Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Infected...issues

Started by Helplesswonder, Mar 09 2012 08:22 PM

Wireless connection lost csc.sys

Next
»

This topic is locked

99 replies to this topic

#1 Helplesswonder

Regular Member

Honorary Members
54 posts

Gender:Male

Posted 09 March 2012 - 08:22 PM

Hi,

I had/was in the process of removing outdated McAfee and other spyware/malware/antivirus software to replace with Microsoft Security Essentials. While in Firefox, kept getting redirected to some malware (forgot the name of it). Have had issues getting firewall back up and fixing registry issues. MSE scan revealed multiple infections including Trojan sifref.B. Despite being a novice at this, I thought I had everything fixed up last night after following multiple threads, but I was wrong...sfc /scannow stops at 68%, firewall back down, wireless connection fails to connect (ipconfig shows media disconnected - reinstalled driver, but didn't help) ...mbam quick scan revealed no malicious items detected...any help is greatly appreciated.

AJ

Attached Files

Attach.txt 130.65KB 13 downloads
DDS.txt 19.33KB 11 downloads

Back to top

#2 Elise

Forum Deity

Experts
8,720 posts

Gender:Female
Location:Romania

Posted 10 March 2012 - 06:18 AM

Hello and

COMBOFIX
---------------
Please download ComboFix from one of these locations:

Bleepingcomputer

ForoSpyware

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
Double click on Combofix.exe and follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Back to top

#3 Helplesswonder

Regular Member

Honorary Members
54 posts

Gender:Male

Posted 10 March 2012 - 11:05 AM

Thanks, Elise. Quick question, how long does Combofix typically take? I made sure to disable Antivirus/Antispyware, the firewall and Windows defender were already off, and I haven't touched the computer since the scan started but it has been going for quite a while. Just wanted to make sure it is not stalling or getting hung up on something...I remember running Microsoft Antimalware two days ago and it was getting hung up on a bunch of temp files.

Thanks,
AJ

Back to top

#4 Elise

Forum Deity

Experts
8,720 posts

Gender:Female
Location:Romania

Posted 10 March 2012 - 12:08 PM

It can take up to half an hour all in all, but shouldn't take longer than that. If it happens and seems to hang, manually reboot your computer in Safe Mode and try to run it from there.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Back to top

#5 Helplesswonder

Regular Member

Honorary Members
54 posts

Gender:Male

Posted 11 March 2012 - 10:19 AM

Finally got ComboFix to go in Safe Mode and the following message popped up "ComboFix has detected the presence of rootkit activity and needs to reboot the machine" - Do I go ahead and click ok? Is there anything I need to do beforehand?

Back to top

#6 Elise

Forum Deity

Experts
8,720 posts

Gender:Female
Location:Romania

Posted 11 March 2012 - 10:40 AM

Yes, click OK there (you might get more than one such message).

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Back to top

#7 Helplesswonder

Regular Member

Honorary Members
54 posts

Gender:Male

Posted 11 March 2012 - 11:43 AM

OK...got the Rootkit.ZeroAccess! message. It is rebooting again so I will let you know what happens...

Back to top

#8 Elise

Forum Deity

Experts
8,720 posts

Gender:Female
Location:Romania

Posted 11 March 2012 - 12:00 PM

Okay, keep me posted.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Back to top

#9 Helplesswonder

Regular Member

Honorary Members
54 posts

Gender:Male

Posted 11 March 2012 - 12:25 PM

The same messages keep coming up with each reboot - Rootkit (need to reboot) then Rootkit.ZeroAccess, Rootkit (need to reboot) then Rootkit (need to reboot), etc. Is it going to keep cycling like this?

Back to top

#10 Elise

Forum Deity

Experts
8,720 posts

Gender:Female
Location:Romania

Posted 11 March 2012 - 12:33 PM

This can take two reboots, but nor more than that. If it doesn't stop try to boot in Safe Mode, or try to exit combofix manually.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Back to top

#11 Helplesswonder

Regular Member

Honorary Members
54 posts

Gender:Male

Posted 11 March 2012 - 12:59 PM

Each time I run it it just tells me there is the rootkit and wants to reboot, even in SafeMode.

Back to top

#12 Elise

Forum Deity

Experts
8,720 posts

Gender:Female
Location:Romania

Posted 11 March 2012 - 02:03 PM

Can you manually exit it (bring up the taskmanager and stop the application).

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Back to top

#13 Helplesswonder

Regular Member

Honorary Members
54 posts

Gender:Male

Posted 11 March 2012 - 02:25 PM

Yes. I can stop it manually but I am having difficulty locating combofix.txt

Back to top

#14 Elise

Forum Deity

Experts
8,720 posts

Gender:Female
Location:Romania

Posted 11 March 2012 - 02:45 PM

No need for that. Can you try to run it once more (if it loops again, stop it manually and let me know).

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Back to top

#15 Helplesswonder

Regular Member

Honorary Members
54 posts

Gender:Male

Posted 11 March 2012 - 02:59 PM

Ran Combofix again and got same cycle...

Back to top

#16 Elise

Forum Deity

Experts
8,720 posts

Gender:Female
Location:Romania

Posted 11 March 2012 - 03:05 PM

Can you please rerun DDS and post me a new dds.txt log?

