Total Vista Security and Antivirus Plus are killing me!

Hi there,
I have the Total Vista Security and Antivirus Plus viruses on my computer and have tried a couple things but am perplexed. I cannot open Malwarebytes (in fact, the virus made it so that the shortcuts don't work, I have to go into windows explorer to even try, and then clicking on the .exe just launches total vista security or the fake security center. Renaming the folder or the executable doesn't help.)

Also, I can't open regedit (it says admin has disallowed it, or something). Additionally, when I click on links from google, it usually reroutes me to a fake site on the first couple attempts, and then allows me through on the third or so attempt, though I receive a "connection problem" when I try to navigate to malwarebytes.org or their forum. I can't even attempt to use firefox, as it closes the window before it even loads. I was able to download and reinstall malwarebytes from cnet if I run the installer as admin, but again I can't actually run malwarebytes.

I tried to remove antivirus plus already (deleting rundll32.exe from the system folder [not from system32!]), but it's still here. I'm able to run windows in safe mode, which is what I'm doing now. Also, I already installed tfc and cleaned up the temp folder, though of course the virus still persists.

The total vista security process is named ave.exe, though there are a host of others which may be associated with antivirus plus.

Just so you know, I'm somewhat proficient with computers (I can follow directions ok ), though I am certainly not an expert.

Thanks in advance for your help!


Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:17 PM, on 3/24/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\John\AppData\Local\Temp\taskmgr.exe
C:\Users\John\AppData\Local\Temp\notepad.exe
C:\Users\John\AppData\Local\Temp\services.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\John\Desktop\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: C:\Windows\system32\uyjudh0bkp.dll - {A9BA40A1-74F1-52BD-F434-00B15A2C8953} - C:\Windows\system32\uyjudh0bkp.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [CreateLMBCShortCut] "C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [kidewukaru] Rundll32.exe "yamisepa.dll",s
O4 - HKLM\..\Run: [wufayaveh] Rundll32.exe "c:\windows\system32\lihawefi.dll",a
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
O4 - HKCU\..\Run: [Google Update] "C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\Users\John\AppData\Local\Temp\services.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E3B2019-77C9-4D42-8522-29A5B1C06AB8}: NameServer = 93.188.165.28,93.188.161.121
O17 - HKLM\System\CCS\Services\Tcpip\..\{369FEAF2-E70E-41B4-A396-B884A3CD40E8}: NameServer = 93.188.165.28,93.188.161.121
O17 - HKLM\System\CCS\Services\Tcpip\..\{75727B11-D5B7-4D68-9E4D-E2D0081E57CD}: NameServer = 93.188.165.28,93.188.161.121
O17 - HKLM\System\CCS\Services\Tcpip\..\{C27DFF37-3230-462A-95BA-3103406A36CD}: NameServer = 93.188.165.28,93.188.161.121
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.165.28,93.188.161.121
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E3B2019-77C9-4D42-8522-29A5B1C06AB8}: NameServer = 93.188.165.28,93.188.161.121
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.165.28,93.188.161.121
O17 - HKLM\System\CS2\Services\Tcpip\..\{1E3B2019-77C9-4D42-8522-29A5B1C06AB8}: NameServer = 93.188.165.28,93.188.161.121
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.165.28,93.188.161.121
O20 - AppInit_DLLs: c:\windows\system32\lihawefi.dll,mupigijo.dll
O20 - Winlogon Notify: GoToAssist Express Customer - C:\Program Files\Citrix\GoToAssist Express Customer\177\g2ax_winlogon.dll
O21 - SSODL: kulofiwiv - {8bf43728-1c39-40de-bca6-eb599b0be168} - c:\windows\system32\lihawefi.dll
O22 - SharedTaskScheduler: jsg9dgjisdogje94guiofjgd - {A9BA40A1-74F1-52BD-F434-00B15A2C8953} - C:\Windows\system32\uyjudh0bkp.dll
O22 - SharedTaskScheduler: kupuhivus - {8bf43728-1c39-40de-bca6-eb599b0be168} - c:\windows\system32\lihawefi.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\Windows\system32\ADMonitor.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Windows\system32\AtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COMServer - Unknown owner - C:\Windows\system32\msapps\comsrvr.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\Windows\system32\DTS.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: GoToAssist Express Customer - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist Express Customer\177\g2ax_service.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13757 bytes

Hi

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in
  
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\*.exe /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %SYSTEMDRIVE%\*.*
  %PROGRAMFILES%\*.
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  symmpi.sys
  adp3132.sys
  mv61xx.sys
  /md5stop
  CREATERESTOREPOINT
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time
    
  
  

Thanks for the quick response!

Here's the result:
OTL.txt (part 1)

OTL logfile created on: 3/24/2010 1:58:11 PM - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\John\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.82 Gb Total Space | 7.37 Gb Free Space | 5.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 9.77 Gb Total Space | 2.81 Gb Free Space | 28.78% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.69 Gb Free Space | 46.98% Space Free | Partition Type: NTFS

Computer Name: MINI-JOHN
Current User Name: John
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/24 13:56:40 | 000,030,724 | -H-- | M] () -- C:\Users\John\AppData\Local\Temp\mdm.exe
PRC - [2010/03/24 13:56:40 | 000,030,724 | -H-- | M] () -- C:\Users\John\AppData\Local\Temp\cmd.exe
PRC - [2010/03/24 13:56:39 | 000,030,724 | -H-- | M] () -- C:\Users\John\AppData\Local\Temp\winamp.exe
PRC - [2010/03/24 13:56:38 | 000,030,724 | -H-- | M] () -- C:\Users\John\AppData\Local\Temp\winlogon.exe
PRC - [2010/03/24 13:56:38 | 000,030,724 | -H-- | M] () -- C:\Users\John\AppData\Local\Temp\win16.exe
PRC - [2010/03/24 13:39:57 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
PRC - [2010/03/24 12:05:31 | 000,030,724 | -H-- | M] () -- C:\Users\John\AppData\Local\Temp\services.exe
PRC - [2010/03/24 12:05:31 | 000,030,724 | -H-- | M] () -- C:\Users\John\AppData\Local\Temp\notepad.exe
PRC - [2010/03/24 12:05:30 | 000,030,724 | -H-- | M] () -- C:\Users\John\AppData\Local\Temp\taskmgr.exe
PRC - [2010/03/24 03:05:29 | 000,203,776 | -HS- | M] () -- C:\Users\John\AppData\Local\ave.exe
PRC - [2009/07/04 02:06:14 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/20 11:27:24 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/03/20 11:27:20 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/03/20 11:27:20 | 001,799,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/03/20 11:27:20 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe


========== Modules (SafeList) ==========

MOD - [2099/01/01 12:00:00 | 000,095,744 | -HS- | M] () -- C:\Windows\System32\lihawefi.dll
MOD - [2010/03/24 13:39:57 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
MOD - [2010/03/24 03:06:13 | 000,020,000 | ---- | M] () -- C:\Windows\System32\uyjudh0bkp.dll
MOD - [2008/01/20 19:24:42 | 002,085,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
MOD - [2008/01/20 19:24:15 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc_os.dll
MOD - [2008/01/20 19:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2006/11/02 02:46:13 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.dll
MOD - [2006/11/02 02:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2010/03/24 03:06:28 | 000,012,288 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\msapps\comsrvr.exe -- (COMServer)
SRV - [2010/01/06 04:12:00 | 000,132,456 | ---- | M] (Lenovo.) [Auto | Stopped] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010/01/06 04:12:00 | 000,075,112 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2009/12/10 22:59:40 | 000,251,240 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2009/12/10 22:59:38 | 000,124,264 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/07/14 12:40:34 | 000,077,112 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist Express Customer\177\g2ax_service.exe -- (GoToAssist Express Customer)
SRV - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/04/02 06:35:20 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009/03/30 04:08:14 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/03/20 11:27:24 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/03/20 11:27:24 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/03/20 11:27:22 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/03/20 11:27:20 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/03/20 11:27:20 | 001,799,496 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/03/19 04:53:02 | 000,098,304 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\DTS.exe -- (dtsvc)
SRV - [2009/03/19 04:52:56 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\ADMonitor.exe -- (ADMonitor)
SRV - [2009/03/19 04:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) [Auto | Stopped] -- C:\Windows\System32\AtService.exe -- (ATService)
SRV - [2009/03/19 03:08:44 | 000,038,176 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Windows\System32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2009/03/04 21:57:08 | 000,779,576 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2009/03/04 21:54:34 | 000,750,904 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009/02/27 07:52:54 | 000,211,216 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009/02/20 14:01:40 | 000,567,848 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/02/11 20:47:06 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/02/11 20:46:58 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2009/01/28 17:59:12 | 000,039,976 | ---- | M] (Lenovo.) [Auto | Stopped] -- C:\Windows\System32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2008/12/10 15:46:58 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/10/09 02:05:16 | 000,360,448 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2008/05/24 16:49:32 | 001,155,072 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2008/05/24 16:31:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2008/05/24 16:17:54 | 000,520,192 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/04/25 08:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/20 19:24:13 | 000,053,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\FastUv32.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2004/08/17 20:00:00 | 000,073,748 | -H-- | M] () [Auto | Stopped] -- C:\Windows\System32\Iasex.dll -- (Ias)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Running] -- -- (pxscan)
DRV - File not found [Kernel | On_Demand | Running] -- -- (pxkbf)
DRV - [2010/01/06 04:12:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2010/01/06 04:12:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2009/10/29 11:52:26 | 001,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091029.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/10/29 11:52:26 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091029.005\NAVENG.SYS -- (NAVENG)
DRV - [2009/10/29 11:52:25 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/27 12:22:26 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/14 13:15:07 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/07/04 02:51:32 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2009/07/04 01:56:36 | 000,018,184 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2009/07/04 01:56:36 | 000,017,160 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2009/07/04 01:56:36 | 000,015,624 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2009/06/02 01:20:20 | 000,458,752 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/04/01 14:52:06 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2009/04/01 13:18:54 | 000,088,576 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009/04/01 13:04:30 | 002,473,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdpmd32.sys -- (intelkmd)
DRV - [2009/03/27 04:06:20 | 000,221,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel(R)
DRV - [2009/03/20 11:27:24 | 000,319,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/03/20 11:27:24 | 000,280,112 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/03/20 11:27:24 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/03/20 11:27:16 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/03/20 11:27:16 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/03/20 11:27:16 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/03/20 11:27:14 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/03/19 21:09:40 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/03/19 03:08:06 | 000,025,000 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2009/03/04 10:49:22 | 004,232,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2009/02/26 21:37:24 | 000,018,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2009/02/26 21:37:22 | 000,029,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2009/02/26 21:37:20 | 000,109,608 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2009/02/26 21:37:20 | 000,084,008 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2009/02/19 03:06:18 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/02/18 06:08:26 | 000,030,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mux.sys -- (MUXP)
DRV - [2009/02/18 06:08:26 | 000,030,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mux.sys -- (MUXMP)
DRV - [2009/02/11 01:11:50 | 000,329,752 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/01/28 17:58:46 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009/01/28 17:57:12 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/01/04 21:35:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/11/25 17:37:48 | 001,754,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/09/25 00:49:52 | 000,031,680 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2008/07/10 19:47:00 | 000,048,192 | ---- | M] (Lenovo) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008/05/12 02:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008/03/25 21:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2008/03/24 23:41:30 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/03/24 23:39:20 | 000,207,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/03/24 23:38:32 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/02/22 15:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2008/02/15 02:01:00 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/20 19:24:13 | 000,002,304 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\seagate.sys -- (seagate)
DRV - [2008/01/20 19:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 19:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 19:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 19:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 19:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 19:23:26 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/20 19:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 19:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 19:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/20 19:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 19:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 19:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 19:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 19:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 19:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 19:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 19:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 19:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 19:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 19:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 19:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 19:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 19:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2007/10/17 23:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/29 19:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/29 18:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/06/18 16:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/06/18 16:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/18 16:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/18 16:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/18 16:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/18 16:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/18 16:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/18 16:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/03/12 01:25:28 | 000,099,848 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/02/09 12:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - prefs.js..extensions.enabledItems: mp4downloader@jeff.net:1.2.10
FF - prefs.js..extensions.enabledItems: savefileto@mozdev.org:1.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105


FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/24 12:20:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/24 12:20:01 | 000,000,000 | ---D | M]

[2009/07/06 13:59:20 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2010/03/24 10:45:24 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\gz7jgimt.default\extensions
[2009/07/18 09:10:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\gz7jgimt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/24 10:45:24 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\gz7jgimt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/07/07 01:01:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\gz7jgimt.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}
[2010/02/01 19:18:34 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\gz7jgimt.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/02/01 19:18:35 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\gz7jgimt.default\extensions\mp4downloader@jeff.net
[2010/02/01 19:18:39 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\gz7jgimt.default\extensions\savefileto@mozdev.org
[2009/07/07 00:56:35 | 000,000,939 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\gz7jgimt.default\searchplugins\dictionary.xml
[2009/07/07 00:57:23 | 000,001,512 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\gz7jgimt.default\searchplugins\imdb.xml
[2009/07/07 01:07:32 | 000,004,153 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\gz7jgimt.default\searchplugins\youtube.xml
[2009/07/06 12:50:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (C:\Windows\system32\uyjudh0bkp.dll) - {A9BA40A1-74F1-52BD-F434-00B15A2C8953} - C:\Windows\System32\uyjudh0bkp.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\actray.exe ()
O4 - HKLM..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\acwlicon.exe ()
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe ()
O4 - HKLM..\Run: [CreateLMBCShortCut] C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe ()
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe ()
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\ezejmnap.exe ()
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe ()
O4 - HKLM..\Run: [kidewukaru] C:\Windows\System32\yamisepa.dll ()
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe ()
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\lpmlchk.exe ()
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\lpmgr.exe ()
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [QuickTime Task] C:\program files\quicktime\qttask .exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe ()
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\tposdsvc.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe ()
O4 - HKLM..\Run: [TpShocks] C:\Windows\System32\tpshocks.exe ()
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe File not found
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [wufayaveh] C:\Windows\System32\lihawefi.DLL ()
O4 - HKCU..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\Users\John\AppData\Local\Temp\services.exe ()
O4 - HKCU..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.165.28,93.188.161.121
O20 - AppInit_DLLs: (c:\windows\system32\lihawefi.dll) - C:\Windows\System32\lihawefi.dll ()
O20 - AppInit_DLLs: (mupigijo.dll) - C:\Windows\System32\mupigijo.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist Express Customer: DllName - C:\Program Files\Citrix\GoToAssist Express Customer\177\g2ax_winlogon.dll - C:\Program Files\Citrix\GoToAssist Express Customer\177\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: kulofiwiv - {8bf43728-1c39-40de-bca6-eb599b0be168} - C:\Windows\System32\lihawefi.dll ()
O22 - SharedTaskScheduler: {8bf43728-1c39-40de-bca6-eb599b0be168} - kupuhivus - C:\Windows\System32\lihawefi.dll ()
O22 - SharedTaskScheduler: {A9BA40A1-74F1-52BD-F434-00B15A2C8953} - jsg9dgjisdogje94guiofjgd - C:\Windows\System32\uyjudh0bkp.dll ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O27 - HKLM IFEO\MpCmdRun.exe: Debugger - C:\Windows\system32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MSASCui.exe: Debugger - C:\Windows\system32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MsMpEng.exe: Debugger - C:\Windows\system32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msseces.exe: Debugger - C:\Windows\system32\svchost.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/10 09:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2008/06/02 15:46:54 | 000,000,049 | -HS- | M] () - S:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{15430357-6871-11de-a6ea-002268101c91}\Shell - "" = AutoRun
O33 - MountPoints2\{15430357-6871-11de-a6ea-002268101c91}\Shell\AutoRun\command - "" = S:\LenovoSDrive.exe -- [2008/07/29 15:37:58 | 000,180,224 | -HS- | M] ()
O33 - MountPoints2\{b4174841-687a-11de-881f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b4174841-687a-11de-881f-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2008/07/21 09:09:40 | 000,262,144 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = secfile] -- "C:\Users\John\AppData\Local\ave.exe" /START "%1" %* ()

NetSvcs: FastUserSwitchingCompatibility - C:\Windows\System32\FastUv32.dll ()
NetSvcs: Ias - C:\Windows\System32\Iasex.dll ()
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AntiVirus Plus.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AntiVirus Plus.lnk - - File not found
MsConfig - StartUpReg: AdobeUpdater6 - hkey= - key= - C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AntiVirus Plus - hkey= - key= - File not found
MsConfig - StartUpReg: hsa8ffushf83hoigjhs98jgijg9sd8e - hkey= - key= - C:\Users\John\appdata\local\temp\w51he5h6lc .exe File not found
MsConfig - StartUpReg: hsf87efjhdsf87f3jfsdi7fhsujfd - hkey= - key= - C:\Users\John\AppData\Local\Temp\win32.exe File not found
MsConfig - StartUpReg: IntelWireless - hkey= - key= - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe ()
MsConfig - StartUpReg: kidewukaru - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe ()
MsConfig - StartUpReg: WordPerfect Office 1215 - hkey= - key= - C:\program files\wordperfect office 12\programs\registration .exe ()
MsConfig - StartUpReg: wufayaveh - hkey= - key= - File not found
MsConfig - StartUpReg: YVIBBBHA8C - hkey= - key= - C:\Users\John\appdata\local\temp\pdp .exe File not found
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: Symantec Antvirus - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist Express Customer - C:\Program Files\Citrix\GoToAssist Express Customer\177\g2ax_service.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SmcService - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootNet: Symantec Antvirus - Service
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
OTL cannot create restorepoints on Vista OSs!

OTL.exe (Part 2)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/24 13:39:52 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2010/03/24 12:28:45 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\John\Desktop\winlogon.scr
[2010/03/24 11:52:59 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\TFC.exe
[2010/03/24 11:25:55 | 000,053,160 | ---- | C] (Prevx) -- C:\Windows\System32\PxSecure.dll-904587
[2010/03/24 10:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mbytes
[2010/03/24 10:47:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/24 10:47:35 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/24 10:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/24 10:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/24 10:44:22 | 003,396,856 | ---- | C] (Piriform Ltd) -- C:\Users\John\Desktop\ccsetup229.exe
[2010/03/24 10:22:40 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/03/24 09:53:59 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\John\Desktop\mbam-setup.exe
[2010/03/24 07:58:33 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/03/24 03:06:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\msapps
[2010/03/10 14:29:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/02/24 00:55:54 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/02/24 00:55:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/24 00:54:42 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/24 00:54:41 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/24 00:54:40 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/24 00:54:40 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/24 00:54:40 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/24 00:54:40 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/24 00:54:37 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/24 00:54:37 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/24 00:54:37 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/23 03:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/07/04 02:28:34 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009/07/04 02:28:34 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 000,193,024 | -HS- | M] () -- C:\Windows\System32\kahijoye.exe
[2099/01/01 12:00:00 | 000,095,744 | -HS- | M] () -- C:\Windows\System32\lihawefi.dll
[2099/01/01 12:00:00 | 000,065,536 | -HS- | M] () -- C:\Windows\System32\yamisepa.dll
[2099/01/01 12:00:00 | 000,065,536 | -HS- | M] () -- C:\Windows\System32\pebehiti.dll
[2099/01/01 12:00:00 | 000,065,536 | -HS- | M] () -- C:\Windows\System32\mupigijo.dll
[2099/01/01 12:00:00 | 000,048,640 | -HS- | M] () -- C:\Windows\System32\jelasisa.dll
[2099/01/01 12:00:00 | 000,042,496 | -HS- | M] () -- C:\Windows\System32\halulohi.dll
[2010/03/24 13:59:32 | 002,359,296 | -HS- | M] () -- C:\Users\John\NTUSER.DAT
[2010/03/24 13:59:19 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\ayemgy.sys
[2010/03/24 13:59:15 | 000,006,456 | -H-- | M] () -- C:\Windows\System32\vutolete
[2010/03/24 13:53:05 | 000,010,880 | -HS- | M] () -- C:\Users\John\AppData\Local\Mh3jm32txN
[2010/03/24 13:53:05 | 000,010,880 | -HS- | M] () -- C:\ProgramData\Mh3jm32txN
[2010/03/24 13:39:57 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2010/03/24 13:04:24 | 000,002,032 | ---- | M] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2010/03/24 12:28:53 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\John\Desktop\winlogon.scr
[2010/03/24 12:19:38 | 000,203,776 | -HS- | M] () -- C:\Users\John\AppData\Local\128822158.dll
[2010/03/24 12:17:39 | 000,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/24 12:17:39 | 000,598,588 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/24 12:17:39 | 000,102,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/24 11:58:46 | 000,524,288 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/03/24 11:58:46 | 000,065,536 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/03/24 11:58:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/24 11:53:35 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\TFC.exe
[2010/03/24 11:25:55 | 000,053,160 | ---- | M] (Prevx) -- C:\Windows\System32\PxSecure.dll-904587
[2010/03/24 11:25:26 | 000,000,153 | ---- | M] () -- C:\Windows\wininit.ini
[2010/03/24 10:47:38 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/24 10:45:20 | 000,001,680 | ---- | M] () -- C:\Users\John\Desktop\CCleaner.lnk
[2010/03/24 10:44:37 | 003,396,856 | ---- | M] (Piriform Ltd) -- C:\Users\John\Desktop\ccsetup229.exe
[2010/03/24 10:28:20 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010/03/24 10:28:20 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010/03/24 10:28:19 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010/03/24 10:28:19 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010/03/24 10:28:19 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010/03/24 10:28:19 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010/03/24 10:28:18 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010/03/24 10:28:18 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010/03/24 10:28:18 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010/03/24 10:28:18 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010/03/24 10:28:18 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010/03/24 10:28:17 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010/03/24 10:28:17 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010/03/24 10:28:17 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010/03/24 10:28:16 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010/03/24 10:28:16 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010/03/24 10:28:16 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010/03/24 10:28:16 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010/03/24 10:28:15 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010/03/24 10:28:15 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010/03/24 10:28:14 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/03/24 10:28:14 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/03/24 10:28:14 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/03/24 10:28:13 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/03/24 10:28:11 | 000,000,288 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/03/24 10:27:38 | 000,001,024 | ---- | M] () -- C:\Users\John\.rnd
[2010/03/24 10:26:48 | 000,027,648 | ---- | M] () -- C:\Windows\System32\tpshocks.exe
[2010/03/24 10:26:30 | 000,000,244 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/03/24 10:25:16 | 000,038,512 | ---- | M] () -- C:\Users\Public\Documents\AccConnAdvanced.dat
[2010/03/24 10:25:16 | 000,021,352 | ---- | M] () -- C:\Users\Public\Documents\ACGinaWinlogon.dat
[2010/03/24 10:24:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/24 10:23:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/24 10:23:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/24 10:14:48 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/03/24 10:01:51 | 000,027,648 | ---- | M] () -- C:\Windows\tsnp2uvc.exe.delme221
[2010/03/24 10:00:49 | 000,004,286 | ---- | M] () -- C:\Users\John\AppData\Roaming\avp.ico
[2010/03/24 09:54:08 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\John\Desktop\mbam-setup.exe
[2010/03/24 09:48:24 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1419061039-1915680080-1251473730-1003UA.job
[2010/03/24 09:34:13 | 000,036,864 | ---- | M] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/24 09:11:00 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2010/03/24 05:25:25 | 000,000,186 | ---- | M] () -- C:\Windows\hpbafd.ini
[2010/03/24 03:10:54 | 000,094,208 | ---- | M] () -- C:\Windows\System32\app_dll.dll
[2010/03/24 03:06:13 | 000,020,000 | ---- | M] () -- C:\Windows\System32\uyjudh0bkp.dll
[2010/03/24 03:05:29 | 000,203,776 | -HS- | M] () -- C:\Users\John\AppData\Local\ave.exe
[2010/03/24 00:02:25 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2010/03/23 17:48:02 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1419061039-1915680080-1251473730-1003Core.job
[2010/03/23 15:23:44 | 000,001,796 | -H-- | M] () -- C:\Users\John\Documents\Default.rdp
[2010/03/19 12:54:19 | 000,000,393 | ---- | M] () -- C:\Users\Public\Documents\BluetoothLog.html
[2010/03/19 12:39:32 | 000,040,625 | ---- | M] () -- C:\Users\John\Desktop\OH Agenda 2010.pdf
[2010/03/18 17:00:01 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2010/03/16 17:29:53 | 000,360,200 | ---- | M] () -- C:\Users\John\Desktop\58-550.pdf
[2010/03/10 02:31:24 | 000,055,643 | ---- | M] () -- C:\Users\John\Desktop\128744482572903421.jpg
[2010/03/10 02:29:41 | 000,058,293 | ---- | M] () -- C:\Users\John\Desktop\skeptical-cat.jpg
[2010/03/09 03:12:03 | 000,038,134 | ---- | M] () -- C:\Users\John\Documents\Feb 22 - Mar 7.wpd
[2010/03/09 02:11:20 | 000,135,128 | ---- | M] () -- C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/09 02:11:13 | 000,003,577 | ---- | M] () -- C:\Users\Public\Documents\AcIpConfig.dat
[2010/03/09 02:07:55 | 000,458,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/03/09 01:38:59 | 000,037,456 | ---- | M] () -- C:\Users\John\Documents\Feb 8 - Feb 21.wpd
[2010/02/24 14:19:32 | 000,031,780 | ---- | M] () -- C:\Users\John\Desktop\Governmental Flow Chart.gif
[2010/02/23 04:01:45 | 000,009,702 | -HS- | M] () -- C:\Users\John\AppData\Local\J50l1AiqIvJy
[2010/02/23 03:04:26 | 000,000,285 | ---- | M] () -- C:\Users\John\Desktop\exefix.reg
[2010/02/23 02:25:20 | 000,182,272 | -HS- | M] () -- C:\Users\John\AppData\Local\av.exe

