Fake win32 netsky/alureon rootkit/GMER problem [Solved]

Hi, I'm having trouble in the aftermath of cleaning up a computer infection and am not sure if this is because of continued infection, something wrong I did to my computer or both. Abt 2-3 weeks ago I started getting redirected to random web sites especially when using google search on Mozilla, following which I got hit with the Fake win32 netsky worm (blue background, pop up windows advising me I'd been infected by the win32 netsky worm, unable to access Task manager) and was unable to load except in Safe Mode. I came across Geeks to Go in the middle of trouble-shooting, so will warn that I already did some stuff to my computer & that may be part of the problem.


Since coming here-
1. Ran TFC and ERUNT but I am unable to run SysRestore- I get a pop up box saying that the program is not running so Windows will close the program. Incidentally, around when the Fake32 worm alert appeared, before I'd tried to fix/delete anything, I was getting a similar pop up box saying that Windows Media Center update had stopped working

2. Ran MBAM
3. I tried 4-5 times to run GMER. Half the time I get the pop up box saying that it's not working so Window will close the program, and the other half the entire computer crashes either while loading or running the program- at one point it flashed the words "kglyqpow.sys," then with the 2nd crash said something abt BIOS. Would it help to try to run GMER in Safe Mode?
4. Ran OTL
Below I have listed MBAM and the OTL logs

MBAM log:
Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fastnetsrv (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwsrv (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\buildw (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\firstinstallflag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\updatenew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mbt (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udfa (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mfa (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Windows\System32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\FastNetSrv.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\oqnqso.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Windows\System32\opeia.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\BtwSrv.dllx (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Temp\tmp0_10912667866.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\ogstiuu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\BtwSrv.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\lsm32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\critical_warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\ntldrs (Pwned.Zbot) -> Quarantined and deleted successfully.
C:\Windows\System32\AVR10.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\winhelper86.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\uwlwfa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.



OTL.txt:

OTL logfile created on: 1/7/2010 10:40:08 PM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\Jacqui\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.65 Gb Total Space | 147.35 Gb Free Space | 66.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.97 Gb Total Space | 1.39 Gb Free Space | 70.69% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 9.77 Gb Total Space | 3.38 Gb Free Space | 34.57% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.69 Gb Free Space | 47.14% Space Free | Partition Type: NTFS