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Back to top

#17 Helplesswonder

Regular Member

Honorary Members
54 posts

Gender:Male

Posted 11 March 2012 - 03:19 PM

New DDS log

.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Administrator at 16:11:24 on 2012-03-11
Microsoft® Windows Vista™ Enterprise 6.0.6002.2.1252.1.1033.18.2519.1985 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k LocalService
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.unc.edu
mSearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - c:\windows\system32\CbFsMntNtf3.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [CameraApplicationLauncher] c:\program files\lenovo\camera center\bin\CameraApplicationLaunchpadLauncher.exe
mRun: [RoxioDragToDisc] "c:\program files\lenovo\drag-to-disc\DrgToDsc.exe"
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SKDaemon.exe] c:\program files\lenovo\productivity keyboard\SKDaemon.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{21e247d4-5e27-4bea-aa4d-19a81203fe2a}\Icon3E5562ED7.ico
uPolicies-explorer: RestrictWelcomeCenter = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
dPolicies-explorer: RestrictWelcomeCenter = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://gateway.tucsonortho.com/XTSAC.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://nccn.webex.com/client/T27LB/event/ieatgpc1.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AfsLogon - c:\program files\openafs\client\program\afslogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - c:\windows\system32\CbFsMntNtf3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2011-11-22 293904]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-19 13480]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-28 48192]
S2 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2008-8-14 102400]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2008-8-15 1664248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2008-10-12 66848]
S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]
S2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-6-29 58736]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-6-6 520192]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-28 253952]
S2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2008-10-12 2058776]
S3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\RCUVCMNP.sys [2009-9-10 186624]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2008-10-12 3881472]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2008-10-12 54784]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-8-15 480640]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-8-14 220152]
S3 intelkmd;intelkmd;c:\windows\system32\drivers\igdkmd32.sys [2008-10-12 2381312]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-6-26 3662848]
S3 NETwNv32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwNv32.sys [2010-10-31 6959616]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-12-18 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-18 174720]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2008-3-24 15744]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
.
=============== Created Last 30 ================
.
2012-03-11 19:57:07 -------- d-s---w- C:\Combo-Fix4490C
2012-03-11 19:47:03 -------- d-s---w- C:\Combo-Fix19742C
2012-03-11 19:13:47 -------- d-s---w- C:\Combo-Fix26754C
2012-03-11 17:33:15 -------- d-s---w- C:\Combo-Fix19626C
2012-03-11 17:16:58 -------- d-s---w- C:\Combo-Fix10075C
2012-03-11 17:04:29 -------- d-s---w- C:\Combo-Fix16208C
2012-03-11 16:53:45 -------- d-----w- c:\users\administrator\appdata\local\Apple
2012-03-11 16:46:54 -------- d-s---w- C:\Combo-Fix549C
2012-03-11 16:33:19 -------- d-s---w- C:\Combo-Fix32339C
2012-03-10 20:31:41 -------- d-s---w- C:\Combo-Fix6550C
2012-03-10 19:26:13 -------- d-s---w- C:\Combo-Fix
2012-03-10 18:44:59 -------- d-----w- c:\program files\CCleaner
2012-03-09 23:06:01 6552120 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{017f57a1-5408-4ec0-92b7-6d854e3a0b04}\mpengine.dll
2012-03-09 22:48:43 -------- d-----w- c:\programdata\Malwarebytes
2012-03-09 21:47:52 98816 ----a-w- c:\windows\sed.exe
2012-03-09 21:47:52 518144 ----a-w- c:\windows\SWREG.exe
2012-03-09 21:47:52 256000 ----a-w- c:\windows\PEV.exe
2012-03-09 21:47:52 208896 ----a-w- c:\windows\MBR.exe
2012-03-09 21:43:22 -------- d-----w- c:\program files\Smart Registry Cleaner
2012-03-09 20:48:16 -------- d-----w- C:\FRST
2012-03-09 00:33:57 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{97ea1902-a9d5-4412-adca-88c1208c5733}\gapaengine.dll
2012-03-08 16:35:56 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-08 12:23:04 -------- d-----w- c:\programdata\SpeedyPC Software
2012-03-08 01:54:38 -------- d-----w- c:\programdata\Symantec
2012-03-08 01:54:38 -------- d-----w- c:\program files\common files\Symantec Shared
2012-03-07 14:14:24 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-03-07 12:00:27 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-03-07 12:00:26 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-03-07 11:53:54 -------- d-----w- c:\program files\Windows Portable Devices
2012-03-07 04:48:09 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-03-07 04:48:07 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-03-07 04:48:06 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-03-07 04:35:32 675152 ----a-w- c:\windows\system32\gpprefcl.dll
2012-03-07 03:37:32 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2012-03-07 03:37:31 471552 ----a-w- c:\windows\system32\secproc.dll
2012-03-07 03:37:30 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2012-03-07 03:37:30 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2012-03-07 03:37:29 518144 ----a-w- c:\windows\system32\RMActivate.exe
2012-03-07 03:37:29 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2012-03-07 03:37:28 332288 ----a-w- c:\windows\system32\msdrm.dll
2012-03-07 03:37:28 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2012-03-07 03:37:28 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2012-03-07 03:37:19 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-03-07 03:36:56 1696256 ----a-w- c:\windows\system32\gameux.dll
2012-03-07 03:36:54 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-03-07 03:36:54 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-03-07 03:36:31 797696 ----a-w- c:\windows\system32\FntCache.dll
2012-03-07 03:36:31 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-03-07 03:36:31 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-07 03:36:18 714240 ----a-w- c:\windows\system32\timedate.cpl
2012-03-07 03:32:01 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-03-07 03:27:44 310784 ----a-w- c:\windows\system32\unregmp2.exe
2012-03-07 03:27:44 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
2012-03-06 17:20:17 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-03-06 16:38:31 -------- d-----w- c:\programdata\F4D55F1703D82B4D01481C64570F1C55
2012-02-16 13:39:08 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 13:39:04 2044416 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2012-03-07 02:20:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 16:12:32.26 ===============

Back to top

#18 Elise

Forum Deity

Experts
8,720 posts

Gender:Female
Location:Romania

Posted 11 March 2012 - 03:22 PM

Hi again, it looks like the rootkit is gone.