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,193,024 | -HS- | C] () -- C:\Windows\System32\kahijoye.exe
[2099/01/01 12:00:00 | 000,095,744 | -HS- | C] () -- C:\Windows\System32\lihawefi.dll
[2099/01/01 12:00:00 | 000,065,536 | -HS- | C] () -- C:\Windows\System32\yamisepa.dll
[2099/01/01 12:00:00 | 000,065,536 | -HS- | C] () -- C:\Windows\System32\pebehiti.dll
[2099/01/01 12:00:00 | 000,065,536 | -HS- | C] () -- C:\Windows\System32\mupigijo.dll
[2099/01/01 12:00:00 | 000,048,640 | -HS- | C] () -- C:\Windows\System32\jelasisa.dll
[2099/01/01 12:00:00 | 000,042,496 | -HS- | C] () -- C:\Windows\System32\halulohi.dll
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\Windows\System32\vutolete
[2010/03/24 10:47:38 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/24 10:45:20 | 000,001,680 | ---- | C] () -- C:\Users\John\Desktop\CCleaner.lnk
[2010/03/24 10:28:18 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At19.job
[2010/03/24 10:28:18 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At18.job
[2010/03/24 10:28:18 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At17.job
[2010/03/24 10:28:18 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At16.job
[2010/03/24 10:28:18 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At15.job
[2010/03/24 10:28:17 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At14.job
[2010/03/24 10:28:17 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At13.job
[2010/03/24 10:28:17 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At12.job
[2010/03/24 10:28:16 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At11.job
[2010/03/24 10:28:16 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At10.job
[2010/03/24 10:28:13 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/03/24 10:03:05 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At24.job
[2010/03/24 10:03:05 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At23.job
[2010/03/24 10:03:05 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At22.job
[2010/03/24 10:03:04 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At21.job
[2010/03/24 10:03:04 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At20.job
[2010/03/24 09:35:29 | 000,203,776 | -HS- | C] () -- C:\Users\John\AppData\Local\128822158.dll
[2010/03/24 09:23:10 | 000,001,024 | ---- | C] () -- C:\Users\John\.rnd
[2010/03/24 09:18:20 | 000,038,512 | ---- | C] () -- C:\Users\Public\Documents\AccConnAdvanced.dat
[2010/03/24 09:18:19 | 000,021,352 | ---- | C] () -- C:\Users\Public\Documents\ACGinaWinlogon.dat
[2010/03/24 03:14:13 | 000,004,286 | ---- | C] () -- C:\Users\John\AppData\Roaming\avp.ico
[2010/03/24 03:10:53 | 000,094,208 | ---- | C] () -- C:\Windows\System32\app_dll.dll
[2010/03/24 03:10:10 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At9.job
[2010/03/24 03:10:10 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At8.job
[2010/03/24 03:10:09 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At7.job
[2010/03/24 03:10:09 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At6.job
[2010/03/24 03:10:08 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At5.job
[2010/03/24 03:10:08 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At4.job
[2010/03/24 03:10:07 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At3.job
[2010/03/24 03:10:06 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010/03/24 03:08:26 | 000,027,648 | ---- | C] () -- C:\Windows\tsnp2uvc.exe.delme221
[2010/03/24 03:06:12 | 000,020,000 | ---- | C] () -- C:\Windows\System32\uyjudh0bkp.dll
[2010/03/24 03:06:10 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\ayemgy.sys
[2010/03/24 03:05:31 | 000,010,880 | -HS- | C] () -- C:\Users\John\AppData\Local\Mh3jm32txN
[2010/03/24 03:05:31 | 000,010,880 | -HS- | C] () -- C:\ProgramData\Mh3jm32txN
[2010/03/24 03:05:29 | 000,203,776 | -HS- | C] () -- C:\Users\John\AppData\Local\ave.exe
[2010/03/24 01:42:59 | 000,000,288 | -H-- | C] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/03/24 01:42:56 | 000,000,244 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/03/19 12:39:32 | 000,040,625 | ---- | C] () -- C:\Users\John\Desktop\OH Agenda 2010.pdf
[2010/03/16 17:29:42 | 000,360,200 | ---- | C] () -- C:\Users\John\Desktop\58-550.pdf
[2010/03/10 02:31:22 | 000,055,643 | ---- | C] () -- C:\Users\John\Desktop\128744482572903421.jpg
[2010/03/10 02:29:37 | 000,058,293 | ---- | C] () -- C:\Users\John\Desktop\skeptical-cat.jpg
[2010/03/09 03:12:03 | 000,038,134 | ---- | C] () -- C:\Users\John\Documents\Feb 22 - Mar 7.wpd
[2010/02/24 14:19:30 | 000,031,780 | ---- | C] () -- C:\Users\John\Desktop\Governmental Flow Chart.gif
[2010/02/23 04:03:40 | 000,037,456 | ---- | C] () -- C:\Users\John\Documents\Feb 8 - Feb 21.wpd
[2010/02/23 03:03:56 | 000,000,285 | ---- | C] () -- C:\Users\John\Desktop\exefix.reg
[2010/02/23 02:25:21 | 000,009,702 | -HS- | C] () -- C:\Users\John\AppData\Local\J50l1AiqIvJy
[2010/02/23 02:25:20 | 000,182,272 | -HS- | C] () -- C:\Users\John\AppData\Local\av.exe
[2009/11/03 14:32:51 | 000,870,128 | ---- | C] () -- C:\Users\John\AppData\Roaming\mcs.rma
[2009/11/03 14:32:51 | 000,000,004 | ---- | C] () -- C:\Users\John\AppData\Roaming\589080
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/07/28 14:44:30 | 000,000,186 | ---- | C] () -- C:\Windows\hpbafd.ini
[2009/07/14 14:25:53 | 000,061,678 | ---- | C] () -- C:\Users\John\AppData\Roaming\PFP120JPR.{PB
[2009/07/14 14:25:53 | 000,012,358 | ---- | C] () -- C:\Users\John\AppData\Roaming\PFP120JCM.{PB
[2009/07/14 13:24:22 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/09 15:30:33 | 000,002,032 | ---- | C] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2009/07/07 01:15:01 | 000,036,864 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/04 02:43:03 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2009/07/04 02:43:03 | 000,000,153 | ---- | C] () -- C:\Windows\wininit.ini
[2009/07/04 02:40:49 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/07/04 02:40:49 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/07/04 02:40:49 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/07/04 02:40:49 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/07/04 02:40:49 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/07/04 02:40:49 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/07/04 02:29:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/07/04 02:28:34 | 001,754,368 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/07/04 02:28:34 | 000,028,800 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009/07/04 02:28:34 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009/07/04 01:55:18 | 000,329,752 | ---- | C] () -- C:\Windows\System32\drivers\iaStor.sys
[2008/01/20 19:24:13 | 000,053,248 | ---- | C] () -- C:\Windows\System32\FastUv32.dll
[2008/01/20 19:24:13 | 000,002,304 | ---- | C] () -- C:\Windows\System32\seagate.sys
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/08/17 20:00:00 | 000,073,748 | -H-- | C] () -- C:\Windows\System32\Iasex.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/20 11:27:26 | 000,049,480 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\FwsVpn.dll
[2009/03/20 11:27:26 | 000,107,848 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\SymVPN.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/03/24 14:00:35 | 000,823,808 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\ayemgy.sys
[2009/02/11 01:11:50 | 000,329,752 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\iaStor.sys

< %systemroot%\System32\config\*.sav >
[2008/01/20 20:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 20:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 20:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %SYSTEMDRIVE%\*.* >
[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/11/03 14:30:36 | 000,000,323 | ---- | M] () -- C:\INSTALL.LOG
[2010/03/24 11:58:07 | 2956,009,472 | -HS- | M] () -- C:\pagefile.sys
[2009/07/04 02:25:59 | 000,000,086 | ---- | M] () -- C:\setup.log
[2009/07/04 03:08:57 | 000,001,072 | ---- | M] () -- C:\sysiclog.txt
[2009/07/06 14:44:08 | 000,001,732 | ---- | M] () -- C:\tvtpktfilter.dat