Computer Name: JACQUI-PC
Current User Name: Jacqui
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/07 22:27:11 | 00,062,760 | ---- | M] () -- c:\Program Files\tbh\base\bin\tbhDaemon.exe
PRC - [2010/01/04 08:39:44 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Jacqui\Desktop\OTL.exe
PRC - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/24 18:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/10/22 13:57:44 | 00,070,952 | ---- | M] () -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
PRC - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/04/11 01:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 01:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/09/25 02:36:00 | 00,066,848 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2008/09/19 15:28:14 | 00,700,416 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2008/08/07 14:23:34 | 00,558,368 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2008/08/07 14:23:18 | 00,238,880 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2008/05/29 03:10:56 | 02,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2008/05/29 03:10:48 | 00,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2008/05/24 18:31:24 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2008/05/24 18:17:54 | 00,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2008/05/14 18:21:16 | 00,037,416 | ---- | M] (Lenovo.) -- C:\Windows\System32\TPHDEXLG.exe
PRC - [2008/05/05 22:35:22 | 00,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/05/05 22:06:30 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/03/26 20:45:12 | 00,058,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2008/01/20 21:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/20 21:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/11 19:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/11/21 04:08:56 | 00,820,520 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/11/21 03:55:28 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2007/09/10 23:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/01/04 08:39:44 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Jacqui\Desktop\OTL.exe
MOD - [2009/12/08 13:12:24 | 00,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/04/11 01:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/22 13:57:44 | 00,070,952 | ---- | M] () [Auto | Running] -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe)
SRV - [2009/09/24 20:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/13 19:46:08 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 21:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/20 10:36:40 | 00,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/09/25 02:36:00 | 00,066,848 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2008/09/19 15:28:14 | 00,700,416 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2008/08/08 15:37:04 | 00,041,248 | ---- | M] (Lenovo) [Disabled | Stopped] -- C:\Windows\System32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2008/08/07 14:23:18 | 00,238,880 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2008/08/07 14:23:16 | 00,116,000 | ---- | M] (Lenovo) [Disabled | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2008/06/13 19:42:54 | 00,779,576 | ---- | M] (Lenovo) [Disabled | Stopped] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2008/06/13 19:29:44 | 00,746,808 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2008/05/29 03:10:56 | 02,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel®
SRV - [2008/05/29 03:10:48 | 00,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®
SRV - [2008/05/24 18:49:32 | 01,155,072 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2008/05/24 18:31:24 | 00,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2008/05/24 18:17:54 | 00,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/05/24 17:28:20 | 00,253,952 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2008/05/14 18:21:16 | 00,037,416 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\System32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2008/05/05 22:35:22 | 00,815,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/05/05 22:06:30 | 00,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/04/25 10:15:24 | 01,120,752 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/03/26 20:45:12 | 00,058,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2008/03/24 09:35:22 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2008/03/17 12:32:08 | 00,518,696 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2008/01/20 21:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 19:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/10/18 01:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Disabled | Stopped] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/09/10 23:45:04 | 00,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/01/04 21:48:52 | 00,112,152 | R--- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 16:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/16 02:17:18 | 00,276,000 | ---- | M] (Pure Networks, Inc.) [Disabled | Stopped] -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -- (nmservice)
SRV - [2004/10/22 05:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: [email protected]:5.5
FF - prefs.js..extensions.enabledItems: craigslistimagepreviewext@craigstoolbox:3.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.35
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.16601.2
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{1B50C348-D2A2-4A96-85E2-90BC7E77E01F}: C:\Windows\system32\config\systemprofile\AppData\Local\{1B50C348-D2A2-4A96-85E2-90BC7E77E01F}\ [2009/12/24 17:55:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/01/06 21:31:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/07 20:05:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/07 20:05:01 | 00,000,000 | ---D | M]