How are things running at this point?

OTL
-----
Please download OTL from one of the following mirrors:

This is THE Mirror

Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Back to top

#19 Helplesswonder

Regular Member

Honorary Members
54 posts

Gender:Male

Posted 11 March 2012 - 04:10 PM

Things still run fine except the wireless connection - that is the only problem that I have really had throughout this process. There are a couple of Lenovo-related things that seem to have an issue during start-up after I log in (power manager, camera, and one other thing that I now have forgotten).

Here is the OTL report. I did not see extra report anywhere (not minimized or anything)...?

OTL logfile created on: 3/11/2012 4:54:39 PM - Run 3
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Administrator\Desktop
Windows Vista Enterprise Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.46 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 59.73% Memory free
5.13 Gb Paging File | 4.04 Gb Available in Paging File | 78.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 19.45 Gb Free Space | 20.87% Space Free | Partition Type: NTFS
Drive D: | 129.95 Gb Total Space | 110.05 Gb Free Space | 84.69% Space Free | Partition Type: NTFS
Drive H: | 499.72 Mb Total Space | 113.68 Mb Free Space | 22.75% Space Free | Partition Type: FAT

Computer Name: UNC-L3A8368 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/11 16:44:32 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/15 16:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/04/23 01:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009/11/17 13:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/15 02:22:38 | 001,664,248 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\AtService.exe
PRC - [2008/08/14 14:31:02 | 000,102,400 | ---- | M] () -- C:\Windows\System32\ADMonitor.exe
PRC - [2008/07/31 04:01:00 | 000,060,192 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2008/07/28 13:33:00 | 000,066,848 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2008/07/10 20:42:14 | 000,819,200 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/07/10 20:12:40 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/06/13 17:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2008/06/08 14:00:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2008/06/06 17:26:38 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2008/05/29 17:10:56 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2008/05/29 17:10:48 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2008/05/08 20:47:36 | 000,509,440 | ---- | M] (OpenAFS Project) -- C:\Program Files\OpenAFS\Client\Program\afsd_service.exe
PRC - [2008/04/25 03:38:34 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2008/03/26 21:45:12 | 000,058,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2008/03/24 01:41:22 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2008/03/23 21:15:04 | 000,068,464 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2008/01/20 22:23:08 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
PRC - [2007/03/13 09:05:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
PRC - [2007/02/28 19:38:18 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbucoms.exe
PRC - [2007/02/09 16:00:54 | 000,262,144 | ---- | M] (LITE-ON TECHNOLOGY CORP.) -- C:\Program Files\Lenovo\Productivity Keyboard\Skdaemon.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/07/28 13:33:00 | 000,028,672 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
MOD - [2008/05/08 20:52:44 | 000,040,960 | ---- | M] () -- C:\Program Files\OpenAFS\Client\Program\afs_shl_ext_1033.dll
MOD - [2007/06/18 16:28:44 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - [2012/02/10 17:50:36 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 16:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/17 13:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008/10/12 10:26:51 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/15 02:22:38 | 001,664,248 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\System32\AtService.exe -- (ATService)
SRV - [2008/08/14 14:31:02 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ADMonitor.exe -- (ADMonitor)
SRV - [2008/07/28 13:33:00 | 000,066,848 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2008/07/10 20:42:14 | 000,819,200 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/07/10 20:12:40 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/06/13 17:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2008/06/06 17:26:38 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/05/29 17:10:56 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel®
SRV - [2008/05/29 17:10:48 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®
SRV - [2008/05/28 14:15:18 | 000,253,952 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2008/05/24 15:52:50 | 000,032,768 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/05/08 20:47:36 | 000,509,440 | ---- | M] (OpenAFS Project) [Auto | Running] -- C:\Program Files\OpenAFS\Client\Program\afsd_service.exe -- (TransarcAFSDaemon)
SRV - [2008/03/26 21:45:12 | 000,058,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2008/01/20 22:23:07 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/28 19:38:18 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbucoms.exe -- (dlbu_device)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- -- (PMEM)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2011/10/14 20:39:50 | 000,293,904 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cbfs3.sys -- (cbfs3)
DRV - [2011/04/27 16:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 14:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/10/18 05:14:22 | 006,959,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNv32.sys -- (NETwNv32) ___ Intel®
DRV - [2010/06/17 04:37:30 | 000,467,072 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/12/18 12:13:02 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2009/12/18 12:13:00 | 000,230,912 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/12/18 12:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2009/12/18 12:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/12/18 12:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2009/11/17 13:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/09/10 02:17:36 | 000,186,624 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RCUVCMNP.sys -- (5U875UVC)
DRV - [2009/08/14 21:18:24 | 000,220,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel®
DRV - [2009/04/11 00:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2008/11/16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/10/12 08:31:40 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2008/08/22 00:21:28 | 003,881,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/08/22 00:21:28 | 003,881,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2008/08/21 23:18:34 | 000,054,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2008/08/15 02:39:46 | 000,480,640 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/07/28 13:33:00 | 000,012,080 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2008/06/26 06:30:50 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/05/28 14:15:20 | 000,048,192 | ---- | M] (Lenovo) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008/05/14 16:21:16 | 000,114,728 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2008/05/14 16:21:16 | 000,019,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2008/05/12 05:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008/04/09 19:16:48 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/03/26 14:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/02/22 15:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2008/02/15 05:01:00 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/20 22:23:00 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/20 22:22:59 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/20 22:22:56 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/20 22:22:55 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2007/10/18 15:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/29 22:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/29 21:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/06/18 16:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/06/18 16:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/18 16:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/18 16:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/18 16:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/18 16:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/18 16:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/18 16:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/01/18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/02 03:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006/06/30 22:27:02 | 000,015,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmx_svga.sys -- (vmx_svga)
DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2776682