< %PROGRAMFILES%\*. >
[2010/03/24 03:10:55 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/02/01 22:51:42 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2009/07/06 13:34:10 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/07/09 15:31:02 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
[2009/07/30 12:33:39 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2010/03/10 14:22:59 | 000,000,000 | ---D | M] -- C:\Program Files\Binary News Reaper
[2009/07/06 13:35:00 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/01/13 01:30:53 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2010/03/24 10:45:24 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2009/07/30 12:41:31 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2009/07/14 12:40:36 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2010/02/23 03:32:39 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/07/04 02:57:28 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/07/04 02:35:42 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2009/07/04 02:57:43 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2010/01/05 04:25:08 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/07/19 12:41:23 | 000,000,000 | ---D | M] -- C:\Program Files\EphPod
[2009/07/30 12:39:12 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/07/04 02:27:09 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/03/24 03:10:04 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/07/04 02:40:47 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2010/01/15 10:26:28 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/07/19 11:48:22 | 000,000,000 | ---D | M] -- C:\Program Files\iPod To Computer Transfer
[2010/03/24 10:27:17 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/07/04 02:43:07 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/07/06 14:06:49 | 000,000,000 | ---D | M] -- C:\Program Files\Lenovo
[2010/03/24 10:26:54 | 000,000,000 | ---D | M] -- C:\Program Files\Lenovo Fingerprint Software
[2009/07/04 02:36:02 | 000,000,000 | ---D | M] -- C:\Program Files\Lenovo Group Limited
[2009/07/04 02:38:45 | 000,000,000 | ---D | M] -- C:\Program Files\Lenovo Registration
[2010/03/24 10:47:40 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/01 15:43:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mass Effect
[2010/02/01 22:16:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mass Effect 2
[2010/03/24 10:57:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mbytes
[2009/07/14 13:21:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2006/11/02 05:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/07/14 13:37:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/01/29 12:07:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/07/04 03:03:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2009/07/14 13:21:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/07/14 13:29:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/07/14 13:49:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2008/01/20 19:35:17 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/03/24 12:20:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2006/11/02 05:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/07/14 13:37:02 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/07/06 12:53:09 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/07/04 02:57:41 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2010/03/15 19:37:38 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor
[2010/03/24 10:27:16 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/11/02 05:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/03/10 14:30:40 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2009/07/04 02:43:04 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic Icons for Lenovo
[2009/07/14 13:15:08 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2009/07/04 02:29:24 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2009/07/04 02:57:44 | 000,000,000 | ---D | M] -- C:\Program Files\ThinkPad
[2009/07/04 02:40:57 | 000,000,000 | ---D | M] -- C:\Program Files\ThinkVantage
[2006/11/02 06:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/03/24 07:57:10 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2009/11/03 14:34:22 | 000,000,000 | ---D | M] -- C:\Program Files\V CAST Music with Rhapsody
[2008/01/20 19:35:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2008/01/20 19:35:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2008/01/20 19:35:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2008/01/20 19:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/07/06 12:23:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Toolbar
[2010/03/09 02:05:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009/12/03 15:23:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 05:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/01/20 19:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2008/01/20 19:35:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/09/13 11:23:48 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/07/14 14:23:18 | 000,000,000 | ---D | M] -- C:\Program Files\WordPerfect Office 12


< MD5 for: AGP440.SYS >
[2008/01/20 19:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\agp440.sys
[2008/01/20 19:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 19:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 19:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/04 01:56:07 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=1DAD73FA38463227A4CB0B22DBB44F10 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_56890bc4\atapi.sys
[2009/07/04 01:56:07 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=1DAD73FA38463227A4CB0B22DBB44F10 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20846_none_dbb64a313d9be26a\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009/07/04 01:56:36 | 000,019,720 | ---- | M] (Microsoft Corporation) MD5=23B446FC5141012161DF4C550275BCD4 -- C:\Windows\System32\drivers\atapi.sys
[2009/07/04 01:56:36 | 000,019,720 | ---- | M] (Microsoft Corporation) MD5=23B446FC5141012161DF4C550275BCD4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_6be1d3ca\atapi.sys
[2009/07/04 01:56:36 | 000,019,720 | ---- | M] (Microsoft Corporation) MD5=23B446FC5141012161DF4C550275BCD4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22303_none_ddc4c98f3aa4b4b9\atapi.sys
[2008/01/20 19:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 19:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009/07/04 01:56:07 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=D01C1DBE0A1E5AA679A9F5F323DB79B8 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4be07e13\atapi.sys
[2009/07/04 01:56:07 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=D01C1DBE0A1E5AA679A9F5F323DB79B8 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22191_none_dd6175e33aef8336\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2009/02/11 01:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\DRIVERS\other\IaStor.sys
[2009/02/11 01:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\SWTOOLS\DRIVERS\IMSM\IaStor.sys
[2009/02/11 01:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_9d4a7637\iaStor.sys
[2009/02/11 01:11:50 | 000,329,752 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 19:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/20 19:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 19:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/20 19:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-03-09 08:45:43

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

Extras.txt

OTL Extras logfile created on: 3/24/2010 1:42:33 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\John\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.82 Gb Total Space | 7.38 Gb Free Space | 5.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 9.77 Gb Total Space | 2.81 Gb Free Space | 28.78% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.69 Gb Free Space | 46.98% Space Free | Partition Type: NTFS

Computer Name: MINI-JOHN
Current User Name: John
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = secfile] -- C:\Users\John\AppData\Local\ave.exe ()
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D2D8393-C3C1-4725-8FCC-98A977B71081}" = lport=445 | protocol=6 | dir=in | app=system |
"{579088F0-539A-4CF3-840F-AAA6DBE602EB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{59407501-5380-4A54-A52E-6D1D276FCA65}" = rport=445 | protocol=6 | dir=out | app=system |
"{66DEC1C6-1F38-49C0-97B8-E218974C1283}" = lport=137 | protocol=17 | dir=in | app=system |
"{991DEFAF-B588-4780-9D50-08A7A0B2F94C}" = lport=139 | protocol=6 | dir=in | app=system |
"{9D456DF1-9EF8-45CE-81D8-AF5C4C7FE58D}" = rport=139 | protocol=6 | dir=out | app=system |
"{AFD521E8-E6E4-4E86-B7D9-A5E518FA5F08}" = lport=138 | protocol=17 | dir=in | app=system |
"{C68662D0-5328-4681-A558-CC0C60B4D51E}" = rport=137 | protocol=17 | dir=out | app=system |
"{EA48C20F-B935-4C4F-A023-66CE058D096F}" = rport=138 | protocol=17 | dir=out | app=system |
"{F39D69D6-8670-48E8-BE6E-252960A4C13D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0228A5BC-006A-48FD-B8AD-447F73E901FF}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{03EFB3DA-B797-4B60-8120-1D0B91F3755D}" = protocol=6 | dir=in | app=c:\windows\system32\lsass.exe |
"{04FA7F82-E955-4775-A746-56E57E3E050B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0770ED79-8CEC-4DD8-8E74-63CE167536F0}" = protocol=17 | dir=in | app=c:\windows\system32\wininit.exe |
"{10EAB2E5-D636-4337-A8E8-B2E1B7E206B7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{14DE38FA-F8CD-4B6D-99B7-F8B0CD2A3043}" = protocol=17 | dir=in | app=c:\windows\system32\wininit.exe |
"{16D0CA68-84CB-4629-A62F-C80DB1E49ECE}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{1875AE41-DCDC-4C66-A0DD-D931E1BF2D27}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1A63F992-D3DB-4147-AA6F-7BE9A58054BF}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1B428852-C07D-4F41-8E2F-F90487626732}" = protocol=6 | dir=in | app=c:\windows\system32\wininit.exe |
"{2B12F8EB-63E7-429D-BB1B-054E3DD478E1}" = protocol=17 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{2FC75EE2-2512-4943-BC5D-3A3E34824CB4}" = protocol=17 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{3066CFB5-8191-419E-918D-4C9AB08D60F1}" = protocol=6 | dir=in | app=c:\windows\system32\lsass.exe |
"{38838781-A56A-449B-A7CA-887FE4346644}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4247ABD4-8DA7-4E1B-87C6-3E7BC46A2E8A}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{482B4277-B625-4F80-9FB3-FD20B0BF19EB}" = protocol=6 | dir=in | app=c:\windows\system32\winlogon.exe |
"{5017550F-6EC5-4E7D-86EE-13162BDA0BD0}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{5113F70A-C1E7-4BEC-A34B-1D90D2E136DA}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{567888C6-91A0-45A6-B947-3888BBB4926F}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{57162018-37B0-4AA2-9BA8-77F7D2FA0B97}" = protocol=17 | dir=in | app=c:\windows\system32\lsass.exe |
"{5D350BE8-B956-4377-A0B1-4FD10205EF07}" = protocol=6 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe |
"{5F4EC81B-6D16-4AD8-B2D9-A92375E7B09B}" = protocol=17 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe |
"{69D572FB-FF1A-40AC-801A-05894F31B806}" = protocol=6 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{6DAB5F98-075F-4F20-87B1-5119ECBD9D15}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{6E53D614-BA24-4406-B021-70770ECEF5C7}" = protocol=6 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{7178B1EB-41BF-4196-B01F-8473D4A94353}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{72362143-918E-47E2-8EE5-A6332D34B861}" = protocol=6 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{7474632A-036E-4B07-9AF6-BDCF9816A158}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{78066C5F-4A19-40A4-9CB3-3801EF8D69DD}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{79F8A92B-C09A-42BC-B485-E8A822FD89D2}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7B97E506-D0EE-403F-B6AA-31931718E270}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{7E4F235F-22F3-45F0-AF90-FE1B7220B6B6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8CD53BC7-64DB-44DF-8B25-4F06740C7658}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{93042864-CC97-4875-AB11-E95606F3177C}" = protocol=6 | dir=in | app=c:\windows\system32\wininit.exe |
"{B5537EF3-DFFA-4B61-8843-307591A696B1}" = protocol=17 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe |
"{BE80847A-ADE5-433D-956B-6AF5BA7A2050}" = protocol=17 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{C173E385-318F-414B-9D14-469CA8FDF32A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CC903C6B-A89E-48C3-A925-4837C7B1703F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CFC06B9A-9070-4BCF-8DFB-2C10D594A0AF}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{D27BC515-678C-44BF-8C28-CCEE8FA07226}" = protocol=17 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{D3F8310E-9AC0-40D4-9939-EA5A0BE64840}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{D8A8807B-2C0D-4C1E-ABB1-BC6CB055665C}" = protocol=6 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{E90AF0EF-D08D-4497-8407-1EBF3C052362}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{EA0ED95B-8CA8-4F24-9B05-097F67B87FAE}" = protocol=6 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe |
"{EBC28F27-FA2E-4D7E-9CE3-76421B957ECF}" = protocol=17 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{EF4FCF86-30D8-4F48-8F60-DE3B220C8376}" = protocol=6 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{F732B900-1FC3-4EF1-A8B4-FF815C84CCDF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F756285B-0DAC-452E-A543-5AF55D37649B}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{FC81E2F1-C025-4B63-A609-263E6DD1CAA0}" = protocol=17 | dir=in | app=c:\windows\system32\winlogon.exe |
"{FF9E1AAE-947D-40D7-9E2C-A497410A13AA}" = protocol=17 | dir=in | app=c:\windows\system32\lsass.exe |
"TCP Query User{3A71A9DB-C494-48A5-85E6-1C00B24D572C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{97224B0D-54A3-41FB-94F6-D2F713603958}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{12FE05DA-9AB1-4E98-8998-561C3002AC7D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{D2B7AA2D-E71F-4491-9CF5-9D141EC8F684}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00AF2FB0-BBD6-F757-5828-DE25462217BE}" = Catalyst Control Center Graphics Previews Vista
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.02.02.01
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0AD36E45-565F-04A9-1CA2-2ABCD2E88C62}" = Catalyst Control Center Localization Italian
"{0AEEB83B-565E-A806-D345-222DDB93CA1C}" = Catalyst Control Center Graphics Full Existing
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{20BFD848-897A-48BB-97A7-CDB5A8D4719E}" = WordPerfect Office 12
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{22AE425C-6409-D3F0-B80D-D4F7ACDA3292}" = Catalyst Control Center Core Implementation
"{25EEB51E-7DB8-464D-AE46-1C8C74F73035}" = Catalyst Control Center - Branding
"{26831B01-C26C-821A-68AC-1077C0437FF1}" = Catalyst Control Center Localization Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{35A11BEC-F37D-56C8-2E3C-9A4F65BE72D6}" = Catalyst Control Center Localization Chinese Standard
"{365001D9-0C56-8E13-FB01-B17E2DB91A31}" = Catalyst Control Center Localization Korean
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3A3B2181-1F12-C601-F2E0-9E2ACE43AD7B}" = Catalyst Control Center Localization Japanese
"{3D8994A3-02A8-45B5-B955-53E608BC69ED}" = Lenovo Fingerprint Software
"{3E89079A-08A5-55B4-1341-701740632579}" = CCC Help French
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{404693A9-89CD-D4CD-E770-088864FBA83E}" = CCC Help Italian
"{417B2288-FA04-EBA6-36FC-582CC31045AE}" = Skins
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{45316B3F-47A4-9BCD-0C30-0555E869C8DD}" = CCC Help Japanese
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4BD295B9-0190-4C54-B08E-33A6ECA922DF}" = ThinkVantage Access Connections
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5B0F1A29-10C7-495F-77D7-7E99DD7FCE40}" = CCC Help Chinese Traditional
"{5CDA75CA-B7CC-D8C6-CB32-9FFA1B7BA989}" = PX Profile Update
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60B8D26D-5D6D-21D5-0366-3664E5DE3471}" = ATI Catalyst Install Manager
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{668ACF05-E455-4932-A2D2-5822A8206FEB}" = Camera Center
"{67C50033-2353-DD1C-7296-C5FD7359EACA}" = CCC Help English
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{81ED33AC-3CBF-5FC9-AF3E-F5CED063C984}" = CCC Help Portuguese
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86DF760F-FDE8-B3BA-D955-1B9758AD156D}" = Catalyst Control Center Localization Dutch
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E4C24FB-B456-DC43-E154-0A4A09182122}" = Catalyst Control Center Localization German
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90FABD40-E741-446F-839D-CEAE905D63BE}" = ThinkPad Mobility Center Customization
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{97BBF90F-A852-4AA0-872B-42D13AA22D94}" = Mobile Broadband Connect
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A75A28C1-BCA7-68BD-FB88-223760FB65E5}" = Catalyst Control Center Localization French
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ABC6E084-55EA-5860-4654-B21FFE886B1B}" = PX Profile Update
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AECC8BFF-B02C-D02A-66E1-C3B8CCDF1B53}" = CCC Help Dutch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B193113E-4A16-2FC3-CFF0-ECC6DEC9340A}" = Catalyst Control Center Graphics Light
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BBF6D0CD-A081-369F-B0B8-F168594CBB6B}" = Google Talk Plugin
"{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}" = Symantec Endpoint Protection
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C710E77E-6AC2-608B-214C-CEF6B9CDBA6E}" = Catalyst Control Center InstallProxy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D22E6706-136E-4810-AF2E-359AE30A7323}" = ThinkVantage Status Gadget
"{D239B547-8B20-4BDE-888D-C9CCA823FFD8}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D83079BD-1B70-0E0C-E09B-FA0598FAF7CE}" = CCC Help Spanish
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E42B5633-876B-7549-47E0-FB6AD4D300D3}" = CCC Help Korean
"{E47FA707-9763-72D7-C1B2-539DFD70C285}" = Catalyst Control Center Graphics Full New
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E9BE4F08-5684-6B5E-5314-FD399455B23A}" = Catalyst Control Center Localization Chinese Traditional
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ECE27738-36CE-B725-4172-1DF105D587F0}" = Catalyst Control Center Localization Swedish
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}" = Intel(R) PROSet/Wireless WiFi Software
"{F3B148A3-9D5E-D3CA-4B27-67F9F858F921}" = CCC Help German
"{F74D2920-8671-1260-DA81-F0783B948A0B}" = ccc-utility
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FA62B4C2-6CFD-462F-9B59-68A730001AB3}" = Product Recovery Disc Burning Utility
"{FBE9C8DF-E5F0-C364-497C-0A01F0F5165C}" = ccc-core-static
"{FBFAE49C-9815-AB37-0896-641C1D358771}" = CCC Help Chinese Standard
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD810A54-C8D1-ED74-D071-931DA1B5E0E5}" = Catalyst Control Center Localization Spanish
"{FF460D73-62F0-D249-3FD2-7D620726DC10}" = CCC Help Swedish
"0A7603E3091C168CDE422A2B3481A2F7D17D0954" = Windows Driver Package - Intel hdc (02/20/2008 6.9.1.1001)
"1205965EF392C9B0D5A9BDB139035F058E76359E" = Windows Driver Package - Ricoh Company MMC Host Controller (02/15/2008 6.00.03.05)
"1A96FF9D9E5F19776E6749D8F6557FCC437EB294" = Windows Driver Package - Ricoh Company MS Host Controller (07/30/2007 6.00.01.11)
"25A4FC9EFE7A8860FCF6F86FFABDD9334A2619E3" = Windows Driver Package - Intel (e1yexpress) Net (08/22/2008 9.52.10.1001)
"3EB6CB625B5778835F0A66A7529E69050E0EE033" = Windows Driver Package - Lenovo 1.53 (03/19/2009 1.53)
"432D918ED17EA51B73E8491A0369730C0076A292" = Windows Driver Package - Intel System (02/20/2008 8.6.1.1002)
"464CE3922A214073AAEE00DEB23EA5C750AF8CE8" = Windows Driver Package - Intel USB (02/05/2007 8.3.0.1011)
"513C7D1BF4530B30EC84716327E4D7E76810DCC5" = Windows Driver Package - Intel System (02/20/2008 8.7.0.1007)
"5A4D4FF375E24E41AE5D2D907E67E0884BE2CAF4" = Windows Driver Package - Intel System (01/30/2008 8.6.1.1001)
"778DAA8FB0D52FC214BC306BBDC33E26ACAB6F44" = Windows Driver Package - Ricoh Company xD Host Controller (07/30/2007 6.00.01.13)
"A4680BD43717441189C52EBF2C4FD6B182EE1101" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (10/02/2008 8.1.2.37)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Uninstaller" = ATI Uninstaller
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"E6CEFD9A59425A2A27E92572AB367B28C371D3D8" = Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)
"EC1E678D1EFB79A1D02C312390944027C715CD5C" = Windows Driver Package - Intel (iaStor) hdc (02/11/2009 8.8.0.1009)
"EphPod" = EphPod
"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
"GoToAssist Express Customer" = GoToAssist Express Customer 1.2.0.177
"HECI" = Intel(R) Management Engine Interface
"HijackThis" = HijackThis 2.0.2
"iPod To Computer Transfer_is1" = iPod To Computer Transfer 5.5
"Lenovo Registration" = Lenovo Registration
"Lenovo Welcome_is1" = Lenovo Welcome
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MESOL" = Intel Active Management Technology
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
"uTorrent" = µTorrent
"Windows Live Toolbar" = Windows Live Toolbar
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/24/2010 2:56:06 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 3/24/2010 2:56:07 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 3/24/2010 2:56:07 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 3/24/2010 2:56:08 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 3/24/2010 2:56:08 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 3/24/2010 2:59:38 PM | Computer Name = Mini-John | Source = WinMgmt | ID = 10
Description =