[2008/11/09 16:56:21 | 00,000,000 | ---D | M] -- C:\Users\Jacqui\AppData\Roaming\Mozilla\Extensions
[2010/01/07 20:06:43 | 00,000,000 | ---D | M] -- C:\Users\Jacqui\AppData\Roaming\Mozilla\Firefox\Profiles\sqs4detl.default\extensions
[2010/01/06 21:20:37 | 00,000,000 | ---D | M] (NoScript) -- C:\Users\Jacqui\AppData\Roaming\Mozilla\Firefox\Profiles\sqs4detl.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/04/21 19:19:16 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Jacqui\AppData\Roaming\Mozilla\Firefox\Profiles\sqs4detl.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/08/04 23:28:41 | 00,000,000 | ---D | M] -- C:\Users\Jacqui\AppData\Roaming\Mozilla\Firefox\Profiles\sqs4detl.default\extensions\[email protected]
[2010/01/07 20:06:41 | 00,000,000 | ---D | M] -- C:\Users\Jacqui\AppData\Roaming\Mozilla\Firefox\Profiles\sqs4detl.default\extensions\[email protected]
[2008/12/16 22:29:27 | 00,000,000 | ---D | M] -- C:\Users\Jacqui\AppData\Roaming\Mozilla\Firefox\Profiles\sqs4detl.default\extensions\craigslistimagepreviewext@craigstoolbox
[2008/12/25 10:40:25 | 00,000,000 | ---D | M] -- C:\Users\Jacqui\AppData\Roaming\Mozilla\Firefox\Profiles\sqs4detl.default\extensions\[email protected]
[2008/11/30 22:49:54 | 00,001,344 | ---- | M] () -- C:\Users\Jacqui\AppData\Roaming\Mozilla\Firefox\Profiles\sqs4detl.default\searchplugins\epicurious.xml
[2008/11/30 22:47:16 | 00,001,504 | ---- | M] () -- C:\Users\Jacqui\AppData\Roaming\Mozilla\Firefox\Profiles\sqs4detl.default\searchplugins\imdb.xml
[2009/08/04 23:36:51 | 00,001,620 | ---- | M] () -- C:\Users\Jacqui\AppData\Roaming\Mozilla\Firefox\Profiles\sqs4detl.default\searchplugins\mozilla-add-ons.xml
[2008/12/03 22:13:56 | 00,002,109 | ---- | M] () -- C:\Users\Jacqui\AppData\Roaming\Mozilla\Firefox\Profiles\sqs4detl.default\searchplugins\youtube-video-search.xml
[2010/01/06 23:10:31 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/02/07 20:46:12 | 00,087,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2008/02/07 20:46:20 | 00,091,448 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2008/02/07 20:46:16 | 00,021,824 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2007/03/16 16:27:00 | 00,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
[2007/03/16 16:27:00 | 00,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
[2007/03/16 16:27:00 | 00,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
[2008/02/07 20:48:26 | 00,419,136 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2008/02/07 20:46:12 | 00,024,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
[2010/01/07 20:06:48 | 00,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: (736 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Samsung Common SM] C:\Windows\Samsung\ComSMMgr\ssmmgr.exe File not found
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/10 11:32:46 | 00,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2008/06/02 17:46:54 | 00,000,049 | -HS- | M] () - S:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{89ba03cf-a3a3-11dd-93ab-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{89ba03cf-a3a3-11dd-93ab-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2008/07/21 11:09:40 | 00,262,144 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{f06dc657-a39a-11dd-a6e7-001c2599054e}\Shell - "" = AutoRun
O33 - MountPoints2\{f06dc657-a39a-11dd-a6e7-001c2599054e}\Shell\AutoRun\command - "" = S:\LenovoSDrive.exe -- [2008/07/29 17:37:58 | 00,180,224 | -HS- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: BtwSrv - File not found
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 21:34:27 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/01/07 22:38:48 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Jacqui\Desktop\OTL.exe
[2010/01/06 22:28:08 | 00,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2010/01/06 21:31:36 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/01/06 21:29:48 | 00,000,000 | ---D | C] -- C:\Users\Jacqui\AppData\Roaming\SUPERAntiSpyware.com
[2010/01/06 21:29:48 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/06 21:28:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/06 21:26:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/01/06 21:26:23 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/01/06 21:26:23 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/01/06 20:53:13 | 00,000,000 | ---D | C] -- C:\Users\Jacqui\AppData\Roaming\Malwarebytes
[2010/01/06 20:53:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/06 20:53:03 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/06 20:53:03 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/06 20:53:03 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/06 20:51:47 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/01/06 20:51:22 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/06 20:41:06 | 04,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jacqui\Desktop\mbam-setup.exe
[2010/01/06 20:40:42 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Users\Jacqui\Desktop\SysRestorePoint.exe
[2010/01/06 20:40:27 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Jacqui\Desktop\erunt_setup.exe
[2010/01/06 20:40:13 | 00,410,624 | ---- | C] (OldTimer Tools) -- C:\Users\Jacqui\Desktop\TFC.exe

========== Files - Modified Within 14 Days ==========

[2010/01/07 22:43:00 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FB23E694-9CD4-4248-8A1C-0C173EFDD2D6}.job
[2010/01/07 22:43:00 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2010/01/07 22:39:57 | 01,835,008 | -HS- | M] () -- C:\Users\Jacqui\ntuser.dat
[2010/01/07 22:27:01 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/07 22:27:00 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/07 22:27:00 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/07 22:26:33 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/07 22:26:29 | 26,256,62976 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/07 22:25:25 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/01/07 22:25:15 | 00,524,288 | -HS- | M] () -- C:\Users\Jacqui\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/07 22:25:15 | 00,065,536 | -HS- | M] () -- C:\Users\Jacqui\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/07 22:25:06 | 07,436,444 | -H-- | M] () -- C:\Users\Jacqui\AppData\Local\IconCache.db
[2010/01/07 21:46:01 | 00,000,256 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2010/01/06 22:28:08 | 00,001,764 | ---- | M] () -- C:\Users\Jacqui\Desktop\Update Checker.lnk
[2010/01/06 21:29:52 | 00,000,912 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/06 20:53:09 | 00,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/06 20:51:23 | 00,000,743 | ---- | M] () -- C:\Users\Jacqui\Desktop\NTREGOPT.lnk
[2010/01/06 20:51:23 | 00,000,724 | ---- | M] () -- C:\Users\Jacqui\Desktop\ERUNT.lnk
[2010/01/04 08:39:44 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Jacqui\Desktop\OTL.exe
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/28 23:14:07 | 00,814,406 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/28 23:14:07 | 00,681,770 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/28 23:14:07 | 00,135,740 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/28 21:44:25 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/12/28 21:44:25 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2009/12/28 21:44:25 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2009/12/28 21:44:25 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2009/12/28 20:12:01 | 00,010,752 | ---- | M] () -- C:\Users\Jacqui\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/28 20:03:27 | 00,425,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/12/28 17:52:20 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/12/28 17:10:20 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Jacqui\Desktop\erunt_setup.exe
[2009/12/28 17:10:06 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Users\Jacqui\Desktop\SysRestorePoint.exe
[2009/12/28 17:09:32 | 00,410,624 | ---- | M] (OldTimer Tools) -- C:\Users\Jacqui\Desktop\TFC.exe
[2009/12/28 12:11:16 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jacqui\Desktop\mbam-setup.exe