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-943858465-1166881987-3745741496-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.unc.edu
IE - HKU\S-1-5-21-943858465-1166881987-3745741496-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\UNC Support\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/12/18 08:44:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/01/12 13:41:59 | 000,000,000 | ---D | M]

[2012/03/06 23:56:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/27 11:56:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
[2011/07/07 07:54:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/08/23 09:59:27 | 000,175,416 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2011/07/07 07:54:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/24 17:59:55 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

Hosts file not found
O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe ()
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [SKDaemon.exe] C:\Program Files\Lenovo\Productivity Keyboard\Skdaemon.exe (LITE-ON TECHNOLOGY CORP.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictWelcomeCenter = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictWelcomeCenter = 0
O7 - HKU\S-1-5-21-943858465-1166881987-3745741496-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-943858465-1166881987-3745741496-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictWelcomeCenter = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://gateway.tucs...o.com/XTSAC.cab (XTSAC Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://nccn.webex.c...nt/ieatgpc1.cab (GpcContainer Class)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AfsLogon: DllName - (C:\Program Files\OpenAFS\Client\Program\afslogon.dll) - C:\Program Files\OpenAFS\Client\Program\afslogon.dll (OpenAFS Project)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O24 - Desktop WallPaper: C:\Program Files\UNC\wallpaper3_1024x768.jpg
O24 - Desktop BackupWallPaper: C:\Program Files\UNC\wallpaper3_1024x768.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/11 16:54:30 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/03/11 16:11:14 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\dds.com
[2012/03/11 15:57:07 | 000,000,000 | --SD | C] -- C:\Combo-Fix4490C
[2012/03/11 15:47:03 | 000,000,000 | --SD | C] -- C:\Combo-Fix19742C
[2012/03/11 15:13:47 | 000,000,000 | --SD | C] -- C:\Combo-Fix26754C
[2012/03/11 13:33:15 | 000,000,000 | --SD | C] -- C:\Combo-Fix19626C
[2012/03/11 13:16:58 | 000,000,000 | --SD | C] -- C:\Combo-Fix10075C
[2012/03/11 13:04:29 | 000,000,000 | --SD | C] -- C:\Combo-Fix16208C
[2012/03/11 12:53:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apple
[2012/03/11 12:46:54 | 000,000,000 | --SD | C] -- C:\Combo-Fix549C
[2012/03/11 12:33:19 | 000,000,000 | --SD | C] -- C:\Combo-Fix32339C
[2012/03/11 12:27:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2012/03/11 12:27:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Apple Computer
[2012/03/10 16:31:41 | 000,000,000 | --SD | C] -- C:\Combo-Fix6550C
[2012/03/10 16:31:12 | 004,432,490 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\Combo-Fix.exe
[2012/03/10 15:26:13 | 000,000,000 | --SD | C] -- C:\Combo-Fix
[2012/03/10 14:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/03/10 14:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/03/09 18:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/09 17:47:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/09 17:47:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/09 17:47:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/09 17:47:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/09 17:46:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/09 17:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\Smart Registry Cleaner
[2012/03/09 16:48:16 | 000,000,000 | ---D | C] -- C:\FRST
[2012/03/08 12:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/08 08:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/03/07 21:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/03/07 21:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012/03/07 10:14:24 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/03/07 08:00:27 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012/03/07 07:53:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012/03/07 00:48:09 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2012/03/07 00:48:07 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2012/03/07 00:48:06 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2012/03/07 00:46:24 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2012/03/07 00:46:24 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2012/03/07 00:46:11 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2012/03/07 00:46:09 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2012/03/07 00:46:09 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2012/03/07 00:46:08 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2012/03/07 00:46:08 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2012/03/07 00:46:08 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2012/03/07 00:46:08 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2012/03/07 00:46:08 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2012/03/07 00:46:07 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2012/03/07 00:46:07 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2012/03/07 00:35:32 | 000,675,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprefcl.dll
[2012/03/06 23:43:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2012/03/06 23:43:27 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2012/03/06 23:43:27 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2012/03/06 23:43:27 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2012/03/06 23:43:25 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2012/03/06 23:43:25 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2012/03/06 23:43:22 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2012/03/06 23:43:22 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2012/03/06 23:43:22 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2012/03/06 23:43:22 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2012/03/06 23:43:22 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2012/03/06 23:43:14 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2012/03/06 23:43:14 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2012/03/06 23:43:14 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2012/03/06 23:43:14 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2012/03/06 23:43:14 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2012/03/06 23:37:32 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2012/03/06 23:37:31 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2012/03/06 23:37:30 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2012/03/06 23:37:30 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2012/03/06 23:37:29 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2012/03/06 23:37:29 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2012/03/06 23:37:28 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2012/03/06 23:37:28 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2012/03/06 23:37:28 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2012/03/06 23:37:19 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012/03/06 23:36:56 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2012/03/06 23:36:54 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2012/03/06 23:36:54 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2012/03/06 23:36:31 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/06 23:36:31 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2012/03/06 23:36:18 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/03/06 23:27:44 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2012/03/06 22:35:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 1.0
[2012/03/06 22:35:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2012/03/06 13:20:17 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/03/06 12:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F1703D82B4D01481C64570F1C55
[2012/03/06 12:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2012/02/16 17:12:29 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/16 17:12:27 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/16 17:12:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/16 17:12:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/16 17:12:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/16 17:12:20 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/16 09:39:04 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/11 16:56:29 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/11 16:45:10 | 000,603,222 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/11 16:45:10 | 000,103,786 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/11 16:44:32 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/03/11 16:30:00 | 000,001,024 | ---- | M] () -- C:\Users\Administrator\.rnd
[2012/03/11 16:28:34 | 000,002,565 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2012/03/11 16:28:29 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/11 16:28:07 | 000,003,872 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/11 16:28:07 | 000,003,872 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/11 16:27:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/11 15:54:08 | 003,813,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/11 13:41:02 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/03/11 12:27:30 | 000,000,446 | RHS- | M] () -- C:\Users\Administrator\ntuser.pol
[2012/03/11 12:18:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-943858465-1166881987-3745741496-1000UA.job
[2012/03/10 16:30:23 | 000,004,234 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20120310_153017.reg
[2012/03/10 16:23:54 | 004,432,490 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\Combo-Fix.exe
[2012/03/10 15:23:04 | 000,370,124 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20120310_142246.reg
[2012/03/10 14:45:00 | 000,000,815 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/09 17:51:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\dds.com
[2012/03/09 15:18:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-943858465-1166881987-3745741496-1000Core.job
[2012/03/09 13:59:58 | 000,003,613 | ---- | M] () -- C:\WirelessDiagLog.csv
[2012/03/08 21:00:30 | 000,001,982 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/03/08 18:00:48 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/03/08 12:32:37 | 000,000,438 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/03/07 08:03:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/03/07 08:02:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/03/07 07:53:23 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012/03/07 07:53:04 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/03/06 22:33:12 | 004,718,592 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2012/03/06 22:33:12 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2012/03/06 22:33:11 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2012/03/06 22:20:55 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/11 12:27:30 | 000,000,446 | RHS- | C] () -- C:\Users\Administrator\ntuser.pol
[2012/03/10 16:30:20 | 000,004,234 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20120310_153017.reg
[2012/03/10 15:22:53 | 000,370,124 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20120310_142246.reg
[2012/03/10 14:45:00 | 000,000,815 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/09 17:47:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/09 17:47:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/09 17:47:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/09 17:47:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/09 17:47:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/08 15:09:14 | 000,003,613 | ---- | C] () -- C:\WirelessDiagLog.csv
[2012/03/08 12:36:03 | 000,001,819 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/07 08:03:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/03/07 08:02:45 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/03/07 08:00:41 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2012/03/07 07:53:23 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012/03/07 07:53:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/03/06 23:43:17 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2012/03/06 23:43:17 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2012/03/06 23:43:16 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2012/03/06 22:32:13 | 004,718,592 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2012/03/06 22:32:13 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2012/03/06 22:32:13 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2012/03/06 13:09:52 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/04/20 17:56:11 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Back to top

