MOD - [2006/02/17 20:15:46 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2006/02/17 20:15:46 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/02/17 20:15:46 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/01/25 05:03:00 | 000,057,344 | ---- | M] () -- C:\Program Files\ThinkVantage\PrdCtr\US\LPRESMGR.DLL
MOD - [2005/12/07 05:12:00 | 000,073,728 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2005/12/07 05:12:00 | 000,036,864 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2005/12/01 00:16:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll
MOD - [2005/11/17 06:22:00 | 000,057,344 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\EZMAPRES.DLL
MOD - [2005/11/01 19:11:50 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2005/10/29 00:29:52 | 000,208,896 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\tpfnf7.dll
MOD - [2005/08/01 21:32:40 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
MOD - [2005/08/01 21:32:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherCommon.dll
MOD - [2005/07/20 07:34:28 | 000,126,976 | ---- | M] () -- C:\Program Files\ThinkVantage\AMSG\ahlprunl.dll
MOD - [2005/07/15 14:35:56 | 000,831,488 | ---- | M] () -- C:\WINDOWS\system32\libeay32.dll
MOD - [2005/07/05 18:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
MOD - [2005/06/30 07:54:50 | 000,180,224 | ---- | M] () -- C:\Program Files\ThinkVantage\AMSG\AcpPollingEngine.dll
MOD - [2005/06/07 01:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
MOD - [2005/04/13 20:20:48 | 000,054,872 | R--- | M] () -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\prsettg.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/08/10 05:11:14 | 000,057,344 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2006/08/10 05:10:50 | 000,294,912 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2006/04/17 17:12:28 | 000,151,552 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2006/04/17 17:12:26 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2005/12/14 15:51:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/12/01 05:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2005/11/01 19:04:02 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005/08/18 21:23:16 | 001,730,240 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/08/18 21:22:24 | 000,124,608 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/08/18 21:22:02 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/08/01 21:32:40 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe -- (UCLauncherService)
SRV - [2005/07/20 18:05:36 | 000,202,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- (SymSecurePort)
SRV - [2005/07/20 18:05:02 | 000,079,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe -- (ISSVC)
SRV - [2005/06/07 01:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2005/06/02 13:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/06/02 13:21:46 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/06/02 13:21:44 | 000,239,216 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2005/06/02 13:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/04/05 15:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/31 01:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2003/10/13 17:24:14 | 000,061,440 | ---- | M] (Adobe Sytems) [On_Demand | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe -- (AdobeVersionCue)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/02/16 05:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100409.039\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/02/16 05:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100409.039\NAVENG.SYS -- (NAVENG)
DRV - [2009/11/20 03:03:00 | 000,268,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20100402.001\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2009/11/16 14:11:12 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/11/16 14:11:12 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys -- (EraserUtilDrvI9)
DRV - [2008/04/13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (Shansrvuchmn)
DRV - [2006/08/09 05:30:42 | 000,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006/08/08 10:18:50 | 000,009,432 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/08 10:18:28 | 000,035,128 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/08 10:18:26 | 000,097,880 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/08 10:18:26 | 000,094,680 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/08 10:18:24 | 000,026,136 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/08 10:18:22 | 000,032,504 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/08 10:18:20 | 000,104,504 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/08 10:18:20 | 000,014,552 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/01 21:06:20 | 000,012,952 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/01 21:06:18 | 000,028,216 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/05/18 10:49:02 | 000,061,067 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/05/18 10:48:50 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2006/03/04 08:00:00 | 000,241,664 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\c2scsi.sys -- (c2scsi)
DRV - [2006/02/17 20:41:50 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/01/13 04:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2005/12/21 01:51:46 | 001,419,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/12/08 18:44:40 | 000,003,328 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2005/12/07 05:12:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2005/12/05 04:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/12/01 05:09:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2005/11/30 05:51:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005/11/30 05:51:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005/11/21 06:41:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2005/11/18 20:21:14 | 000,058,624 | ---- | M] (Sierra Wireless Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swmx01.sys -- (swmx01) Sierra Wireless USB MUX Driver (#01)
DRV - [2005/11/08 13:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/11/01 18:53:14 | 001,342,122 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/11/01 18:51:06 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/08/05 19:42:18 | 000,073,600 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SWNC5E01.sys -- (SWNC5E01) Sierra Wireless MUX NDIS Driver (#01)
DRV - [2005/04/05 15:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2005/04/05 15:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2005/04/05 15:16:58 | 000,036,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS)
DRV - [2005/04/05 15:16:56 | 000,047,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS)
DRV - [2005/04/05 15:16:54 | 000,173,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW)
DRV - [2005/04/05 15:16:52 | 000,011,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS)
DRV - [2005/04/02 00:36:04 | 000,123,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/03/31 01:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/02/05 00:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/02/05 00:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2001/08/17 13:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9A 3A 68 01 DA EC 58 43 8F 03 91 0B D0 85 53 36 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9A 3A 68 01 DA EC 58 43 8F 03 91 0B D0 85 53 36 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9A 3A 68 01 DA EC 58 43 8F 03 91 0B D0 85 53 36 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9A 3A 68 01 DA EC 58 43 8F 03 91 0B D0 85 53 36 [binary data]

IE - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\..\SearchScopes,DefaultScope = Google
IE - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\..\SearchScopes\Google: "URL" = http://www.google.co...f8&oe=utf8&q=%s
IE - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2012/07/03 22:14:03 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/27 14:06:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/27 14:06:11 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011/06/13 23:16:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe (Adobe Sytems)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Roxio\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Sonic Solutions)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Solid State Networks] rundll32.exe "C:\Documents and Settings\Jimbo\Local Settings\Application Data\Temp\Solid State Networks\nktwjpefg.dll",CreateInstance File not found
O4 - HKU\S-1-5-18..\Run: [Solid State Networks] rundll32.exe "C:\Documents and Settings\Jimbo\Local Settings\Application Data\Temp\Solid State Networks\nktwjpefg.dll",CreateInstance File not found
O4 - HKU\S-1-5-21-3187549879-909587444-3364828474-1005..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: PartyCasino.Net - {351B0824-098F-4a35-883E-3E65A5AA59C9} - C:\Program Files\PartyGaming.Net\PartyCasinoNet\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyCasino.Net - {351B0824-098F-4a35-883E-3E65A5AA59C9} - C:\Program Files\PartyGaming.Net\PartyCasinoNet\RunApp.exe ()
O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe ()
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.c...pport/acpir.cab (IASRunner Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1260679879613 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341070896765 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.mpix.com/...geUploader6.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.micr...loadManager.cab (Microsoft Download Manager ActiveX control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} http://shop.lenovo.c...MachineInfo.cab (MachineInfoActiveX.MachineInfoActiveX)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8121681-8B0C-4078-BC03-2BCFA6834E56}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\psfus: DllName - (psqlpwd.dll) - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\1600_1200 Think Americas Map.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/13 02:41:20 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/07/03 22:43:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jimbo\Desktop\New Folder (2)
[2012/07/03 22:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/03 22:21:18 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/03 22:19:16 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jimbo\Desktop\mbam-setup-1.61.0.1400.exe
[2012/07/01 20:03:03 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Jimbo\Desktop\aswMBR.exe
[2012/06/30 11:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2012/06/30 11:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jimbo\My Documents\My Downloads
[2012/06/30 11:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Download Manager
[2012/06/30 11:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Download Manager
[2012/06/23 17:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jimbo\Desktop\colonie graduation
[2012/06/15 22:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jimbo\apr_case_temp
[2012/06/15 22:41:11 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Assembly
[2012/06/15 22:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Digital Assembly