Error - 3/24/2010 3:05:20 PM | Computer Name = Mini-John | Source = EventSystem | ID = 4609
Description =

Error - 3/24/2010 4:45:54 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 3/24/2010 4:45:54 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 3/24/2010 4:45:55 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

[ Lenovo-Message Center Plus/Admin Events ]
Error - 7/8/2009 7:43:33 PM | Computer Name = Mini-John | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp
does not have a Lenovo Digital Signature. The file will be deleted

Error - 7/25/2009 1:40:47 PM | Computer Name = Mini-John | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
does not have a Lenovo Digital Signature. The file will be deleted

Error - 7/26/2009 1:24:01 AM | Computer Name = Mini-John | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
does not have a Lenovo Digital Signature. The file will be deleted

Error - 7/26/2009 1:38:33 PM | Computer Name = Mini-John | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
does not have a Lenovo Digital Signature. The file will be deleted

[ System Events ]
Error - 3/24/2010 2:53:51 PM | Computer Name = Mini-John | Source = Service Control Manager | ID = 7031
Description =

Error - 3/24/2010 2:58:59 PM | Computer Name = Mini-John | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 3/24/2010 2:59:21 PM | Computer Name = Mini-John | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 3/24/2010 2:59:39 PM | Computer Name = Mini-John | Source = Service Control Manager | ID = 7001
Description =

Error - 3/24/2010 2:59:39 PM | Computer Name = Mini-John | Source = Service Control Manager | ID = 7026
Description =

Error - 3/24/2010 3:05:13 PM | Computer Name = Mini-John | Source = DCOM | ID = 10005
Description =

Error - 3/24/2010 3:05:20 PM | Computer Name = Mini-John | Source = DCOM | ID = 10005
Description =

Error - 3/24/2010 3:05:20 PM | Computer Name = Mini-John | Source = DCOM | ID = 10005
Description =

Error - 3/24/2010 3:05:23 PM | Computer Name = Mini-John | Source = DCOM | ID = 10005
Description =

Error - 3/24/2010 3:28:53 PM | Computer Name = Mini-John | Source = DCOM | ID = 10005
Description =