#20 Helplesswonder

Regular Member

Honorary Members
54 posts

Gender:Male

Posted 11 March 2012 - 04:31 PM

I see that I did not have the Extra box checked, here is the extra log:

OTL Extras logfile created on: 3/11/2012 5:13:08 PM - Run 3
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Administrator\Desktop
Windows Vista Enterprise Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.46 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 59.59% Memory free
5.13 Gb Paging File | 4.04 Gb Available in Paging File | 78.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 19.45 Gb Free Space | 20.87% Space Free | Partition Type: NTFS
Drive D: | 129.95 Gb Total Space | 110.05 Gb Free Space | 84.69% Space Free | Partition Type: NTFS

Computer Name: UNC-L3A8368 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-943858465-1166881987-3745741496-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05EDF0DF-E44F-49E2-925B-BEB35D33739E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1A310A9F-C7E4-497D-B11F-725174C24D8B}" = lport=49184 | protocol=6 | dir=in | name=akamai netsession interface |
"{2B8C8AF6-504E-493C-B499-B07961E688FF}" = lport=139 | protocol=6 | dir=in | app=system |
"{38B713DF-FA54-4BF2-A7BC-90CAB2940D04}" = rport=137 | protocol=17 | dir=out | app=system |
"{4EEC0614-5648-4DA3-8681-DFAB62405F16}" = lport=7001 | protocol=17 | dir=in | name=afs cachemanager callback (udp) |
"{51BDF62E-5EC2-4FD3-8675-C2C3A6FFAB63}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{58803614-1DFB-4DFC-948E-738DD438A5A7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{60E2E6D4-1B1B-4B65-A844-7761556F48C8}" = lport=7001 | protocol=6 | dir=in | name=afs cachemanager callback (tcp) |
"{7A90FAFD-1FB8-4F9B-B6E4-09E1CCB557DD}" = lport=445 | protocol=6 | dir=in | app=system |
"{81111B50-2491-4949-9FB3-73A17386A75A}" = rport=139 | protocol=6 | dir=out | app=system |
"{84090BC8-34F9-4798-8D0B-A36579C828F2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A62E599A-568D-4C07-B0A2-0B8DC0249119}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B4CA4685-0D06-4D96-98BC-4666EA322948}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B686F6CA-B858-40E1-9076-7F477AD90AFB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BA89E7A2-03CD-436E-8ECB-3BE36935B434}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BB0822B9-A518-4588-8C54-83DB9CBB625B}" = lport=138 | protocol=17 | dir=in | app=system |
"{BF875C0E-B717-4FDA-9CEC-A4EF2A8E9219}" = lport=137 | protocol=17 | dir=in | app=system |
"{C1892039-D3B0-4B20-98DF-3C9B6FE23E69}" = rport=138 | protocol=17 | dir=out | app=system |
"{C3E910F6-92EC-4EBD-B33D-A760BBB07205}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4B6AF94-3C27-42FF-B740-84DB46DBECFA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C4F257EB-2DC9-4E52-838A-D5BAEE2A11A7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D264E15F-9DA3-4DD5-8710-8A4811F647AC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D28AE4E4-C8DF-4672-8267-70564F3A44AB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D3846D6A-9B34-4A0F-8FD2-64C5E2C6C5A3}" = rport=445 | protocol=6 | dir=out | app=system |
"{DBB5D7A9-EAA7-4874-B948-B8C773F756B4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DE4D6701-3F5F-4FFA-9E9E-7CF6A7EF41BC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E076C182-1DF4-41E4-98AF-05738DCC9AD8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E1C50404-CD7C-4573-AE1E-C52D5CF5E857}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F3204C40-F1D8-4483-A9FB-2A96AF056A65}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F7C8D4B8-FE05-4B28-95AF-FF4B7ADAFC27}" = lport=2967 | protocol=6 | dir=in | name=symantec antivirus managed client (2967:tcp) |
"{FCCF25F7-E64C-49DB-B68B-E9B524148C4E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FDCEA647-9353-4EC8-BD62-57B9BE3EEDBE}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BC2AE1-6AC4-4F24-A773-FB646A3F61C0}" = protocol=58 | dir=out | name=core networking - time exceeded (icmpv6-out) |
"{092990BA-3AD5-4721-AABB-C372F0E74500}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0C338F4F-512F-45AA-88FC-8E7A33E081AB}" = protocol=6 | dir=in | app=c:\users\unc support\appdata\roaming\spotify\spotify.exe |
"{10685058-4ABB-4B99-BDDD-F99FACB69D52}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1BDC7ADF-89FE-4D71-A2FE-CB08A65E4D7E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1C93FBFF-1302-46FE-B387-06E5DC3AF8B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1D7E9D2B-84D0-41F7-AD4C-3239EF5E44E3}" = protocol=17 | dir=in | app=c:\users\unc support\appdata\roaming\spotify\spotify.exe |