========== Files - Modified Within 30 Days ==========

[2012/07/03 22:53:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/03 22:21:19 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/03 22:19:19 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jimbo\Desktop\mbam-setup-1.61.0.1400.exe
[2012/07/03 22:14:11 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/07/03 22:13:34 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2012/07/03 22:13:16 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012/07/03 22:12:30 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/03 22:12:23 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/03 22:10:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/03 22:10:54 | 2145,832,960 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/03 22:04:27 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\profile.dat
[2012/07/02 21:38:37 | 001,897,189 | ---- | M] () -- C:\Documents and Settings\Jimbo\Desktop\L-358_English.pdf
[2012/07/01 20:06:19 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Jimbo\Desktop\MBR.dat
[2012/07/01 20:03:06 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Jimbo\Desktop\aswMBR.exe
[2012/06/30 20:35:19 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jimbo\Desktop\OTL.exe
[2012/06/30 11:45:54 | 000,001,892 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2012/06/29 22:58:47 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/06/29 13:00:11 | 000,064,636 | ---- | M] () -- C:\Documents and Settings\Jimbo\My Documents\COLNAGO WC DECALS 4.ai
[2012/06/24 21:52:22 | 000,052,626 | ---- | M] () -- C:\Documents and Settings\Jimbo\Desktop\COLNAGO WC DECALS 4.cdr
[2012/06/22 23:07:46 | 000,054,187 | ---- | M] () -- C:\Documents and Settings\Jimbo\Desktop\ALL Payroll Election Form 07-25-11 (2).pdf
[2012/06/21 06:49:39 | 000,035,346 | ---- | M] () -- C:\Documents and Settings\Jimbo\Desktop\Menands pan.pdf
[2012/06/21 06:48:29 | 000,036,638 | ---- | M] () -- C:\Documents and Settings\Jimbo\Desktop\Ravena Grad Pan.pdf
[2012/06/20 19:30:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/15 22:41:16 | 000,001,051 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adroit Photo Recovery 2012.lnk
[2012/06/14 20:02:57 | 000,402,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/14 19:55:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/14 19:54:57 | 000,445,082 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/14 19:54:57 | 000,072,792 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2012/07/03 22:21:19 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/02 21:38:29 | 001,897,189 | ---- | C] () -- C:\Documents and Settings\Jimbo\Desktop\L-358_English.pdf
[2012/07/01 20:06:19 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Jimbo\Desktop\MBR.dat
[2012/06/30 11:54:55 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/06/30 11:51:50 | 000,000,966 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2012/06/30 11:45:54 | 000,001,892 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2012/06/29 13:00:11 | 000,064,636 | ---- | C] () -- C:\Documents and Settings\Jimbo\My Documents\COLNAGO WC DECALS 4.ai
[2012/06/24 21:52:22 | 000,039,050 | ---- | C] () -- C:\Documents and Settings\Jimbo\Desktop\Backup_of_COLNAGO WC DECALS 4.cdr
[2012/06/22 22:55:55 | 000,054,187 | ---- | C] () -- C:\Documents and Settings\Jimbo\Desktop\ALL Payroll Election Form 07-25-11 (2).pdf
[2012/06/21 06:49:39 | 000,035,346 | ---- | C] () -- C:\Documents and Settings\Jimbo\Desktop\Menands pan.pdf
[2012/06/21 06:48:29 | 000,036,638 | ---- | C] () -- C:\Documents and Settings\Jimbo\Desktop\Ravena Grad Pan.pdf
[2012/06/17 14:10:49 | 000,374,520 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/06/15 22:41:16 | 000,001,051 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adroit Photo Recovery 2012.lnk
[2012/02/20 14:47:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/27 14:02:22 | 000,219,311 | ---- | C] () -- C:\WINDOWS\hpwins21.dat
[2011/11/27 14:02:22 | 000,000,575 | ---- | C] () -- C:\WINDOWS\hpwmdl21.dat
[2011/10/28 23:40:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/13 13:36:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/13 13:36:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/13 13:36:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/13 13:36:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/13 13:36:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/03 12:00:38 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ftdiunin.exe
[2011/01/03 12:00:38 | 000,000,133 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2010/11/09 12:19:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jimbo\Local Settings\Application Data\rx_image.Cache
[2009/12/29 16:38:29 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Jimbo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/13 02:41:13 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Jimbo\Local Settings\Application Data\fusioncache.dat

========== LOP Check ==========

[2009/12/13 02:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IBM
[2011/10/04 05:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2010/03/22 17:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2009/12/13 02:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2011/04/26 01:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{bd78f9f661583e4dbb3c3468a905e704}
[2009/12/13 02:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Annie\Application Data\IBM
[2009/12/13 02:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\IBM
[2009/12/13 02:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jimbo\Application Data\IBM
[2009/12/17 01:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jimbo\Application Data\UBNet
[2009/12/13 02:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Lenovo
[2012/07/03 22:14:11 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/07/03 22:13:16 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 09:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SERVICES >
[2004/08/04 09:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES._ >
[2004/08/04 09:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\I386\SERVICES._

< MD5 for: SERVICES.CFG >
[2012/04/04 01:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EX_ >
[2004/08/04 09:00:00 | 000,049,955 | ---- | M] () MD5=85A738BA493104ED103B26CADEB8B543 -- C:\I386\SERVICES.EX_

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 09:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SERVICES.HTM >
[2005/10/19 16:22:08 | 000,002,651 | ---- | M] () MD5=6EF56ACF83A0F2224F6E80FB226621D0 -- C:\Program Files\Verizon Wireless\VZAccess Manager Lenovo\System\Services.htm

< MD5 for: SERVICES.LNK >
[2004/08/09 14:55:40 | 000,001,506 | ---- | M] () MD5=1FCCD04D5C854BF676E2A61920371BB4 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MS_ >
[2004/08/04 09:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\I386\SERVICES.MS_