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = secfile] -- C:\Users\John\AppData\Local\ave.exe ()
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D2D8393-C3C1-4725-8FCC-98A977B71081}" = lport=445 | protocol=6 | dir=in | app=system |
"{579088F0-539A-4CF3-840F-AAA6DBE602EB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{59407501-5380-4A54-A52E-6D1D276FCA65}" = rport=445 | protocol=6 | dir=out | app=system |
"{66DEC1C6-1F38-49C0-97B8-E218974C1283}" = lport=137 | protocol=17 | dir=in | app=system |
"{991DEFAF-B588-4780-9D50-08A7A0B2F94C}" = lport=139 | protocol=6 | dir=in | app=system |
"{9D456DF1-9EF8-45CE-81D8-AF5C4C7FE58D}" = rport=139 | protocol=6 | dir=out | app=system |
"{AFD521E8-E6E4-4E86-B7D9-A5E518FA5F08}" = lport=138 | protocol=17 | dir=in | app=system |
"{C68662D0-5328-4681-A558-CC0C60B4D51E}" = rport=137 | protocol=17 | dir=out | app=system |
"{EA48C20F-B935-4C4F-A023-66CE058D096F}" = rport=138 | protocol=17 | dir=out | app=system |
"{F39D69D6-8670-48E8-BE6E-252960A4C13D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0228A5BC-006A-48FD-B8AD-447F73E901FF}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{03EFB3DA-B797-4B60-8120-1D0B91F3755D}" = protocol=6 | dir=in | app=c:\windows\system32\lsass.exe |
"{04FA7F82-E955-4775-A746-56E57E3E050B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0770ED79-8CEC-4DD8-8E74-63CE167536F0}" = protocol=17 | dir=in | app=c:\windows\system32\wininit.exe |
"{10EAB2E5-D636-4337-A8E8-B2E1B7E206B7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{14DE38FA-F8CD-4B6D-99B7-F8B0CD2A3043}" = protocol=17 | dir=in | app=c:\windows\system32\wininit.exe |
"{16D0CA68-84CB-4629-A62F-C80DB1E49ECE}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{1875AE41-DCDC-4C66-A0DD-D931E1BF2D27}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1A63F992-D3DB-4147-AA6F-7BE9A58054BF}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1B428852-C07D-4F41-8E2F-F90487626732}" = protocol=6 | dir=in | app=c:\windows\system32\wininit.exe |
"{2B12F8EB-63E7-429D-BB1B-054E3DD478E1}" = protocol=17 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{2FC75EE2-2512-4943-BC5D-3A3E34824CB4}" = protocol=17 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{3066CFB5-8191-419E-918D-4C9AB08D60F1}" = protocol=6 | dir=in | app=c:\windows\system32\lsass.exe |
"{38838781-A56A-449B-A7CA-887FE4346644}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4247ABD4-8DA7-4E1B-87C6-3E7BC46A2E8A}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{482B4277-B625-4F80-9FB3-FD20B0BF19EB}" = protocol=6 | dir=in | app=c:\windows\system32\winlogon.exe |
"{5017550F-6EC5-4E7D-86EE-13162BDA0BD0}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{5113F70A-C1E7-4BEC-A34B-1D90D2E136DA}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{567888C6-91A0-45A6-B947-3888BBB4926F}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{57162018-37B0-4AA2-9BA8-77F7D2FA0B97}" = protocol=17 | dir=in | app=c:\windows\system32\lsass.exe |
"{5D350BE8-B956-4377-A0B1-4FD10205EF07}" = protocol=6 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe |
"{5F4EC81B-6D16-4AD8-B2D9-A92375E7B09B}" = protocol=17 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe |
"{69D572FB-FF1A-40AC-801A-05894F31B806}" = protocol=6 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{6DAB5F98-075F-4F20-87B1-5119ECBD9D15}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{6E53D614-BA24-4406-B021-70770ECEF5C7}" = protocol=6 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{7178B1EB-41BF-4196-B01F-8473D4A94353}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{72362143-918E-47E2-8EE5-A6332D34B861}" = protocol=6 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{7474632A-036E-4B07-9AF6-BDCF9816A158}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{78066C5F-4A19-40A4-9CB3-3801EF8D69DD}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{79F8A92B-C09A-42BC-B485-E8A822FD89D2}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7B97E506-D0EE-403F-B6AA-31931718E270}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{7E4F235F-22F3-45F0-AF90-FE1B7220B6B6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8CD53BC7-64DB-44DF-8B25-4F06740C7658}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{93042864-CC97-4875-AB11-E95606F3177C}" = protocol=6 | dir=in | app=c:\windows\system32\wininit.exe |
"{B5537EF3-DFFA-4B61-8843-307591A696B1}" = protocol=17 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe |
"{BE80847A-ADE5-433D-956B-6AF5BA7A2050}" = protocol=17 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{C173E385-318F-414B-9D14-469CA8FDF32A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CC903C6B-A89E-48C3-A925-4837C7B1703F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CFC06B9A-9070-4BCF-8DFB-2C10D594A0AF}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{D27BC515-678C-44BF-8C28-CCEE8FA07226}" = protocol=17 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{D3F8310E-9AC0-40D4-9939-EA5A0BE64840}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{D8A8807B-2C0D-4C1E-ABB1-BC6CB055665C}" = protocol=6 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{E90AF0EF-D08D-4497-8407-1EBF3C052362}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{EA0ED95B-8CA8-4F24-9B05-097F67B87FAE}" = protocol=6 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe |
"{EBC28F27-FA2E-4D7E-9CE3-76421B957ECF}" = protocol=17 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{EF4FCF86-30D8-4F48-8F60-DE3B220C8376}" = protocol=6 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{F732B900-1FC3-4EF1-A8B4-FF815C84CCDF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F756285B-0DAC-452E-A543-5AF55D37649B}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{FC81E2F1-C025-4B63-A609-263E6DD1CAA0}" = protocol=17 | dir=in | app=c:\windows\system32\winlogon.exe |
"{FF9E1AAE-947D-40D7-9E2C-A497410A13AA}" = protocol=17 | dir=in | app=c:\windows\system32\lsass.exe |
"TCP Query User{3A71A9DB-C494-48A5-85E6-1C00B24D572C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{97224B0D-54A3-41FB-94F6-D2F713603958}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{12FE05DA-9AB1-4E98-8998-561C3002AC7D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{D2B7AA2D-E71F-4491-9CF5-9D141EC8F684}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00AF2FB0-BBD6-F757-5828-DE25462217BE}" = Catalyst Control Center Graphics Previews Vista
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.02.02.01
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0AD36E45-565F-04A9-1CA2-2ABCD2E88C62}" = Catalyst Control Center Localization Italian
"{0AEEB83B-565E-A806-D345-222DDB93CA1C}" = Catalyst Control Center Graphics Full Existing
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{20BFD848-897A-48BB-97A7-CDB5A8D4719E}" = WordPerfect Office 12
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{22AE425C-6409-D3F0-B80D-D4F7ACDA3292}" = Catalyst Control Center Core Implementation
"{25EEB51E-7DB8-464D-AE46-1C8C74F73035}" = Catalyst Control Center - Branding
"{26831B01-C26C-821A-68AC-1077C0437FF1}" = Catalyst Control Center Localization Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{35A11BEC-F37D-56C8-2E3C-9A4F65BE72D6}" = Catalyst Control Center Localization Chinese Standard
"{365001D9-0C56-8E13-FB01-B17E2DB91A31}" = Catalyst Control Center Localization Korean
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3A3B2181-1F12-C601-F2E0-9E2ACE43AD7B}" = Catalyst Control Center Localization Japanese
"{3D8994A3-02A8-45B5-B955-53E608BC69ED}" = Lenovo Fingerprint Software
"{3E89079A-08A5-55B4-1341-701740632579}" = CCC Help French
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{404693A9-89CD-D4CD-E770-088864FBA83E}" = CCC Help Italian
"{417B2288-FA04-EBA6-36FC-582CC31045AE}" = Skins
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{45316B3F-47A4-9BCD-0C30-0555E869C8DD}" = CCC Help Japanese
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4BD295B9-0190-4C54-B08E-33A6ECA922DF}" = ThinkVantage Access Connections
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5B0F1A29-10C7-495F-77D7-7E99DD7FCE40}" = CCC Help Chinese Traditional
"{5CDA75CA-B7CC-D8C6-CB32-9FFA1B7BA989}" = PX Profile Update
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60B8D26D-5D6D-21D5-0366-3664E5DE3471}" = ATI Catalyst Install Manager
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{668ACF05-E455-4932-A2D2-5822A8206FEB}" = Camera Center
"{67C50033-2353-DD1C-7296-C5FD7359EACA}" = CCC Help English
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{81ED33AC-3CBF-5FC9-AF3E-F5CED063C984}" = CCC Help Portuguese
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86DF760F-FDE8-B3BA-D955-1B9758AD156D}" = Catalyst Control Center Localization Dutch
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E4C24FB-B456-DC43-E154-0A4A09182122}" = Catalyst Control Center Localization German
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90FABD40-E741-446F-839D-CEAE905D63BE}" = ThinkPad Mobility Center Customization
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{97BBF90F-A852-4AA0-872B-42D13AA22D94}" = Mobile Broadband Connect
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A75A28C1-BCA7-68BD-FB88-223760FB65E5}" = Catalyst Control Center Localization French
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ABC6E084-55EA-5860-4654-B21FFE886B1B}" = PX Profile Update
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AECC8BFF-B02C-D02A-66E1-C3B8CCDF1B53}" = CCC Help Dutch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B193113E-4A16-2FC3-CFF0-ECC6DEC9340A}" = Catalyst Control Center Graphics Light
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BBF6D0CD-A081-369F-B0B8-F168594CBB6B}" = Google Talk Plugin
"{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}" = Symantec Endpoint Protection
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C710E77E-6AC2-608B-214C-CEF6B9CDBA6E}" = Catalyst Control Center InstallProxy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D22E6706-136E-4810-AF2E-359AE30A7323}" = ThinkVantage Status Gadget
"{D239B547-8B20-4BDE-888D-C9CCA823FFD8}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D83079BD-1B70-0E0C-E09B-FA0598FAF7CE}" = CCC Help Spanish
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E42B5633-876B-7549-47E0-FB6AD4D300D3}" = CCC Help Korean
"{E47FA707-9763-72D7-C1B2-539DFD70C285}" = Catalyst Control Center Graphics Full New
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E9BE4F08-5684-6B5E-5314-FD399455B23A}" = Catalyst Control Center Localization Chinese Traditional
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ECE27738-36CE-B725-4172-1DF105D587F0}" = Catalyst Control Center Localization Swedish
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}" = Intel(R) PROSet/Wireless WiFi Software
"{F3B148A3-9D5E-D3CA-4B27-67F9F858F921}" = CCC Help German
"{F74D2920-8671-1260-DA81-F0783B948A0B}" = ccc-utility
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FA62B4C2-6CFD-462F-9B59-68A730001AB3}" = Product Recovery Disc Burning Utility
"{FBE9C8DF-E5F0-C364-497C-0A01F0F5165C}" = ccc-core-static
"{FBFAE49C-9815-AB37-0896-641C1D358771}" = CCC Help Chinese Standard
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD810A54-C8D1-ED74-D071-931DA1B5E0E5}" = Catalyst Control Center Localization Spanish
"{FF460D73-62F0-D249-3FD2-7D620726DC10}" = CCC Help Swedish
"0A7603E3091C168CDE422A2B3481A2F7D17D0954" = Windows Driver Package - Intel hdc (02/20/2008 6.9.1.1001)
"1205965EF392C9B0D5A9BDB139035F058E76359E" = Windows Driver Package - Ricoh Company MMC Host Controller (02/15/2008 6.00.03.05)
"1A96FF9D9E5F19776E6749D8F6557FCC437EB294" = Windows Driver Package - Ricoh Company MS Host Controller (07/30/2007 6.00.01.11)
"25A4FC9EFE7A8860FCF6F86FFABDD9334A2619E3" = Windows Driver Package - Intel (e1yexpress) Net (08/22/2008 9.52.10.1001)
"3EB6CB625B5778835F0A66A7529E69050E0EE033" = Windows Driver Package - Lenovo 1.53 (03/19/2009 1.53)
"432D918ED17EA51B73E8491A0369730C0076A292" = Windows Driver Package - Intel System (02/20/2008 8.6.1.1002)
"464CE3922A214073AAEE00DEB23EA5C750AF8CE8" = Windows Driver Package - Intel USB (02/05/2007 8.3.0.1011)
"513C7D1BF4530B30EC84716327E4D7E76810DCC5" = Windows Driver Package - Intel System (02/20/2008 8.7.0.1007)
"5A4D4FF375E24E41AE5D2D907E67E0884BE2CAF4" = Windows Driver Package - Intel System (01/30/2008 8.6.1.1001)
"778DAA8FB0D52FC214BC306BBDC33E26ACAB6F44" = Windows Driver Package - Ricoh Company xD Host Controller (07/30/2007 6.00.01.13)
"A4680BD43717441189C52EBF2C4FD6B182EE1101" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (10/02/2008 8.1.2.37)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Uninstaller" = ATI Uninstaller
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"E6CEFD9A59425A2A27E92572AB367B28C371D3D8" = Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)
"EC1E678D1EFB79A1D02C312390944027C715CD5C" = Windows Driver Package - Intel (iaStor) hdc (02/11/2009 8.8.0.1009)
"EphPod" = EphPod
"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
"GoToAssist Express Customer" = GoToAssist Express Customer 1.2.0.177
"HECI" = Intel(R) Management Engine Interface
"HijackThis" = HijackThis 2.0.2
"iPod To Computer Transfer_is1" = iPod To Computer Transfer 5.5
"Lenovo Registration" = Lenovo Registration
"Lenovo Welcome_is1" = Lenovo Welcome
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MESOL" = Intel Active Management Technology
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
"uTorrent" = µTorrent
"Windows Live Toolbar" = Windows Live Toolbar
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/24/2010 2:56:06 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 3/24/2010 2:56:07 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 3/24/2010 2:56:07 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 3/24/2010 2:56:08 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 3/24/2010 2:56:08 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 3/24/2010 2:59:38 PM | Computer Name = Mini-John | Source = WinMgmt | ID = 10
Description =

Error - 3/24/2010 3:05:20 PM | Computer Name = Mini-John | Source = EventSystem | ID = 4609
Description =

Error - 3/24/2010 4:45:54 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 3/24/2010 4:45:54 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 3/24/2010 4:45:55 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

[ Lenovo-Message Center Plus/Admin Events ]
Error - 7/8/2009 7:43:33 PM | Computer Name = Mini-John | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp
does not have a Lenovo Digital Signature. The file will be deleted

Error - 7/25/2009 1:40:47 PM | Computer Name = Mini-John | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
does not have a Lenovo Digital Signature. The file will be deleted

Error - 7/26/2009 1:24:01 AM | Computer Name = Mini-John | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
does not have a Lenovo Digital Signature. The file will be deleted

Error - 7/26/2009 1:38:33 PM | Computer Name = Mini-John | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
does not have a Lenovo Digital Signature. The file will be deleted

[ System Events ]
Error - 3/24/2010 2:53:51 PM | Computer Name = Mini-John | Source = Service Control Manager | ID = 7031
Description =

Error - 3/24/2010 2:58:59 PM | Computer Name = Mini-John | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 3/24/2010 2:59:21 PM | Computer Name = Mini-John | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 3/24/2010 2:59:39 PM | Computer Name = Mini-John | Source = Service Control Manager | ID = 7001
Description =

Error - 3/24/2010 2:59:39 PM | Computer Name = Mini-John | Source = Service Control Manager | ID = 7026
Description =

Error - 3/24/2010 3:05:13 PM | Computer Name = Mini-John | Source = DCOM | ID = 10005
Description =

Error - 3/24/2010 3:05:20 PM | Computer Name = Mini-John | Source = DCOM | ID = 10005
Description =

Error - 3/24/2010 3:05:20 PM | Computer Name = Mini-John | Source = DCOM | ID = 10005
Description =

Error - 3/24/2010 3:05:23 PM | Computer Name = Mini-John | Source = DCOM | ID = 10005
Description =

Error - 3/24/2010 3:28:53 PM | Computer Name = Mini-John | Source = DCOM | ID = 10005
Description =


< End of report >

There is some evidence of what may be a very nasty infection. If the Computer has been used for any important data, you are strongly advised to do the following, immediately:

• Back up all important data on the machine.
• If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being: Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.
• From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
• DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
• Take any other steps you think appropriate for potential identity theft.