"{25A75C48-7184-414D-9FAC-5E7AEAC780F8}" = protocol=58 | dir=out | name=@firewallapi.dll,-26079 |
"{2CDCBDFE-70D3-4556-BA06-88A502863CF6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{38D6B939-CF05-4D79-BDA0-6801F471BCDC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3B63C70B-CED4-42A3-96CD-17A72CC52BD2}" = protocol=58 | dir=out | name=core networking - parameter problem (icmpv6-out) |
"{422756A5-5CD5-4567-B239-F2EB805C8C22}" = protocol=58 | dir=in | name=@firewallapi.dll,-26078 |
"{43282351-628D-40E5-AD38-7E4BF304B30F}" = protocol=6 | dir=in | app=c:\users\unc support\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{4B976A8C-584D-4269-AEBD-FB6F23BF8EC1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{4BFA93FB-ECBF-4450-9DF6-005689251711}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5019479C-3E75-435A-9471-6D89BB8B64F0}" = protocol=1 | dir=in | name=@firewallapi.dll,-26043 |
"{55C4C8E7-3F00-4D85-9B36-CCA136928A56}" = protocol=1 | dir=out | name=@firewallapi.dll,-26009 |
"{55ED62BD-2BE4-4E8C-A2E2-2C3D4F8F9432}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{66EAB485-E9BA-4CDF-BBAB-C0A5E3CE286A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6BE2F405-6DD0-47E8-84BE-80BDAB9A9A92}" = protocol=1 | dir=out | name=@firewallapi.dll,-26058 |
"{6E120B79-41CA-4380-B24B-C031DC729AAE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6E3EDF23-E3FC-42D0-A7B6-99326BDB3693}" = protocol=6 | dir=in | app=c:\windows\system32\dlbucoms.exe |
"{73968552-673A-4A57-B1C7-CA9E3F18927A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{78C4AEFA-0CFD-4E63-AC53-5248B1D1752A}" = protocol=17 | dir=in | app=c:\users\unc support\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{7C6A236D-E2FF-4B6D-A2D0-42FC6AB95AAF}" = protocol=17 | dir=in | app=c:\windows\system32\dlbucoms.exe |
"{85FB45D3-C2B1-427E-86EB-AF5490A33F99}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{87776A88-1A42-4A20-B7E9-1505335DF5F5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{899D3530-5138-40E6-9DEF-BACD427B9CC5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{907FE3F0-5DE9-4213-90E2-7B9456113A80}" = protocol=1 | dir=in | name=@firewallapi.dll,-26137 |
"{92D50D4D-F935-44BD-8A37-3351F0F086CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9A372ABA-360F-4D1E-972F-F085E15C1FED}" = protocol=17 | dir=in | app=c:\users\unc support\appdata\local\akamai\netsession_win.exe |
"{9B0E6228-BF39-45D1-A252-18753A9191CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A0B4695B-1D77-4A81-8BFE-2C442A8E629C}" = protocol=6 | dir=out | app=system |
"{A81A81C6-39CE-4F48-B233-520E20720482}" = protocol=1 | dir=in | name=@firewallapi.dll,-26022 |
"{A9D6F93B-AB57-475C-B7DD-6F9BE862A759}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{AE2CB1F5-6D2E-4DE9-BEF8-82479E3EF0BE}" = protocol=6 | dir=in | app=c:\users\unc support\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{B93E28D7-28C5-4F1E-A331-0A89DBDD3AFD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{BCCC2E3F-6CBA-4022-97E5-596D9334CD2B}" = protocol=1 | dir=out | name=@firewallapi.dll,-26023 |
"{CB55DC56-5EBA-49DA-8774-67BA8A5AA646}" = protocol=58 | dir=in | name=@firewallapi.dll,-26142 |
"{CE82F308-3F19-488A-82EF-B9B50F4CC618}" = protocol=17 | dir=in | app=c:\users\unc support\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{D197B070-F556-4A38-9A2B-C34C9FA6FF68}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D7D61832-35A3-48A1-80F1-ED6EA33FC37D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D82B2357-FD07-4E3D-B2B1-5B9750E45A7E}" = protocol=1 | dir=in | name=@firewallapi.dll,-26134 |
"{DC28DAB0-FF02-457D-B3DB-53600D9C0278}" = protocol=58 | dir=out | name=@firewallapi.dll,-25111 |
"{DDFB66FA-99EB-487D-B0CB-E31D4A5C691B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DE56677B-98E7-4206-96F3-26939AD6075F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DE71BA1B-127A-40E9-8565-7FE039151EFF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DF2AFD45-BA2C-4AF5-99B0-BA8F7F59C561}" = protocol=1 | dir=out | name=@firewallapi.dll,-26037 |
"{E0B0FBB8-BF1D-4E53-92B3-29621611655A}" = protocol=1 | dir=in | name=@firewallapi.dll,-26140 |
"{E5A1830C-BC63-4C99-9ED3-182065B4B12A}" = protocol=6 | dir=in | app=c:\users\unc support\appdata\local\akamai\netsession_win.exe |