========== Files Created - No Company Name ==========

[2010/01/07 22:35:53 | 00,293,376 | ---- | C] () -- C:\Users\Jacqui\Desktop\gmer.exe
[2010/01/06 22:28:08 | 00,001,764 | ---- | C] () -- C:\Users\Jacqui\Desktop\Update Checker.lnk
[2010/01/06 21:29:52 | 00,000,912 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/06 20:53:09 | 00,000,828 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/06 20:51:23 | 00,000,743 | ---- | C] () -- C:\Users\Jacqui\Desktop\NTREGOPT.lnk
[2010/01/06 20:51:23 | 00,000,724 | ---- | C] () -- C:\Users\Jacqui\Desktop\ERUNT.lnk
[2009/12/28 17:52:20 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/28 17:45:17 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/12/28 17:45:17 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2009/12/28 17:45:16 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2009/12/28 17:45:14 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2009/12/28 17:45:10 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2009/12/28 17:42:01 | 26,256,62976 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/14 23:25:09 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/03 20:45:21 | 00,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/12/03 20:45:21 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/11/11 01:07:35 | 00,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/11 01:07:35 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/11/11 01:06:23 | 00,000,036 | -H-- | C] () -- C:\Windows\System32\swk.ini
[2009/09/17 19:00:24 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/12 22:53:40 | 00,001,356 | ---- | C] () -- C:\Users\Jacqui\AppData\Local\d3d9caps.dat
[2008/10/31 21:32:08 | 00,010,752 | ---- | C] () -- C:\Users\Jacqui\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/26 16:52:46 | 00,012,080 | ---- | C] () -- C:\Windows\System32\drivers\tppwr32v.sys
[2008/10/26 16:49:28 | 00,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2008/10/26 16:49:28 | 00,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2008/10/26 16:46:30 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/10/26 16:46:30 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/10/26 16:46:30 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/10/26 16:46:30 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/10/26 16:46:30 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/10/26 16:46:30 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/10/26 16:34:42 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/04/11 02:59:06 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/11/14 15:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2008/12/26 21:33:26 | 00,000,000 | ---D | M] -- C:\Users\Jacqui\AppData\Roaming\AD ON Multimedia
[2009/07/31 20:59:15 | 00,000,000 | ---D | M] -- C:\Users\Jacqui\AppData\Roaming\ICAClient
[2009/01/10 16:07:49 | 00,000,000 | ---D | M] -- C:\Users\Jacqui\AppData\Roaming\Juniper Networks
[2008/11/15 23:18:37 | 00,000,000 | ---D | M] -- C:\Users\Jacqui\AppData\Roaming\Leadertech
[2008/10/31 21:32:26 | 00,000,000 | ---D | M] -- C:\Users\Jacqui\AppData\Roaming\Lenovo
[2010/01/06 20:28:34 | 00,000,000 | ---D | M] -- C:\Users\Jacqui\AppData\Roaming\uTorrent
[2009/12/28 21:44:25 | 00,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 1).job
[2010/01/07 22:43:00 | 00,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 2).job
[2009/12/28 21:44:25 | 00,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 3).job
[2009/12/28 21:44:25 | 00,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 4).job
[2009/12/28 21:44:25 | 00,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/01/07 21:46:01 | 00,000,256 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
[2010/01/07 22:25:24 | 00,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/01/07 22:43:00 | 00,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{FB23E694-9CD4-4248-8A1C-0C173EFDD2D6}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\agp440.sys
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2008/07/22 01:33:02 | 00,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:\DRIVERS\other\IaStor.sys
[2008/07/22 01:33:02 | 00,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:\SWTOOLS\DRIVERS\IMSM\IaStor.sys
[2008/07/22 01:33:02 | 00,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:\Windows\System32\drivers\iaStor.sys
[2008/07/22 01:33:02 | 00,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_783fb8da\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 21:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 21:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 01:27:47 | 00,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:23 | 00,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