< MD5 for: SERVICES.MSC >
[2004/08/04 09:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 09:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 09:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2005/04/01 14:19:52 | 000,502,784 | ---- | M] (Microsoft Corporation) MD5=986EC72D788E00E8E397B7BB7F5A9E45 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Jimbo\My Documents\www.usa.canon.com-consumer-controller.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Jimbo\My Documents\My Videos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Jimbo\My Documents\Adobe Acrobat Professional 7:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Jimbo\Desktop\gun_cleaning_box:Roxio EMC Stream

< End of report >





Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.04.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jimbo :: LENOVO-10D8BD9F [administrator]

7/3/2012 10:24:15 PM
mbam-log-2012-07-03 (22-24-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 250695
Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


OTL logfile created on: 7/3/2012 11:14:31 PM - Run 8
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\Jimbo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 58.97% Memory free
3.85 Gb Paging File | 3.15 Gb Available in Paging File | 81.91% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.29 Gb Total Space | 47.26 Gb Free Space | 53.52% Space Free | Partition Type: NTFS
Drive F: | 3.68 Gb Total Space | 3.62 Gb Free Space | 98.34% Space Free | Partition Type: FAT32

Computer Name: LENOVO-10D8BD9F | User Name: Jimbo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/30 20:35:19 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jimbo\Desktop\OTL.exe
PRC - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/08/14 02:07:00 | 000,102,400 | ---- | M] () -- C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
PRC - [2006/08/10 13:10:14 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/08/10 12:38:54 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/07/31 10:00:00 | 001,116,920 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2006/04/17 17:13:00 | 000,094,208 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2006/04/17 17:12:28 | 000,151,552 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2006/04/17 17:12:26 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2006/04/17 17:09:10 | 000,409,600 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2006/04/17 16:59:10 | 000,098,304 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2005/12/14 15:51:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2005/12/01 05:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2005/11/01 19:10:32 | 000,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2005/11/01 19:04:02 | 000,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2005/10/28 14:08:32 | 000,335,872 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2005/10/26 04:44:30 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2005/09/15 17:57:42 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/08/18 21:23:16 | 001,730,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/08/18 21:22:30 | 000,085,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe
PRC - [2005/08/18 21:22:02 | 000,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
PRC - [2005/08/12 18:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/08/01 21:32:40 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
PRC - [2005/07/20 18:05:36 | 000,202,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
PRC - [2005/07/20 18:05:02 | 000,079,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
PRC - [2005/07/05 18:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005/06/07 01:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2005/06/02 13:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/06/02 13:21:44 | 000,239,216 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2005/06/02 13:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/06/02 13:21:38 | 000,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/04/05 15:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2003/10/13 17:24:14 | 001,732,608 | ---- | M] (Adobe Sytems) -- C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 19:51:46 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_08aeeeac\system.drawing.dll
MOD - [2012/06/14 19:51:40 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_f810fd5f\system.windows.forms.dll
MOD - [2012/06/14 19:51:27 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2012/02/10 18:00:07 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_79297d1a\mscorlib.dll
MOD - [2012/02/10 18:00:01 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_ea78cfa4\system.xml.dll
MOD - [2012/02/10 17:59:51 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_bb2a6f44\system.dll
MOD - [2012/02/10 17:59:43 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2012/02/10 17:59:43 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/02/10 17:59:42 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2009/12/13 02:21:26 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2009/12/13 02:21:26 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2009/12/13 02:21:26 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2006/08/14 02:07:00 | 000,102,400 | ---- | M] () -- C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
MOD - [2006/08/10 12:42:00 | 000,516,096 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
MOD - [2006/08/10 12:37:06 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2006/08/09 05:27:36 | 000,037,376 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\DLLShared\apm.dll
MOD - [2006/08/08 10:18:18 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2006/04/17 17:13:16 | 000,192,512 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcGolan.dll
MOD - [2006/04/17 17:12:34 | 000,081,920 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\SwiWanIf.dll
MOD - [2006/04/17 17:12:32 | 000,114,688 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcLocMigrator.dll
MOD - [2006/04/17 17:12:26 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
MOD - [2006/04/17 17:12:24 | 000,413,696 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvcHlpr.dll
MOD - [2006/04/17 17:12:22 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
MOD - [2006/04/17 17:12:18 | 000,532,480 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACon.dll
MOD - [2006/04/17 16:47:38 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ThinQCon.dll
MOD - [2006/04/17 16:47:18 | 000,090,112 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll
MOD - [2006/04/17 16:44:32 | 000,007,680 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
MOD - [2006/04/17 16:44:28 | 000,143,360 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
MOD - [2006/04/17 16:44:22 | 000,151,552 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll
MOD - [2006/04/17 16:43:44 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
MOD - [2006/04/17 16:43:38 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll
MOD - [2006/02/17 20:15:46 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2006/02/17 20:15:46 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/02/17 20:15:46 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/01/25 05:03:00 | 000,057,344 | ---- | M] () -- C:\Program Files\ThinkVantage\PrdCtr\US\LPRESMGR.DLL
MOD - [2005/12/07 05:12:00 | 000,073,728 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2005/12/07 05:12:00 | 000,036,864 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2005/12/01 00:16:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll
MOD - [2005/11/17 06:22:00 | 000,057,344 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\EZMAPRES.DLL
MOD - [2005/11/01 19:11:50 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2005/10/29 00:29:52 | 000,208,896 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\tpfnf7.dll
MOD - [2005/08/01 21:32:40 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
MOD - [2005/08/01 21:32:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherCommon.dll
MOD - [2005/07/20 07:34:28 | 000,126,976 | ---- | M] () -- C:\Program Files\ThinkVantage\AMSG\ahlprunl.dll
MOD - [2005/07/15 14:35:56 | 000,831,488 | ---- | M] () -- C:\WINDOWS\system32\libeay32.dll
MOD - [2005/07/05 18:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
MOD - [2005/06/30 07:54:50 | 000,180,224 | ---- | M] () -- C:\Program Files\ThinkVantage\AMSG\AcpPollingEngine.dll
MOD - [2005/06/07 01:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
MOD - [2005/04/13 20:20:48 | 000,054,872 | R--- | M] () -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\prsettg.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/08/10 05:11:14 | 000,057,344 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2006/08/10 05:10:50 | 000,294,912 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2006/04/17 17:12:28 | 000,151,552 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2006/04/17 17:12:26 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2005/12/14 15:51:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/12/01 05:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2005/11/01 19:04:02 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005/08/18 21:23:16 | 001,730,240 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/08/18 21:22:24 | 000,124,608 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/08/18 21:22:02 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/08/01 21:32:40 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe -- (UCLauncherService)
SRV - [2005/07/20 18:05:36 | 000,202,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- (SymSecurePort)
SRV - [2005/07/20 18:05:02 | 000,079,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe -- (ISSVC)
SRV - [2005/06/07 01:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2005/06/02 13:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/06/02 13:21:46 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/06/02 13:21:44 | 000,239,216 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2005/06/02 13:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/04/05 15:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/31 01:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2003/10/13 17:24:14 | 000,061,440 | ---- | M] (Adobe Sytems) [On_Demand | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe -- (AdobeVersionCue)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/02/16 05:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100409.039\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/02/16 05:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100409.039\NAVENG.SYS -- (NAVENG)
DRV - [2009/11/20 03:03:00 | 000,268,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20100402.001\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2009/11/16 14:11:12 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/11/16 14:11:12 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys -- (EraserUtilDrvI9)
DRV - [2008/04/13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (Shansrvuchmn)
DRV - [2006/08/09 05:30:42 | 000,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006/08/08 10:18:50 | 000,009,432 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/08 10:18:28 | 000,035,128 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/08 10:18:26 | 000,097,880 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/08 10:18:26 | 000,094,680 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/08 10:18:24 | 000,026,136 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/08 10:18:22 | 000,032,504 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/08 10:18:20 | 000,104,504 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/08 10:18:20 | 000,014,552 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/01 21:06:20 | 000,012,952 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/01 21:06:18 | 000,028,216 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/05/18 10:49:02 | 000,061,067 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/05/18 10:48:50 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2006/03/04 08:00:00 | 000,241,664 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\c2scsi.sys -- (c2scsi)
DRV - [2006/02/17 20:41:50 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/01/13 04:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2005/12/21 01:51:46 | 001,419,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/12/08 18:44:40 | 000,003,328 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2005/12/07 05:12:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2005/12/05 04:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/12/01 05:09:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2005/11/30 05:51:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005/11/30 05:51:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005/11/21 06:41:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2005/11/18 20:21:14 | 000,058,624 | ---- | M] (Sierra Wireless Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swmx01.sys -- (swmx01) Sierra Wireless USB MUX Driver (#01)
DRV - [2005/11/08 13:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/11/01 18:53:14 | 001,342,122 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/11/01 18:51:06 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/08/05 19:42:18 | 000,073,600 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SWNC5E01.sys -- (SWNC5E01) Sierra Wireless MUX NDIS Driver (#01)
DRV - [2005/04/05 15:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2005/04/05 15:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2005/04/05 15:16:58 | 000,036,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS)
DRV - [2005/04/05 15:16:56 | 000,047,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS)
DRV - [2005/04/05 15:16:54 | 000,173,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW)
DRV - [2005/04/05 15:16:52 | 000,011,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS)
DRV - [2005/04/02 00:36:04 | 000,123,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/03/31 01:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/02/05 00:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/02/05 00:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2001/08/17 13:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9A 3A 68 01 DA EC 58 43 8F 03 91 0B D0 85 53 36 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9A 3A 68 01 DA EC 58 43 8F 03 91 0B D0 85 53 36 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9A 3A 68 01 DA EC 58 43 8F 03 91 0B D0 85 53 36 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9A 3A 68 01 DA EC 58 43 8F 03 91 0B D0 85 53 36 [binary data]