"{EB884874-7666-4F12-8838-0E465C022EFE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ECC11AE3-6244-40A1-BD19-164416995BCF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F30EE737-6E72-4081-B990-2A748EAF486C}" = protocol=1 | dir=out | name=@firewallapi.dll,-26016 |
"TCP Query User{0CF950F9-0B7C-47F1-8107-08865C199C5E}C:\program files\starnet\x-win32 2011\esd.exe" = protocol=6 | dir=in | app=c:\program files\starnet\x-win32 2011\esd.exe |
"TCP Query User{634525BE-26A4-476D-88A0-59D8DE8E08A3}C:\program files\sas\sasfoundation\9.2\sas.exe" = protocol=6 | dir=in | app=c:\program files\sas\sasfoundation\9.2\sas.exe |
"TCP Query User{9683188F-46EB-41E1-B42B-61545D06637F}C:\program files\xming\xming.exe" = protocol=6 | dir=in | app=c:\program files\xming\xming.exe |
"TCP Query User{D7F9E301-AAE2-4815-98A7-62975DF85850}C:\program files\starnet\x-win32 2011\xwin32.exe" = protocol=6 | dir=in | app=c:\program files\starnet\x-win32 2011\xwin32.exe |
"TCP Query User{F9F03825-FA04-47FF-9EEE-F42FC239B70E}C:\program files\xming\xming.exe" = protocol=6 | dir=in | app=c:\program files\xming\xming.exe |
"UDP Query User{03BAC0A8-1606-4238-80E7-132D362B6E47}C:\program files\xming\xming.exe" = protocol=17 | dir=in | app=c:\program files\xming\xming.exe |
"UDP Query User{1EE6E9B5-8CFE-4CEA-A50D-A6F64B7E180B}C:\program files\starnet\x-win32 2011\xwin32.exe" = protocol=17 | dir=in | app=c:\program files\starnet\x-win32 2011\xwin32.exe |
"UDP Query User{877D5CDD-2AF3-4DD4-B2F8-4CABFC5731F9}C:\program files\xming\xming.exe" = protocol=17 | dir=in | app=c:\program files\xming\xming.exe |
"UDP Query User{8C4873D0-9858-4D63-B0C9-B4B13E737DC7}C:\program files\starnet\x-win32 2011\esd.exe" = protocol=17 | dir=in | app=c:\program files\starnet\x-win32 2011\esd.exe |
"UDP Query User{FAE918A4-F08E-4F15-BBF6-E562AB48DE2E}C:\program files\sas\sasfoundation\9.2\sas.exe" = protocol=17 | dir=in | app=c:\program files\sas\sasfoundation\9.2\sas.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0003BC6C-355A-DDCF-56D2-4C826A371237}" = ccc-core-static
"{026746B0-B68C-498E-9174-906F0DB9A66E}" = X-Win32 2011
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{1351F191-3629-64FF-44C4-08510DC2A8C9}" = CCC Help Korean
"{156DCF5B-BC94-66ED-9A19-C8F00D1D35D4}" = Catalyst Control Center Localization Portuguese
"{169EC721-66BD-5CF8-3876-9E50E42B9B52}" = PX Profile Update
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1DB58ADA-A8B6-31E5-DEED-38664AA764CE}" = CCC Help Swedish
"{20CD28E9-293F-4C27-9905-FA1991A00F8F}" = Lenovo Fingerprint Software
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{21D19A30-31FB-0B59-31A2-006D3E82FF5C}" = CCC Help German
"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{2E355C9C-8860-0D7A-6FB4-1F02A655AF1B}" = CCC Help Italian
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{344DEEDF-D169-4DE0-A285-E66850E9585A}" = VitalSource Bookshelf
"{34E264CD-CEF9-1E2A-2B1F-C71AE2D4479D}" = Catalyst Control Center Localization German
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{356C896A-6BE6-487D-AA37-C999F945E6CF}" = Integrated Camera TWAIN
"{373B3836-1B22-9A5A-6162-3224B6E60B89}" = Catalyst Control Center Graphics Full Existing
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E876EF6-3E12-FA91-012E-812D38030A44}" = Catalyst Control Center InstallProxy
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{4269577A-ECD6-3EFA-945B-4979AE4630D2}" = Catalyst Control Center Localization Italian
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4DA016C7-9AC2-4BA7-AD31-3EBA29BC21B1}" = Oracle Calendar
"{5317612E-3294-CE6E-C7B0-9808627BB7D5}" = Catalyst Control Center Localization Chinese Standard
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = Integrated Camera Driver Installer Package Ver.1.23.500.0
"{5BDC87AE-3181-BFDE-AE76-8D6152D8FE8C}" = CCC Help Portuguese
"{5BFDB365-AB82-9989-A06B-B93B287B1F35}" = CCC Help Dutch
"{6238EF3B-48E2-06B8-916E-D07ED79A3BE2}" = Catalyst Control Center Graphics Previews Vista
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6395D480-9F3B-4930-8204-B91C8882F967}" = Stata 10
"{64211D43-D195-413C-A7E7-666C10B53E1F}" = Ericsson Wireless Module Core
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{668ACF05-E455-4932-A2D2-5822A8206FEB}" = Camera Center
"{6693BD7C-CB4E-43AC-A0D6-10D1A1B88DCF}" = Canon PhotoRecord
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777E4A84-AC43-3F07-9534-114F3356AAF3}" = Catalyst Control Center Localization Korean
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{793510E7-98E3-2113-DAB5-ED244DF365CF}" = Catalyst Control Center Localization Spanish