Extras.txt:
OTL logfile created on: 1/7/2010 10:40:08 PM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\Jacqui\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.65 Gb Total Space | 147.35 Gb Free Space | 66.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.97 Gb Total Space | 1.39 Gb Free Space | 70.69% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 9.77 Gb Total Space | 3.38 Gb Free Space | 34.57% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.69 Gb Free Space | 47.14% Space Free | Partition Type: NTFS

Computer Name: JACQUI-PC
Current User Name: Jacqui
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/07 22:27:11 | 00,062,760 | ---- | M] () -- c:\Program Files\tbh\base\bin\tbhDaemon.exe
PRC - [2010/01/04 08:39:44 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Jacqui\Desktop\OTL.exe
PRC - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/24 18:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/10/22 13:57:44 | 00,070,952 | ---- | M] () -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
PRC - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/04/11 01:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 01:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/09/25 02:36:00 | 00,066,848 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2008/09/19 15:28:14 | 00,700,416 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2008/08/07 14:23:34 | 00,558,368 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2008/08/07 14:23:18 | 00,238,880 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2008/05/29 03:10:56 | 02,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2008/05/29 03:10:48 | 00,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2008/05/24 18:31:24 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2008/05/24 18:17:54 | 00,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2008/05/14 18:21:16 | 00,037,416 | ---- | M] (Lenovo.) -- C:\Windows\System32\TPHDEXLG.exe
PRC - [2008/05/05 22:35:22 | 00,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/05/05 22:06:30 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/03/26 20:45:12 | 00,058,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2008/01/20 21:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/20 21:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/11 19:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/11/21 04:08:56 | 00,820,520 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/11/21 03:55:28 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2007/09/10 23:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/01/04 08:39:44 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Jacqui\Desktop\OTL.exe
MOD - [2009/12/08 13:12:24 | 00,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/04/11 01:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/22 13:57:44 | 00,070,952 | ---- | M] () [Auto | Running] -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe)
SRV - [2009/09/24 20:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/13 19:46:08 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 21:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/20 10:36:40 | 00,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/09/25 02:36:00 | 00,066,848 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2008/09/19 15:28:14 | 00,700,416 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2008/08/08 15:37:04 | 00,041,248 | ---- | M] (Lenovo) [Disabled | Stopped] -- C:\Windows\System32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2008/08/07 14:23:18 | 00,238,880 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2008/08/07 14:23:16 | 00,116,000 | ---- | M] (Lenovo) [Disabled | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2008/06/13 19:42:54 | 00,779,576 | ---- | M] (Lenovo) [Disabled | Stopped] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2008/06/13 19:29:44 | 00,746,808 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2008/05/29 03:10:56 | 02,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel®
SRV - [2008/05/29 03:10:48 | 00,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®
SRV - [2008/05/24 18:49:32 | 01,155,072 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2008/05/24 18:31:24 | 00,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2008/05/24 18:17:54 | 00,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/05/24 17:28:20 | 00,253,952 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2008/05/14 18:21:16 | 00,037,416 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\System32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2008/05/05 22:35:22 | 00,815,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/05/05 22:06:30 | 00,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/04/25 10:15:24 | 01,120,752 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/03/26 20:45:12 | 00,058,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2008/03/24 09:35:22 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2008/03/17 12:32:08 | 00,518,696 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2008/01/20 21:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 19:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/10/18 01:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Disabled | Stopped] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/09/10 23:45:04 | 00,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/01/04 21:48:52 | 00,112,152 | R--- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 16:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/16 02:17:18 | 00,276,000 | ---- | M] (Pure Networks, Inc.) [Disabled | Stopped] -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -- (nmservice)
SRV - [2004/10/22 05:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: [email protected]:5.5
FF - prefs.js..extensions.enabledItems: craigslistimagepreviewext@craigstoolbox:3.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.35
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.16601.2
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{1B50C348-D2A2-4A96-85E2-90BC7E77E01F}: C:\Windows\system32\config\systemprofile\AppData\Local\{1B50C348-D2A2-4A96-85E2-90BC7E77E01F}\ [2009/12/24 17:55:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/01/06 21:31:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/07 20:05:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/07 20:05:01 | 00,000,000 | ---D | M]