IE - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\..\SearchScopes,DefaultScope = Google
IE - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\..\SearchScopes\Google: "URL" = http://www.google.co...f8&oe=utf8&q=%s
IE - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2012/07/03 22:14:03 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/27 14:06:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/27 14:06:11 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011/06/13 23:16:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe (Adobe Sytems)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Roxio\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Sonic Solutions)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Solid State Networks] rundll32.exe "C:\Documents and Settings\Jimbo\Local Settings\Application Data\Temp\Solid State Networks\nktwjpefg.dll",CreateInstance File not found
O4 - HKU\S-1-5-18..\Run: [Solid State Networks] rundll32.exe "C:\Documents and Settings\Jimbo\Local Settings\Application Data\Temp\Solid State Networks\nktwjpefg.dll",CreateInstance File not found
O4 - HKU\S-1-5-21-3187549879-909587444-3364828474-1005..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: PartyCasino.Net - {351B0824-098F-4a35-883E-3E65A5AA59C9} - C:\Program Files\PartyGaming.Net\PartyCasinoNet\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyCasino.Net - {351B0824-098F-4a35-883E-3E65A5AA59C9} - C:\Program Files\PartyGaming.Net\PartyCasinoNet\RunApp.exe ()
O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe ()
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.c...pport/acpir.cab (IASRunner Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1260679879613 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341070896765 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.mpix.com/...geUploader6.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.micr...loadManager.cab (Microsoft Download Manager ActiveX control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} http://shop.lenovo.c...MachineInfo.cab (MachineInfoActiveX.MachineInfoActiveX)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8121681-8B0C-4078-BC03-2BCFA6834E56}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\psfus: DllName - (psqlpwd.dll) - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\1600_1200 Think Americas Map.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/13 02:41:20 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/07/03 22:43:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jimbo\Desktop\New Folder (2)
[2012/07/03 22:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/03 22:21:18 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/03 22:19:16 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jimbo\Desktop\mbam-setup-1.61.0.1400.exe
[2012/07/01 20:03:03 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Jimbo\Desktop\aswMBR.exe
[2012/06/30 11:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2012/06/30 11:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jimbo\My Documents\My Downloads
[2012/06/30 11:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Download Manager
[2012/06/30 11:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Download Manager
[2012/06/23 17:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jimbo\Desktop\colonie graduation
[2012/06/15 22:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jimbo\apr_case_temp
[2012/06/15 22:41:11 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Assembly
[2012/06/15 22:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Digital Assembly