=====================

Please run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:
  
  :files
  C:\WINDOWS\tasks\At*.job
  C:\Windows\System32\drivers\ayemgy.sys
  C:\WINDOWS\system32\drivers\iaStor.sys|C:\SWTOOLS\DRIVERS\IMSM\IaStor.sys /replace
  
  :processes
  C:\windows\explorer.exe
  
  :otl
  PRC - [2010/03/24 13:56:40 | 000,030,724 | -H-- | M] () -- C:\Users\John\AppData\Local\Temp\mdm.exe
  PRC - [2010/03/24 13:56:40 | 000,030,724 | -H-- | M] () -- C:\Users\John\AppData\Local\Temp\cmd.exe
  PRC - [2010/03/24 13:56:39 | 000,030,724 | -H-- | M] () -- C:\Users\John\AppData\Local\Temp\winamp.exe
  PRC - [2010/03/24 13:56:38 | 000,030,724 | -H-- | M] () -- C:\Users\John\AppData\Local\Temp\winlogon.exe
  PRC - [2010/03/24 13:56:38 | 000,030,724 | -H-- | M] () -- C:\Users\John\AppData\Local\Temp\win16.exe
  PRC - [2010/03/24 12:05:31 | 000,030,724 | -H-- | M] () -- C:\Users\John\AppData\Local\Temp\services.exe
  PRC - [2010/03/24 12:05:31 | 000,030,724 | -H-- | M] () -- C:\Users\John\AppData\Local\Temp\notepad.exe
  PRC - [2010/03/24 12:05:30 | 000,030,724 | -H-- | M] () -- C:\Users\John\AppData\Local\Temp\taskmgr.exe
  PRC - [2010/03/24 03:05:29 | 000,203,776 | -HS- | M] () -- C:\Users\John\AppData\Local\ave.exe
  MOD - [2099/01/01 12:00:00 | 000,095,744 | -HS- | M] () -- C:\Windows\System32\lihawefi.dll
  MOD - [2010/03/24 03:06:13 | 000,020,000 | ---- | M] () -- C:\Windows\System32\uyjudh0bkp.dll
  SRV - [2010/03/24 03:06:28 | 000,012,288 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\msapps\comsrvr.exe -- (COMServer)
  SRV - [2008/01/20 19:24:13 | 000,053,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\FastUv32.dll -- (FastUserSwitchingCompatibility)
  DRV - File not found [Kernel | Boot | Running] -- -- (pxscan)
  DRV - File not found [Kernel | On_Demand | Running] -- -- (pxkbf)
  O2 - BHO: (C:\Windows\system32\uyjudh0bkp.dll) - {A9BA40A1-74F1-52BD-F434-00B15A2C8953} - C:\Windows\System32\uyjudh0bkp.dll ()
  O4 - HKLM..\Run: [kidewukaru] C:\Windows\System32\yamisepa.dll ()
  O4 - HKLM..\Run: [wufayaveh] C:\Windows\System32\lihawefi.DLL ()
  O4 - HKCU..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\Users\John\AppData\Local\Temp\services.exe ()
  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.165.28,93.188.161.121
  O20 - AppInit_DLLs: (c:\windows\system32\lihawefi.dll) - C:\Windows\System32\lihawefi.dll ()
  O20 - AppInit_DLLs: (mupigijo.dll) - C:\Windows\System32\mupigijo.dll ()
  O21 - SSODL: kulofiwiv - {8bf43728-1c39-40de-bca6-eb599b0be168} - C:\Windows\System32\lihawefi.dll ()
  O22 - SharedTaskScheduler: {8bf43728-1c39-40de-bca6-eb599b0be168} - kupuhivus - C:\Windows\System32\lihawefi.dll ()
  O22 - SharedTaskScheduler: {A9BA40A1-74F1-52BD-F434-00B15A2C8953} - jsg9dgjisdogje94guiofjgd - C:\Windows\System32\uyjudh0bkp.dll ()
  O37 - HKCU\...exe [@ = secfile] -- "C:\Users\John\AppData\Local\ave.exe" /START "%1" %* ()
  NetSvcs: FastUserSwitchingCompatibility - C:\Windows\System32\FastUv32.dll ()
  MsConfig - StartUpReg: hsa8ffushf83hoigjhs98jgijg9sd8e - hkey= - key= - C:\Users\John\appdata\local\temp\w51he5h6lc .exe File not found
  MsConfig - StartUpReg: hsf87efjhdsf87f3jfsdi7fhsujfd - hkey= - key= - C:\Users\John\AppData\Local\Temp\win32.exe File not found
  MsConfig - StartUpReg: kidewukaru - hkey= - key= - File not found
  MsConfig - StartUpReg: wufayaveh - hkey= - key= - File not found
  MsConfig - StartUpReg: YVIBBBHA8C - hkey= - key= - C:\Users\John\appdata\local\temp\pdp .exe File not found
  [2099/01/01 12:00:00 | 000,193,024 | -HS- | M] () -- C:\Windows\System32\kahijoye.exe
  [2099/01/01 12:00:00 | 000,095,744 | -HS- | M] () -- C:\Windows\System32\lihawefi.dll
  [2099/01/01 12:00:00 | 000,065,536 | -HS- | M] () -- C:\Windows\System32\yamisepa.dll
  [2099/01/01 12:00:00 | 000,065,536 | -HS- | M] () -- C:\Windows\System32\pebehiti.dll
  [2099/01/01 12:00:00 | 000,065,536 | -HS- | M] () -- C:\Windows\System32\mupigijo.dll
  [2099/01/01 12:00:00 | 000,048,640 | -HS- | M] () -- C:\Windows\System32\jelasisa.dll
  [2099/01/01 12:00:00 | 000,042,496 | -HS- | M] () -- C:\Windows\System32\halulohi.dll
  [2010/03/24 13:59:19 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\ayemgy.sys
  [2010/03/24 13:59:15 | 000,006,456 | -H-- | M] () -- C:\Windows\System32\vutolete
  [2010/03/24 13:53:05 | 000,010,880 | -HS- | M] () -- C:\Users\John\AppData\Local\Mh3jm32txN
  [2010/03/24 13:53:05 | 000,010,880 | -HS- | M] () -- C:\ProgramData\Mh3jm32txN
  [2010/03/24 10:28:11 | 000,000,288 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
  [2010/03/24 10:26:30 | 000,000,244 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
  [2010/03/24 10:23:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
  [2010/03/24 10:23:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
  [2010/02/23 03:04:26 | 000,000,285 | ---- | M] () -- C:\Users\John\Desktop\exefix.reg
  [2010/02/23 02:25:20 | 000,182,272 | -HS- | M] () -- C:\Users\John\AppData\Local\av.exe
  [2010/03/24 09:35:29 | 000,203,776 | -HS- | C] () -- C:\Users\John\AppData\Local\128822158.dll
  @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
  @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
  
  :commands
  [emptytemp]
  [purity]
  [reboot]
  
  
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done. Post the log resulting from it.

=======================

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply along with the OTL fix log.

Thanks for your help, Jay, I guess it just sucks to be me.

I'm thinking that if this infection is that serious (and since I'm able to back up my files through safe mode), I may just install Windows 7, which I've been putting off doing. I have a couple questions, though.

First, the copy of Win7 I have is an upgrade copy, so it won't be a clean install. You think there may be a chance that this virus could carry over to Win7?

Also, is there a possibility that the virus could be piggybacked on the files I backup (pretty much just pics, music, and various documents)? If so, is there any utility I could use to scan those files before they mess up Win7?

Thanks again for your help.

Btw: I know I didn't find much on this exact virus through my searching of the board. If you would like me to try your recommendations in your last post as an academic exercise for the good of the board, prior to upgrading to Win7, I'd be happy to do so.

The malware might affect your new install of Windows 7. But, it will not "piggy-back" any files.

I recommend that we finish cleaning the machine, before you try doing the upgrade. If malware is still on your machine while doing a Windows installation (either updates, service pack installs, or installing Windows), there may be errors, which can cause minor to potentially major issues in the operation of the computer.

Gotcha, thanks.

Here's the log from the OTL fix:

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\ayemgy.sys scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Should I try to re-run the fix?

Well that was interesting.

I downloaded and saved ComboFix as you recommended, then chose run after it downloaded. Once that happened, the virus ran about ten processes named ave.exe, as well as several other processes, using 100% of the cpu and freezing the computer for a bit. It recovered, and I ended all of the ave.exe processes, and combofix began doing its thing, saying it was doing the system scan. A couple minutes later, however, I got a Blue Screen Of Death.

I'll run Combofix again now, this time pasting what you recommended in the search box (I didn't have a chance last time, because the program installed itself and began running immediately.) I'll post the results.

Ok, good news and bad news.

I got another Blue Screen (IRQL not less or equal). As a result, still no Commy.txt file. When I ran Commy.exe, several processes started up, some of which may or may not have been legitimate:
pev.exe
n.pif
iexplore.exe (Description: NirCmd, not Internet Explorer)
swreg.exe (Description: Freeware Implementation)
Nircmd.cfxxe
swxcacls.cfxxe

However, I also am not seeing ave.exe any more (previously, just opening IE would bring up a "firewall" asking if I want to allow or not. I'm not getting that any more.)

What do you recommend I do next?

Delete your copy of ComboFix; grab a fresh copy, except before you download it, rename it to blackpudding.bat


Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now.

Well, I got another Blue Screen. By the way, I assume that copying and pasting the above command serves to run Combofix, correct? (When I paste it, a screen pops up asking whether I want to run the program). I pasted the command, chose to run, and then when I came back to the computer, there was another blue screen (though it didn't give a reason).

What do you think?

By the way, it just occurred to me. Might these problems be cropping up because OTL failed to move the file, per the log above?

Please download Stealth MBR Rootkit Detector by GMER from GMER.net, and save to your Desktop.

• Right-click on mbr.exe and click Run as Administrator to start the program.
  
• When done scanning, it will save a log on the Desktop called mbr.log.
  
• Please post the contents of that log in your next reply.

Thanks a lot for your help thus far, dragonmaster.

I just wanted to let you know that I'll be out of town till Monday, so I'll run the scan and post the log then.

Thanks again.

ok

Still with us?

Hey dragonmaster, I'm coming back tonight, so I'll let you know as soon as I run the scan.
Thanks again for your help.

No problem. Just post the log when you need me to review it.

Hey Dragonmaster,
Sorry it took me so long, but here's the log.

MBR.log:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 1 !

Please open Command Prompt by right clicking on it and selecting Run as Administrator (To open Command Prompt: [Start > search: CMD and press enter])
Enter the following in to the black box, pressing enter after each line:



Post a log (MBR.log).