[2008/11/09 16:56:21 | 00,000,000 | ---D | M] -- C:\Users\Jacqui\AppData\Roaming\Mozilla\Extensions
[2010/01/07 20:06:43 | 00,000,000 | ---D | M] -- C:\Users\Jacqui\AppData\Roaming\Mozilla\Firefox\Profiles\sqs4detl.default\extensions
[2010/01/06 21:20:37 | 00,000,000 | ---D | M] (NoScript) -- C:\Users\Jacqui\AppData\Roaming\Mozilla\Firefox\Profiles\sqs4detl.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/04/21 19:19:16 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Jacqui\AppData\Roaming\Mozilla\Firefox\Profiles\sqs4detl.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/08/04 23:28:41 | 00,000,000 | ---D | M] -- C:\Users\Jacqui\AppData\Roaming\Mozilla\Firefox\Profiles\sqs4detl.default\extensions\[email protected]
[2010/01/07 20:06:41 | 00,000,000 | ---D | M] -- C:\Users\Jacqui\AppData\Roaming\Mozilla\Firefox\Profiles\sqs4detl.default\extensions\[email protected]
[2008/12/16 22:29:27 | 00,000,000 | ---D | M] -- C:\Users\Jacqui\AppData\Roaming\Mozilla\Firefox\Profiles\sqs4detl.default\extensions\craigslistimagepreviewext@craigstoolbox
[2008/12/25 10:40:25 | 00,000,000 | ---D | M] -- C:\Users\Jacqui\AppData\Roaming\Mozilla\Firefox\Profiles\sqs4detl.default\extensions\[email protected]
[2008/11/30 22:49:54 | 00,001,344 | ---- | M] () -- C:\Users\Jacqui\AppData\Roaming\Mozilla\Firefox\Profiles\sqs4detl.default\searchplugins\epicurious.xml
[2008/11/30 22:47:16 | 00,001,504 | ---- | M] () -- C:\Users\Jacqui\AppData\Roaming\Mozilla\Firefox\Profiles\sqs4detl.default\searchplugins\imdb.xml
[2009/08/04 23:36:51 | 00,001,620 | ---- | M] () -- C:\Users\Jacqui\AppData\Roaming\Mozilla\Firefox\Profiles\sqs4detl.default\searchplugins\mozilla-add-ons.xml
[2008/12/03 22:13:56 | 00,002,109 | ---- | M] () -- C:\Users\Jacqui\AppData\Roaming\Mozilla\Firefox\Profiles\sqs4detl.default\searchplugins\youtube-video-search.xml
[2010/01/06 23:10:31 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/02/07 20:46:12 | 00,087,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2008/02/07 20:46:20 | 00,091,448 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2008/02/07 20:46:16 | 00,021,824 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2007/03/16 16:27:00 | 00,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
[2007/03/16 16:27:00 | 00,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
[2007/03/16 16:27:00 | 00,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
[2008/02/07 20:48:26 | 00,419,136 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2008/02/07 20:46:12 | 00,024,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
[2010/01/07 20:06:48 | 00,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: (736 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Samsung Common SM] C:\Windows\Samsung\ComSMMgr\ssmmgr.exe File not found
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/10 11:32:46 | 00,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2008/06/02 17:46:54 | 00,000,049 | -HS- | M] () - S:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{89ba03cf-a3a3-11dd-93ab-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{89ba03cf-a3a3-11dd-93ab-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2008/07/21 11:09:40 | 00,262,144 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{f06dc657-a39a-11dd-a6e7-001c2599054e}\Shell - "" = AutoRun
O33 - MountPoints2\{f06dc657-a39a-11dd-a6e7-001c2599054e}\Shell\AutoRun\command - "" = S:\LenovoSDrive.exe -- [2008/07/29 17:37:58 | 00,180,224 | -HS- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: BtwSrv - File not found
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 21:34:27 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/01/07 22:38:48 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Jacqui\Desktop\OTL.exe
[2010/01/06 22:28:08 | 00,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2010/01/06 21:31:36 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/01/06 21:29:48 | 00,000,000 | ---D | C] -- C:\Users\Jacqui\AppData\Roaming\SUPERAntiSpyware.com
[2010/01/06 21:29:48 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/06 21:28:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/06 21:26:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/01/06 21:26:23 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/01/06 21:26:23 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/01/06 20:53:13 | 00,000,000 | ---D | C] -- C:\Users\Jacqui\AppData\Roaming\Malwarebytes
[2010/01/06 20:53:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/06 20:53:03 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/06 20:53:03 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/06 20:53:03 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/06 20:51:47 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/01/06 20:51:22 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/06 20:41:06 | 04,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jacqui\Desktop\mbam-setup.exe
[2010/01/06 20:40:42 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Users\Jacqui\Desktop\SysRestorePoint.exe
[2010/01/06 20:40:27 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Jacqui\Desktop\erunt_setup.exe
[2010/01/06 20:40:13 | 00,410,624 | ---- | C] (OldTimer Tools) -- C:\Users\Jacqui\Desktop\TFC.exe