========== Files - Modified Within 30 Days ==========

[2012/07/03 22:53:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/03 22:21:19 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/03 22:19:19 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jimbo\Desktop\mbam-setup-1.61.0.1400.exe
[2012/07/03 22:14:11 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/07/03 22:13:34 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2012/07/03 22:13:16 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012/07/03 22:12:30 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/03 22:12:23 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/03 22:10:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/03 22:10:54 | 2145,832,960 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/03 22:04:27 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\profile.dat
[2012/07/02 21:38:37 | 001,897,189 | ---- | M] () -- C:\Documents and Settings\Jimbo\Desktop\L-358_English.pdf
[2012/07/01 20:06:19 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Jimbo\Desktop\MBR.dat
[2012/07/01 20:03:06 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Jimbo\Desktop\aswMBR.exe
[2012/06/30 20:35:19 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jimbo\Desktop\OTL.exe
[2012/06/30 11:45:54 | 000,001,892 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2012/06/29 22:58:47 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/06/29 13:00:11 | 000,064,636 | ---- | M] () -- C:\Documents and Settings\Jimbo\My Documents\COLNAGO WC DECALS 4.ai
[2012/06/24 21:52:22 | 000,052,626 | ---- | M] () -- C:\Documents and Settings\Jimbo\Desktop\COLNAGO WC DECALS 4.cdr
[2012/06/22 23:07:46 | 000,054,187 | ---- | M] () -- C:\Documents and Settings\Jimbo\Desktop\ALL Payroll Election Form 07-25-11 (2).pdf
[2012/06/21 06:49:39 | 000,035,346 | ---- | M] () -- C:\Documents and Settings\Jimbo\Desktop\Menands pan.pdf
[2012/06/21 06:48:29 | 000,036,638 | ---- | M] () -- C:\Documents and Settings\Jimbo\Desktop\Ravena Grad Pan.pdf
[2012/06/20 19:30:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/15 22:41:16 | 000,001,051 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adroit Photo Recovery 2012.lnk
[2012/06/14 20:02:57 | 000,402,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/14 19:55:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/14 19:54:57 | 000,445,082 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/14 19:54:57 | 000,072,792 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2012/07/03 22:21:19 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/02 21:38:29 | 001,897,189 | ---- | C] () -- C:\Documents and Settings\Jimbo\Desktop\L-358_English.pdf
[2012/07/01 20:06:19 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Jimbo\Desktop\MBR.dat
[2012/06/30 11:54:55 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/06/30 11:51:50 | 000,000,966 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2012/06/30 11:45:54 | 000,001,892 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2012/06/29 13:00:11 | 000,064,636 | ---- | C] () -- C:\Documents and Settings\Jimbo\My Documents\COLNAGO WC DECALS 4.ai
[2012/06/24 21:52:22 | 000,039,050 | ---- | C] () -- C:\Documents and Settings\Jimbo\Desktop\Backup_of_COLNAGO WC DECALS 4.cdr
[2012/06/22 22:55:55 | 000,054,187 | ---- | C] () -- C:\Documents and Settings\Jimbo\Desktop\ALL Payroll Election Form 07-25-11 (2).pdf
[2012/06/21 06:49:39 | 000,035,346 | ---- | C] () -- C:\Documents and Settings\Jimbo\Desktop\Menands pan.pdf
[2012/06/21 06:48:29 | 000,036,638 | ---- | C] () -- C:\Documents and Settings\Jimbo\Desktop\Ravena Grad Pan.pdf
[2012/06/17 14:10:49 | 000,374,520 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/06/15 22:41:16 | 000,001,051 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adroit Photo Recovery 2012.lnk
[2012/02/20 14:47:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/27 14:02:22 | 000,219,311 | ---- | C] () -- C:\WINDOWS\hpwins21.dat
[2011/11/27 14:02:22 | 000,000,575 | ---- | C] () -- C:\WINDOWS\hpwmdl21.dat
[2011/10/28 23:40:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/13 13:36:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/13 13:36:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/13 13:36:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/13 13:36:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/13 13:36:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/03 12:00:38 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ftdiunin.exe
[2011/01/03 12:00:38 | 000,000,133 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2010/11/09 12:19:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jimbo\Local Settings\Application Data\rx_image.Cache
[2009/12/29 16:38:29 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Jimbo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/13 02:41:13 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Jimbo\Local Settings\Application Data\fusioncache.dat

========== LOP Check ==========

[2009/12/13 02:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IBM
[2011/10/04 05:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2010/03/22 17:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2009/12/13 02:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2011/04/26 01:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{bd78f9f661583e4dbb3c3468a905e704}
[2009/12/13 02:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Annie\Application Data\IBM
[2009/12/13 02:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\IBM
[2009/12/13 02:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jimbo\Application Data\IBM
[2009/12/17 01:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jimbo\Application Data\UBNet
[2009/12/13 02:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Lenovo
[2012/07/03 22:14:11 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/07/03 22:13:16 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 09:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SERVICES >
[2004/08/04 09:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES._ >
[2004/08/04 09:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\I386\SERVICES._

< MD5 for: SERVICES.CFG >
[2012/04/04 01:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EX_ >
[2004/08/04 09:00:00 | 000,049,955 | ---- | M] () MD5=85A738BA493104ED103B26CADEB8B543 -- C:\I386\SERVICES.EX_

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 09:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SERVICES.HTM >
[2005/10/19 16:22:08 | 000,002,651 | ---- | M] () MD5=6EF56ACF83A0F2224F6E80FB226621D0 -- C:\Program Files\Verizon Wireless\VZAccess Manager Lenovo\System\Services.htm

< MD5 for: SERVICES.LNK >
[2004/08/09 14:55:40 | 000,001,506 | ---- | M] () MD5=1FCCD04D5C854BF676E2A61920371BB4 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MS_ >
[2004/08/04 09:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\I386\SERVICES.MS_

< MD5 for: SERVICES.MSC >
[2004/08/04 09:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 09:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 09:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2005/04/01 14:19:52 | 000,502,784 | ---- | M] (Microsoft Corporation) MD5=986EC72D788E00E8E397B7BB7F5A9E45 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Jimbo\My Documents\www.usa.canon.com-consumer-controller.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Jimbo\My Documents\My Videos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Jimbo\My Documents\Adobe Acrobat Professional 7:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Jimbo\Desktop\gun_cleaning_box:Roxio EMC Stream

< End of report >

[golfman128]

Ooops. both OTL logs in last reply were scan logs. The fix log is below. Sorry.


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0E507BC-7249-4180-804A-F73990F7A5F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C0E507BC-7249-4180-804A-F73990F7A5F4}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Solid State Networks deleted successfully.
C:\Documents and Settings\Jimbo\Local Settings\Application Data\Temp\Solid State Networks\nktwjpefg.dll moved successfully.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Annie
->Temp folder emptied: 13840481 bytes
->Temporary Internet Files folder emptied: 402809385 bytes
->Java cache emptied: 42902 bytes
->Flash cache emptied: 3153498 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jimbo
->Temp folder emptied: 1573879257 bytes
->Temporary Internet Files folder emptied: 20981150 bytes
->Java cache emptied: 2055478 bytes
->Google Chrome cache emptied: 6178192 bytes
->Flash cache emptied: 1750 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 73892 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8213097 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 198523212 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 847658570 bytes

Total Files Cleaned = 2,935.00 mb


OTL by OldTimer - Version 3.2.53.0 log created on 07032012_220426

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Crowbar]

Hi golfman128,
Don't worry about the extras.txt file. I can generate a new one if I need to see it.

Also, don't worry about the combofix log, being a year old it won't help very much. I would like to uninstall it properly shortly, I will address it in the cleanup phase, so please stick with me a little bit longer

Have you made sure that your Adobe Acrobat is fully updated? It's a very popular avenue of attack for malware these days.