"{79872596-B887-E700-8D56-CADBC78BA5DE}" = Adobe Download Assistant
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83E222CC-223F-BE8C-0C77-0CEBDC2F9B57}" = Acrobat.com
"{83EB2646-B79F-D31C-C961-D26B10C05185}" = CCC Help French
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{875E7F75-8119-DE1A-E327-684BCD710FD1}" = Catalyst Control Center Localization Dutch
"{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}" = EndNote X1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCD7536-93EF-2282-3CD2-05FC1F39FCEB}" = CCC Help Chinese Traditional
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{B59631B3-CC18-4849-AABF-DE41AB76D625}" =
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{B59631B3-CC18-4849-AABF-DE41AB76D625}" =
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{B59631B3-CC18-4849-AABF-DE41AB76D625}" =
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{B59631B3-CC18-4849-AABF-DE41AB76D625}" =
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90FABD40-E741-446F-839D-CEAE905D63BE}" = ThinkPad Mobility Center Customization
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{93C8BDB1-2BD3-694B-725C-486C027F3144}" = CCC Help Japanese
"{94BFB7AD-EE7B-9A93-3C37-E881EDE0BA6E}" = Catalyst Control Center Localization Japanese
"{956A4FEB-D69B-6334-A4EE-DB16334E6D50}" = Skins
"{989DC5D9-A776-430D-9E16-D36E5B81CD86}" = USB Enhanced Performance Keyboard Software
"{9B81FE1C-E79A-1627-BCB0-946D951CBB36}" = Catalyst Control Center Core Implementation
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{9FCE66F0-EE03-43BD-916E-66EDF0DBC18C}" = Catalyst Control Center - Branding
"{A14CDDB0-B238-B74E-C8E3-BF6F65792D75}" = CCC Help Chinese Standard
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A59EBED3-A75D-5516-9A7B-8D9077642C32}" = Catalyst Control Center Localization French
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC2BA148-EE9C-4F1A-AFCE-F38C2C71D29B}" = Mobile Broadband Generic Drivers
"{AC6A0FD9-0BCA-034A-F153-A66B795B2854}" = ATI Catalyst Install Manager
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel® PROSet/Wireless WiFi Software
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C25BAC9C-5559-A160-52E3-A8CF95CD87CF}" = CCC Help Spanish
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C8192B14-5B56-2E27-6652-8AA650091D6E}" = Shutterfly Express Uploader
"{C9B97D35-69CF-4F96-69D5-29ADB78335D3}" = Catalyst Control Center Localization Swedish
"{CAABE288-14DA-F6B6-9F0D-BD51E81C65CF}" = ccc-utility
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1BF3916-EE21-8C87-3C46-C981BB67D4F5}" = Catalyst Control Center Graphics Full New
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DB97FEB4-5814-4938-94F0-EEB00D617BA8}" = OpenAFS for Windows
"{DD4E816C-BAC8-801C-6BAA-4724D886741C}" = Catalyst Control Center Graphics Light
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F61F08C1-44F6-A637-83A6-F6FC3733F586}" = Catalyst Control Center Localization Chinese Traditional
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F9390B82-786C-43CF-A970-D39E23EF0366}" = SAS 9.2
"{FC7BB79A-DC14-A4F2-9B2D-F57BAE868AD4}" = CCC Help English
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"1d8476e4fcca11dab0f6f685d746a93a" = SAS/SECURE Java 9.2
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"7B99AFC70F5AE68199F67385AEF7E294D24B30D9" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (08/08/2008 8.1.2.10)
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"ATI Uninstaller" = ATI Uninstaller
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"d512c678901db9d321c85ecf7c30ae2e" = SAS Deployment Tester - Client 1.3
"doPDF 6 printer_is1" = doPDF 6.1 printer
"e7b5d423e2fcc19f6c91a3c2b5238c8a" = SAS Private JRE (J2SE™ Java Runtime Environment 1.4.1)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"febb569a337f725f5f8607711f665d3b" = SAS Versioned Jar Repository 9.2
"Google Chrome" = Google Chrome
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"LENOVO.SMIIF" = Lenovo System Interface Driver
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"Mulberry" = Mulberry
"OnScreenDisplay" = On Screen Display
"Picasa 3" = Picasa 3
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Write-N-Cite" = Write-N-Cite

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Back to top

Next
»

Back to Resolved HijackThis Logs

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Infected...issues

Attached Files

0 user(s) are reading this topic

Sign In