========== Files - Modified Within 14 Days ==========

[2010/01/07 22:43:00 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FB23E694-9CD4-4248-8A1C-0C173EFDD2D6}.job
[2010/01/07 22:43:00 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2010/01/07 22:39:57 | 01,835,008 | -HS- | M] () -- C:\Users\Jacqui\ntuser.dat
[2010/01/07 22:27:01 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/07 22:27:00 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/07 22:27:00 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/07 22:26:33 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/07 22:26:29 | 26,256,62976 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/07 22:25:25 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/01/07 22:25:15 | 00,524,288 | -HS- | M] () -- C:\Users\Jacqui\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/07 22:25:15 | 00,065,536 | -HS- | M] () -- C:\Users\Jacqui\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/07 22:25:06 | 07,436,444 | -H-- | M] () -- C:\Users\Jacqui\AppData\Local\IconCache.db
[2010/01/07 21:46:01 | 00,000,256 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2010/01/06 22:28:08 | 00,001,764 | ---- | M] () -- C:\Users\Jacqui\Desktop\Update Checker.lnk
[2010/01/06 21:29:52 | 00,000,912 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/06 20:53:09 | 00,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/06 20:51:23 | 00,000,743 | ---- | M] () -- C:\Users\Jacqui\Desktop\NTREGOPT.lnk
[2010/01/06 20:51:23 | 00,000,724 | ---- | M] () -- C:\Users\Jacqui\Desktop\ERUNT.lnk
[2010/01/04 08:39:44 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Jacqui\Desktop\OTL.exe
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/28 23:14:07 | 00,814,406 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/28 23:14:07 | 00,681,770 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/28 23:14:07 | 00,135,740 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/28 21:44:25 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/12/28 21:44:25 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2009/12/28 21:44:25 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2009/12/28 21:44:25 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2009/12/28 20:12:01 | 00,010,752 | ---- | M] () -- C:\Users\Jacqui\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/28 20:03:27 | 00,425,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/12/28 17:52:20 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/12/28 17:10:20 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Jacqui\Desktop\erunt_setup.exe
[2009/12/28 17:10:06 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Users\Jacqui\Desktop\SysRestorePoint.exe
[2009/12/28 17:09:32 | 00,410,624 | ---- | M] (OldTimer Tools) -- C:\Users\Jacqui\Desktop\TFC.exe
[2009/12/28 12:11:16 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jacqui\Desktop\mbam-setup.exe