How about the redirect issue? It should be gone for the first user account and this fix should remove it for all users.

Step 1

We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :commands
  [createrestorepoint]
  :otl
  IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9A 3A 68 01 DA EC 58 43 8F 03 91 0B D0 85 53 36 [binary data]
  IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9A 3A 68 01 DA EC 58 43 8F 03 91 0B D0 85 53 36 [binary data]
  IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9A 3A 68 01 DA EC 58 43 8F 03 91 0B D0 85 53 36 [binary data]
  IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9A 3A 68 01 DA EC 58 43 8F 03 91 0B D0 85 53 36 [binary data]
  IE - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 
  O4 - HKU\.DEFAULT..\Run: [Solid State Networks] rundll32.exe "C:\Documents and Settings\Jimbo\Local Settings\Application Data\Temp\Solid State Networks\nktwjpefg.dll",CreateInstance File not found
  O4 - HKU\S-1-5-18..\Run: [Solid State Networks] rundll32.exe "C:\Documents and Settings\Jimbo\Local Settings\Application Data\Temp\Solid State Networks\nktwjpefg.dll",CreateInstance File not found
  
  :reg
  [HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
  XMLHTTP_UUID_Default=-
  [HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
  XMLHTTP_UUID_Default=-
  [HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
  XMLHTTP_UUID_Default=-
  [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
  XMLHTTP_UUID_Default=-
  [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
  XMLHTTP_UUID_Default=-
  [HKU\S-1-5-21-3187549879-909587444-3364828474-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
  XMLHTTP_UUID_Default=-
  
  :commands
  [emptytemp]
  [reboot]
  

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2
Download Security Check from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

In your next reply I would like to see:

• OTL log
• contents of checkup.txt
• how is the computer?

[golfman128]

Hey Crowbar. The machine seems to running fine now. My version of Acrobat Professional is updated to version 7.1.0, which was the final update for version 7. Unfortunately, it is an old version and I should probably get something newer.

OTL and checkup logs below.



OTL logfile created on: 7/4/2012 8:16:49 PM - Run 9
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\Jimbo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 53.98% Memory free
3.85 Gb Paging File | 3.13 Gb Available in Paging File | 81.33% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.29 Gb Total Space | 47.22 Gb Free Space | 53.48% Space Free | Partition Type: NTFS

Computer Name: LENOVO-10D8BD9F | User Name: Jimbo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/30 20:35:19 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jimbo\Desktop\OTL.exe
PRC - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/15 02:40:39 | 000,032,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/08/14 02:07:00 | 000,102,400 | ---- | M] () -- C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
PRC - [2006/08/10 13:10:14 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/08/10 12:38:54 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/07/31 10:00:00 | 001,116,920 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2006/04/17 17:13:00 | 000,094,208 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2006/04/17 17:12:28 | 000,151,552 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2006/04/17 17:12:26 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2006/04/17 17:09:10 | 000,409,600 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2006/04/17 16:59:10 | 000,098,304 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2005/12/14 15:51:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2005/12/01 05:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2005/11/01 19:10:32 | 000,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2005/11/01 19:04:02 | 000,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2005/10/28 14:08:32 | 000,335,872 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2005/10/26 04:44:30 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2005/09/15 17:57:42 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/08/18 21:23:16 | 001,730,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/08/18 21:22:30 | 000,085,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe
PRC - [2005/08/18 21:22:02 | 000,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
PRC - [2005/08/12 18:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/08/01 21:32:40 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
PRC - [2005/07/20 18:05:36 | 000,202,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
PRC - [2005/07/20 18:05:02 | 000,079,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
PRC - [2005/07/05 18:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005/06/07 01:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2005/06/02 13:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/06/02 13:21:44 | 000,239,216 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2005/06/02 13:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/06/02 13:21:38 | 000,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/04/05 15:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2003/10/13 17:24:14 | 001,732,608 | ---- | M] (Adobe Sytems) -- C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 19:51:46 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_08aeeeac\system.drawing.dll
MOD - [2012/06/14 19:51:40 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_f810fd5f\system.windows.forms.dll
MOD - [2012/06/14 19:51:27 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2012/02/10 18:00:07 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_79297d1a\mscorlib.dll
MOD - [2012/02/10 18:00:01 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_ea78cfa4\system.xml.dll
MOD - [2012/02/10 17:59:51 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_bb2a6f44\system.dll
MOD - [2012/02/10 17:59:43 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2012/02/10 17:59:43 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/02/10 17:59:42 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2009/12/13 02:21:26 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2009/12/13 02:21:26 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2009/12/13 02:21:26 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2006/08/14 02:07:00 | 000,102,400 | ---- | M] () -- C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
MOD - [2006/08/10 12:42:00 | 000,516,096 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
MOD - [2006/08/10 12:37:06 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2006/08/09 05:27:36 | 000,037,376 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\DLLShared\apm.dll
MOD - [2006/08/08 10:18:18 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2006/04/17 17:13:16 | 000,192,512 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcGolan.dll
MOD - [2006/04/17 17:12:34 | 000,081,920 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\SwiWanIf.dll
MOD - [2006/04/17 17:12:32 | 000,114,688 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcLocMigrator.dll
MOD - [2006/04/17 17:12:26 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
MOD - [2006/04/17 17:12:24 | 000,413,696 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvcHlpr.dll
MOD - [2006/04/17 17:12:22 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
MOD - [2006/04/17 17:12:18 | 000,532,480 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACon.dll
MOD - [2006/04/17 16:47:38 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ThinQCon.dll
MOD - [2006/04/17 16:47:18 | 000,090,112 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll
MOD - [2006/04/17 16:44:32 | 000,007,680 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
MOD - [2006/04/17 16:44:28 | 000,143,360 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
MOD - [2006/04/17 16:44:22 | 000,151,552 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll
MOD - [2006/04/17 16:43:44 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
MOD - [2006/04/17 16:43:38 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll
MOD - [2006/02/17 20:15:46 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2006/02/17 20:15:46 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/02/17 20:15:46 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/01/25 05:03:00 | 000,057,344 | ---- | M] () -- C:\Program Files\ThinkVantage\PrdCtr\US\LPRESMGR.DLL
MOD - [2005/12/07 05:12:00 | 000,073,728 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2005/12/07 05:12:00 | 000,036,864 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2005/12/01 00:16:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll
MOD - [2005/11/17 06:22:00 | 000,057,344 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\EZMAPRES.DLL
MOD - [2005/11/01 19:11:50 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2005/10/29 00:29:52 | 000,208,896 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\tpfnf7.dll
MOD - [2005/08/01 21:32:40 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
MOD - [2005/08/01 21:32:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherCommon.dll
MOD - [2005/07/20 07:34:28 | 000,126,976 | ---- | M] () -- C:\Program Files\ThinkVantage\AMSG\ahlprunl.dll
MOD - [2005/07/15 14:35:56 | 000,831,488 | ---- | M] () -- C:\WINDOWS\system32\libeay32.dll
MOD - [2005/07/05 18:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
MOD - [2005/06/30 07:54:50 | 000,180,224 | ---- | M] () -- C:\Program Files\ThinkVantage\AMSG\AcpPollingEngine.dll
MOD - [2005/06/07 01:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
MOD - [2005/04/13 20:20:48 | 000,054,872 | R--- | M] () -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\prsettg.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/08/10 05:11:14 | 000,057,344 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2006/08/10 05:10:50 | 000,294,912 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2006/04/17 17:12:28 | 000,151,552 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2006/04/17 17:12:26 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2005/12/14 15:51:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/12/01 05:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2005/11/01 19:04:02 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005/08/18 21:23:16 | 001,730,240 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/08/18 21:22:24 | 000,124,608 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/08/18 21:22:02 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/08/01 21:32:40 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe -- (UCLauncherService)
SRV - [2005/07/20 18:05:36 | 000,202,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- (SymSecurePort)
SRV - [2005/07/20 18:05:02 | 000,079,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe -- (ISSVC)
SRV - [2005/06/07 01:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2005/06/02 13:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/06/02 13:21:46 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/06/02 13:21:44 | 000,239,216 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2005/06/02 13:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/04/05 15:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/31 01:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2003/10/13 17:24:14 | 000,061,440 | ---- | M] (Adobe Sytems) [On_Demand | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe -- (AdobeVersionCue)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/02/16 05:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100409.039\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/02/16 05:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100409.039\NAVENG.SYS -- (NAVENG)
DRV - [2009/11/20 03:03:00 | 000,268,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20100402.001\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2009/11/16 14:11:12 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/11/16 14:11:12 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys -- (EraserUtilDrvI9)
DRV - [2008/04/13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (Shansrvuchmn)
DRV - [2006/08/09 05:30:42 | 000,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006/08/08 10:18:50 | 000,009,432 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/08 10:18:28 | 000,035,128 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/08 10:18:26 | 000,097,880 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/08 10:18:26 | 000,094,680 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/08 10:18:24 | 000,026,136 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/08 10:18:22 | 000,032,504 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/08 10:18:20 | 000,104,504 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/08 10:18:20 | 000,014,552 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/01 21:06:20 | 000,012,952 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/01 21:06:18 | 000,028,216 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/05/18 10:49:02 | 000,061,067 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/05/18 10:48:50 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2006/03/04 08:00:00 | 000,241,664 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\c2scsi.sys -- (c2scsi)
DRV - [2006/02/17 20:41:50 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/01/13 04:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2005/12/21 01:51:46 | 001,419,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/12/08 18:44:40 | 000,003,328 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2005/12/07 05:12:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2005/12/05 04:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/12/01 05:09:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2005/11/30 05:51:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005/11/30 05:51:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005/11/21 06:41:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2005/11/18 20:21:14 | 000,058,624 | ---- | M] (Sierra Wireless Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swmx01.sys -- (swmx01) Sierra Wireless USB MUX Driver (#01)
DRV - [2005/11/08 13:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/11/01 18:53:14 | 001,342,122 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/11/01 18:51:06 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/08/05 19:42:18 | 000,073,600 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SWNC5E01.sys -- (SWNC5E01) Sierra Wireless MUX NDIS Driver (#01)
DRV - [2005/04/05 15:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2005/04/05 15:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2005/04/05 15:16:58 | 000,036,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS)
DRV - [2005/04/05 15:16:56 | 000,047,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS)
DRV - [2005/04/05 15:16:54 | 000,173,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW)
DRV - [2005/04/05 15:16:52 | 000,011,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS)
DRV - [2005/04/02 00:36:04 | 000,123,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/03/31 01:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/02/05 00:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/02/05 00:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2001/08/17 13:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\..\SearchScopes,DefaultScope = Google
IE - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\..\SearchScopes\Google: "URL" = http://www.google.co...f8&oe=utf8&q=%s
IE - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2012/07/04 20:14:07 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/27 14:06:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/27 14:06:11 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011/06/13 23:16:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe (Adobe Sytems)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Roxio\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Sonic Solutions)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3187549879-909587444-3364828474-1005..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3187549879-909587444-3364828474-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: PartyCasino.Net - {351B0824-098F-4a35-883E-3E65A5AA59C9} - C:\Program Files\PartyGaming.Net\PartyCasinoNet\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyCasino.Net - {351B0824-098F-4a35-883E-3E65A5AA59C9} - C:\Program Files\PartyGaming.Net\PartyCasinoNet\RunApp.exe ()
O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe ()
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.c...pport/acpir.cab (IASRunner Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1260679879613 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341070896765 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.mpix.com/...geUploader6.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.micr...loadManager.cab (Microsoft Download Manager ActiveX control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} http://shop.lenovo.c...MachineInfo.cab (MachineInfoActiveX.MachineInfoActiveX)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8121681-8B0C-4078-BC03-2BCFA6834E56}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\psfus: DllName - (psqlpwd.dll) - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\1600_1200 Think Americas Map.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/13 02:41:20 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/03 22:43:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jimbo\Desktop\New Folder (2)
[2012/07/03 22:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/03 22:21:18 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/03 22:19:16 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jimbo\Desktop\mbam-setup-1.61.0.1400.exe
[2012/07/01 20:03:03 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Jimbo\Desktop\aswMBR.exe
[2012/06/30 11:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2012/06/30 11:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jimbo\My Documents\My Downloads
[2012/06/30 11:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Download Manager
[2012/06/30 11:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Download Manager
[2012/06/23 17:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jimbo\Desktop\colonie graduation
[2012/06/15 22:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jimbo\apr_case_temp
[2012/06/15 22:41:11 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Assembly
[2012/06/15 22:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Digital Assembly