========== Files Created - No Company Name ==========

[2010/01/07 22:35:53 | 00,293,376 | ---- | C] () -- C:\Users\Jacqui\Desktop\gmer.exe
[2010/01/06 22:28:08 | 00,001,764 | ---- | C] () -- C:\Users\Jacqui\Desktop\Update Checker.lnk
[2010/01/06 21:29:52 | 00,000,912 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/06 20:53:09 | 00,000,828 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/06 20:51:23 | 00,000,743 | ---- | C] () -- C:\Users\Jacqui\Desktop\NTREGOPT.lnk
[2010/01/06 20:51:23 | 00,000,724 | ---- | C] () -- C:\Users\Jacqui\Desktop\ERUNT.lnk
[2009/12/28 17:52:20 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/28 17:45:17 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/12/28 17:45:17 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2009/12/28 17:45:16 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2009/12/28 17:45:14 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2009/12/28 17:45:10 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2009/12/28 17:42:01 | 26,256,62976 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/14 23:25:09 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/03 20:45:21 | 00,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/12/03 20:45:21 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/11/11 01:07:35 | 00,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/11 01:07:35 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/11/11 01:06:23 | 00,000,036 | -H-- | C] () -- C:\Windows\System32\swk.ini
[2009/09/17 19:00:24 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/12 22:53:40 | 00,001,356 | ---- | C] () -- C:\Users\Jacqui\AppData\Local\d3d9caps.dat
[2008/10/31 21:32:08 | 00,010,752 | ---- | C] () -- C:\Users\Jacqui\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/26 16:52:46 | 00,012,080 | ---- | C] () -- C:\Windows\System32\drivers\tppwr32v.sys
[2008/10/26 16:49:28 | 00,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2008/10/26 16:49:28 | 00,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2008/10/26 16:46:30 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/10/26 16:46:30 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/10/26 16:46:30 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/10/26 16:46:30 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/10/26 16:46:30 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/10/26 16:46:30 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/10/26 16:34:42 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/04/11 02:59:06 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/11/14 15:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2008/12/26 21:33:26 | 00,000,000 | ---D | M] -- C:\Users\Jacqui\AppData\Roaming\AD ON Multimedia
[2009/07/31 20:59:15 | 00,000,000 | ---D | M] -- C:\Users\Jacqui\AppData\Roaming\ICAClient
[2009/01/10 16:07:49 | 00,000,000 | ---D | M] -- C:\Users\Jacqui\AppData\Roaming\Juniper Networks
[2008/11/15 23:18:37 | 00,000,000 | ---D | M] -- C:\Users\Jacqui\AppData\Roaming\Leadertech
[2008/10/31 21:32:26 | 00,000,000 | ---D | M] -- C:\Users\Jacqui\AppData\Roaming\Lenovo
[2010/01/06 20:28:34 | 00,000,000 | ---D | M] -- C:\Users\Jacqui\AppData\Roaming\uTorrent
[2009/12/28 21:44:25 | 00,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 1).job
[2010/01/07 22:43:00 | 00,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 2).job
[2009/12/28 21:44:25 | 00,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 3).job
[2009/12/28 21:44:25 | 00,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 4).job
[2009/12/28 21:44:25 | 00,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/01/07 21:46:01 | 00,000,256 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
[2010/01/07 22:25:24 | 00,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/01/07 22:43:00 | 00,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{FB23E694-9CD4-4248-8A1C-0C173EFDD2D6}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\agp440.sys
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2008/07/22 01:33:02 | 00,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:\DRIVERS\other\IaStor.sys
[2008/07/22 01:33:02 | 00,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:\SWTOOLS\DRIVERS\IMSM\IaStor.sys
[2008/07/22 01:33:02 | 00,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:\Windows\System32\drivers\iaStor.sys
[2008/07/22 01:33:02 | 00,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_783fb8da\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 21:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 21:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 01:27:47 | 00,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:23 | 00,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

Edited by Rorschach112, 08 January 2010 - 08:35 AM.