========== Files - Modified Within 30 Days ==========

[2012/07/04 20:14:46 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/07/04 20:13:27 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2012/07/04 20:13:14 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012/07/04 20:12:20 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/04 20:12:17 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/04 20:11:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/04 20:11:23 | 2145,832,960 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/04 20:09:21 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\profile.dat
[2012/07/04 19:53:34 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/03 22:21:19 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/03 22:19:19 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jimbo\Desktop\mbam-setup-1.61.0.1400.exe
[2012/07/02 21:38:37 | 001,897,189 | ---- | M] () -- C:\Documents and Settings\Jimbo\Desktop\L-358_English.pdf
[2012/07/01 20:06:19 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Jimbo\Desktop\MBR.dat
[2012/07/01 20:03:06 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Jimbo\Desktop\aswMBR.exe
[2012/06/30 20:35:19 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jimbo\Desktop\OTL.exe
[2012/06/30 11:45:54 | 000,001,892 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2012/06/29 22:58:47 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/06/29 13:00:11 | 000,064,636 | ---- | M] () -- C:\Documents and Settings\Jimbo\My Documents\COLNAGO WC DECALS 4.ai
[2012/06/24 21:52:22 | 000,052,626 | ---- | M] () -- C:\Documents and Settings\Jimbo\Desktop\COLNAGO WC DECALS 4.cdr
[2012/06/22 23:07:46 | 000,054,187 | ---- | M] () -- C:\Documents and Settings\Jimbo\Desktop\ALL Payroll Election Form 07-25-11 (2).pdf
[2012/06/21 06:49:39 | 000,035,346 | ---- | M] () -- C:\Documents and Settings\Jimbo\Desktop\Menands pan.pdf
[2012/06/21 06:48:29 | 000,036,638 | ---- | M] () -- C:\Documents and Settings\Jimbo\Desktop\Ravena Grad Pan.pdf
[2012/06/20 19:30:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/15 22:41:16 | 000,001,051 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adroit Photo Recovery 2012.lnk
[2012/06/14 20:02:57 | 000,402,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/14 19:55:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/14 19:54:57 | 000,445,082 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/14 19:54:57 | 000,072,792 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2012/07/03 22:21:19 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/02 21:38:29 | 001,897,189 | ---- | C] () -- C:\Documents and Settings\Jimbo\Desktop\L-358_English.pdf
[2012/07/01 20:06:19 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Jimbo\Desktop\MBR.dat
[2012/06/30 11:54:55 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/06/30 11:51:50 | 000,000,966 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2012/06/30 11:45:54 | 000,001,892 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2012/06/29 13:00:11 | 000,064,636 | ---- | C] () -- C:\Documents and Settings\Jimbo\My Documents\COLNAGO WC DECALS 4.ai
[2012/06/24 21:52:22 | 000,039,050 | ---- | C] () -- C:\Documents and Settings\Jimbo\Desktop\Backup_of_COLNAGO WC DECALS 4.cdr
[2012/06/22 22:55:55 | 000,054,187 | ---- | C] () -- C:\Documents and Settings\Jimbo\Desktop\ALL Payroll Election Form 07-25-11 (2).pdf
[2012/06/21 06:49:39 | 000,035,346 | ---- | C] () -- C:\Documents and Settings\Jimbo\Desktop\Menands pan.pdf
[2012/06/21 06:48:29 | 000,036,638 | ---- | C] () -- C:\Documents and Settings\Jimbo\Desktop\Ravena Grad Pan.pdf
[2012/06/17 14:10:49 | 000,374,520 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/06/15 22:41:16 | 000,001,051 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adroit Photo Recovery 2012.lnk
[2012/02/20 14:47:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/27 14:02:22 | 000,219,311 | ---- | C] () -- C:\WINDOWS\hpwins21.dat
[2011/11/27 14:02:22 | 000,000,575 | ---- | C] () -- C:\WINDOWS\hpwmdl21.dat
[2011/10/28 23:40:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/13 13:36:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/13 13:36:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/13 13:36:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/13 13:36:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/13 13:36:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/03 12:00:38 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ftdiunin.exe
[2011/01/03 12:00:38 | 000,000,133 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2010/11/09 12:19:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jimbo\Local Settings\Application Data\rx_image.Cache
[2009/12/29 16:38:29 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Jimbo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/13 02:41:13 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Jimbo\Local Settings\Application Data\fusioncache.dat

========== LOP Check ==========

[2009/12/13 02:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IBM
[2011/10/04 05:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2010/03/22 17:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2009/12/13 02:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2011/04/26 01:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{bd78f9f661583e4dbb3c3468a905e704}
[2009/12/13 02:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Annie\Application Data\IBM
[2009/12/13 02:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\IBM
[2009/12/13 02:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jimbo\Application Data\IBM
[2009/12/17 01:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jimbo\Application Data\UBNet
[2009/12/13 02:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Lenovo
[2012/07/04 20:14:46 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/07/04 20:13:14 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Jimbo\My Documents\www.usa.canon.com-consumer-controller.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Jimbo\My Documents\My Videos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Jimbo\My Documents\Adobe Acrobat Professional 7:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Jimbo\Desktop\gun_cleaning_box:Roxio EMC Stream

< End of report >



Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Symantec AntiVirus Corporate Edition
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Windows Defender
Malwarebytes Anti-Malware version 1.61.0.1400
IBM 32-bit Runtime Environment for Java 2, v1.4.2
Java™ 6 Update 29
IBM 32-bit Runtime Environment for Java 2, v1.4.2
Java version out of Date!
Adobe Reader X (10.1.3)
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Windows Defender MSASCui.exe
Symantec Client Security Symantec AntiVirus DefWatch.exe
Symantec Client Security Symantec AntiVirus Rtvscan.exe
Symantec Client Security Symantec Client Firewall ISSVC.exe
Symantec Client Security Symantec Client Firewall SymSPort.exe
Windows Defender MsMpEng.exe
Windows Defender MSASCui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 11% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

[Crowbar]

Hi again golfman128,

I see you have the Adobe reader X installed. I would just make sure that it's the default program for opening PDF files. Acrobat 7 is rather old, but if you are opening PDF's with the newest reader, and keeping it updated, then from a security standpoint, you should be fine there. I am still using Acrobat 8, and that cost me a fortune several years ago!

I see that your Anti Virus is in need of updating, it's a very good idea to keep it updated all the time. Let it update automatically if at all possible.
For some reason you seem to have the On Access feature disabled. It would be best if you were to reenable this feature.
If you need help with this check out this link to the Norton Corporate AV users guide.
Also, you need to defragment your hard drive

The machine seems to running fine now.

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :Commands
  [resethosts]
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Go to control panel
• Select folder options (Appearance > Folder options in category view)
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
• Click Yes to confirm.
• Click OK.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

• Go to this site and click Do I have Java
• It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

• Go to Control Panel and select System
• Select System
• On the left select System Protection and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name i.e. Clean
• Select Create

Now we can purge the infected ones

• Go Start > All programs > Accessories > system tools
• Right click Disc cleanup and select run as administrator
• Select Your main drive and accept the warning if you get one
• For a few moments the system will make some calculations
• Select the More Options tab
• In the System Restore and Shadow Backups select Clean up
• Select Delete on the pop up
• Select OK
• Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programs on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe

[golfman128]

A huge thanks, Crowbar!! I really appreciate the help. Sorry for not posting for a few days - work suddenly got super busy. I will employ your recommendations and hopefully stay clean! You guys rock!

[Crowbar]

You are very welcome. Stay safe out there!

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.