Reboot your computer.

Re-run the Stealth MBR Rootkit Detector like you did earlier. (Run as Administrator). Post a log.

Hey Dragonmaster,
I tried the command prompt, but when I tried to enter "cd desktop" it said the path could not be found. When I entered mbr.exe -f, though, it rand the scan. Here's the log (prior to the reboot):
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 1 !

Here's the log from the scan after the reboot:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 1 !

We need to do some diagnostics.

1. Please download Profiles by noahdfear.

• Save it to your desktop.
• Double-click profiles.exe and post its log when you reply

2. Download Win32kDiag by ad13 and save it to your Desktop.

• Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  
• When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  
• Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

3. In your next reply, please post the following logs for my review:

• Profiles log (1)
  
• Win32kDiag log (2)

Thanks!

Hey Dragonmaster,
Below are the logs:

Prof.txt:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1419061039-1915680080-1251473730-1003
ProfileImagePath REG_EXPAND_SZ C:\Users\John

ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService
SystemRoot REG_SZ C:\Windows



Win32kDiag.txt:
Running from: C:\Users\John\Desktop\Win32kDiag.exe

Log file at : C:\Users\John\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Cannot access: C:\Windows\bthservsdp.dat

[1] 2010-03-24 10:14:48 12 C:\Windows\bthservsdp.dat ()



Cannot access: C:\Windows\System32\drivers\ayemgy.sys

[1] 2010-04-01 17:02:04 823808 C:\Windows\System32\drivers\ayemgy.sys ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2010-04-01 09:38:56 69120 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2010-04-01 16:49:09 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2010-04-01 16:49:09 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2010-04-01 16:49:09 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMuroc System Trace.etl

[1] 2010-03-25 11:13:17 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMuroc System Trace.etl ()



Cannot access: C:\Windows\Temp\~DF236F.tmp

[1] 2010-03-24 16:02:59 32768 C:\Windows\Temp\~DF236F.tmp ()



Cannot access: C:\Windows\Temp\~DF2379.tmp

[1] 2010-03-24 16:02:59 512 C:\Windows\Temp\~DF2379.tmp ()



Cannot access: C:\Windows\Temp\~DF23A3.tmp

[1] 2010-03-24 16:02:59 16384 C:\Windows\Temp\~DF23A3.tmp ()



Cannot access: C:\Windows\Temp\~DF23BF.tmp

[1] 2010-03-24 16:02:59 512 C:\Windows\Temp\~DF23BF.tmp ()



Cannot access: C:\Windows\Temp\~DF712.tmp

[1] 2010-03-24 16:10:01 0 C:\Windows\Temp\~DF712.tmp ()



Cannot access: C:\Windows\Temp\~DFAFA7.tmp

[1] 2010-03-24 16:02:49 0 C:\Windows\Temp\~DFAFA7.tmp ()



Cannot access: C:\Windows\Temp\~DFB434.tmp

[1] 2010-03-24 16:04:19 16384 C:\Windows\Temp\~DFB434.tmp ()





Finished!

Please open OTL -- Click None and paste this in the Custom Scans box:

/md5start
%system%\drivers\*.dll /all
%system%\*.sys /all
/md5stop

Then click Run Scan. It shall launch a log. Please post it in your next reply.

Here's the log:

OTL logfile created on: 4/2/2010 1:01:21 AM - Run 3
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\John\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.82 Gb Total Space | 26.24 Gb Free Space | 19.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 9.77 Gb Total Space | 2.81 Gb Free Space | 28.78% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.69 Gb Free Space | 46.98% Space Free | Partition Type: NTFS

Computer Name: MINI-JOHN
Current User Name: John
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Custom Scans ==========


< End of report >

By the way, does it matter that I'm doing all of these scans with Windows in safe mode?

Seems ok.

Can you boot to Windows Normal Mode?

While there's no sign that I can see of the virus, when I start up in normal mode, the computer runs really slow. I tried pressing ctrl+alt+del to see whats up, but that resulted in a Blue Screen. I tried restarting it, and got the same result. So...I dunno.

Download WhoCrashed from here
This program checks for any drivers which may have been causing your computer to crash....

Click on the file you just downloaded and run it.
Put a tick in Accept then click on Next
Put a tick in the Don't create a start menu folder then click Next
Put a tick in Create a Desktop Icon then click on Install and make sure there is a tick in Launch Whocrashed before clicking Finish
Click Analyze
It will want to download the Debugger and install it Say Yes

WhoCrashed will create report but you have to scroll down to see it
Copy and paste it into your next reply

Well, I ran whocrashed me, and will post the log below.

However, while there is no sign of the virus programs (total vista security and antivirus plus), there is some popup program (which began with the popups even before I started IE). Also, I got a warning stating that "Host process for windows services has stopped working."

I also ran msconfig and found a few questionable processes beginning on startup: kidewukaru (yamisepa.dll) and wufayaveh (c:\windows\system32\lihawefi.dll. Both of these are rundll32.exe, which I heard is the executable for total vista security (when its not located in system32 folder).

Given that I'm not seeing the virus, do you think it may be safe for me to do the Win7 upgrade?

Anyway, here's the whocrashed log:

Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.


No valid crash dumps have been found on your computer


--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

Crash dumps are enabled and no valid crash dumps have been found on your computer. In case your computer does experience sudden reboots it is likely these are caused by malfunctioning hardware, power failure or a thermal issue. To troubleshoot a thermal issue, check the temperature using your BIOS setup program, check for dust in CPU and motherboard fans and if your computer is portable make sure it's located on a hard surface. Otherwise it's suggested you contact the support department of the manufacturer of your system or test your system with a memory test utility for further investigation.

By the way, I should mention that when I ran whocrashed, it performed the analysis in about a milisecond, and never asked to install the debugger, so I dunno.

Hahaha, well scratch that. Apparently, now I have "Vista Smart Security 2010" in place of Total Vista Security. So...that sucks.

Ok.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:regfind
kidewukaru

:filefind
yamisepa.dll
lihawefi.dll

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

Here's the log:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 09:25 on 02/04/2010 by John (Administrator - Elevation successful)

========== regfind ==========

Searching for "kidewukaru"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\kidewukaru]

========== filefind ==========

Searching for "yamisepa.dll"
C:\Windows\System32\yamisepa.dll --ahs- 65536 bytes [00:00 01/01/1601] [00:00 01/01/1601] 737150B92D32146C744C85B7301BCBB3

Searching for "lihawefi.dll"
C:\Windows\System32\lihawefi.dll --ahs- 95744 bytes [00:03 01/01/1601] [00:03 01/01/1601] AB1A1FCDF3E39F955BB90CEC571A2485

-=End Of File=-

Right on target.

Please run OTL

• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:
  
  :files
  C:\Windows\System32\lihawefi.dll
  C:\Windows\System32\yamisepa.dll
  
  :reg
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\kidewukaru]
  
  :commands
  [emptytemp]
  [reboot]
  
  
• Then click the Run Fix button at the top.
  
• Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
  
• Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
  Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

===================

Delete any copies of ComboFix you might have.

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Hey Dragonmaster,
Here's the OTL log:

All processes killed
========== FILES ==========
C:\Windows\System32\lihawefi.dll moved successfully.
C:\Windows\System32\yamisepa.dll moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\kidewukaru\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: John
->Temp folder emptied: 2643910 bytes
->Temporary Internet Files folder emptied: 50813920 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4059357 bytes
->Flash cache emptied: 1061 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10373488 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 65.00 mb


OTL by OldTimer - Version 3.1.37.3 log created on 04022010_204609

Files\Folders moved on Reboot...
File\Folder C:\Users\John\AppData\Local\Temp\~DF69AD.tmp not found!
File\Folder C:\Users\John\AppData\Local\Temp\~DF69B2.tmp not found!
File\Folder C:\Users\John\AppData\Local\Temp\~DF69F8.tmp not found!
File\Folder C:\Users\John\AppData\Local\Temp\~DF69FD.tmp not found!
File\Folder C:\Users\John\AppData\Local\Temp\~DF6A22.tmp not found!
File\Folder C:\Users\John\AppData\Local\Temp\~DF6A27.tmp not found!
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V4JG5LH7\en[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V4JG5LH7\total-vista-security-and-antivirus-plus-are-killing-me-t20417-30[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BXWE2B4V\activityi;src=1847082;type=uspub432;cat=ushom882;ord=1;num=7085857846157[1].htm moved successfully.

Registry entries deleted on Reboot...

Hey Dragonmaster,
I'm going to run the OTL scan now, but wanted to let you know that I've tried running Combofix a couple times already, each resulting in a Blue Screen at different points (the farthest I got was Stage 6a). After reading the guide you linked to, my thinking is that the problem with Combofix is that whenever it runs, the virus begins running numerous processes (at times as many as ten or so), thereby using up all of the cpu. Given that combofix states you shouldn't even touch your computer when its running, this may be causing problems. Then again, I could also be totally wrong

Do you think that I should try ending the virus' processes in task manager (as I have been doing), or might this be contributing to the problem?

Here's the OTL Logs
OTL.txt:

OTL logfile created on: 4/3/2010 1:14:57 AM - Run 4
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\John\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.82 Gb Total Space | 26.33 Gb Free Space | 19.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 9.77 Gb Total Space | 2.81 Gb Free Space | 28.78% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.69 Gb Free Space | 46.98% Space Free | Partition Type: NTFS

Computer Name: MINI-JOHN
Current User Name: John
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/24 13:39:57 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
PRC - [2009/07/04 02:06:14 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/20 11:27:24 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/03/20 11:27:20 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/03/20 11:27:20 | 001,799,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/03/20 11:27:20 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe


========== Modules (SafeList) ==========

MOD - [2010/03/24 13:39:57 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
MOD - [2008/01/20 19:24:42 | 002,085,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
MOD - [2008/01/20 19:24:15 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc_os.dll
MOD - [2008/01/20 19:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2006/11/02 02:46:13 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.dll
MOD - [2006/11/02 02:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2010/03/24 03:06:28 | 000,012,288 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\msapps\comsrvr.exe -- (COMServer)
SRV - [2010/01/06 04:12:00 | 000,132,456 | ---- | M] (Lenovo.) [Auto | Stopped] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010/01/06 04:12:00 | 000,075,112 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2009/12/10 22:59:40 | 000,251,240 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2009/12/10 22:59:38 | 000,124,264 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/07/14 12:40:34 | 000,077,112 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist Express Customer\177\g2ax_service.exe -- (GoToAssist Express Customer)
SRV - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/04/02 06:35:20 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009/03/30 04:08:14 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/03/20 11:27:24 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/03/20 11:27:24 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/03/20 11:27:22 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/03/20 11:27:20 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/03/20 11:27:20 | 001,799,496 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/03/19 04:53:02 | 000,098,304 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\DTS.exe -- (dtsvc)
SRV - [2009/03/19 04:52:56 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\ADMonitor.exe -- (ADMonitor)
SRV - [2009/03/19 04:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) [Auto | Stopped] -- C:\Windows\System32\AtService.exe -- (ATService)
SRV - [2009/03/19 03:08:44 | 000,038,176 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Windows\System32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2009/03/04 21:57:08 | 000,779,576 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2009/03/04 21:54:34 | 000,750,904 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009/02/27 07:52:54 | 000,211,216 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009/02/20 14:01:40 | 000,567,848 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/02/11 20:47:06 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/02/11 20:46:58 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2009/01/28 17:59:12 | 000,039,976 | ---- | M] (Lenovo.) [Auto | Stopped] -- C:\Windows\System32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2008/12/10 15:46:58 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/10/09 02:05:16 | 000,360,448 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2008/05/24 16:49:32 | 001,155,072 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2008/05/24 16:31:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2008/05/24 16:17:54 | 000,520,192 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/04/25 08:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/20 19:24:13 | 000,053,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\FastUv32.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2004/08/17 20:00:00 | 000,073,748 | -H-- | M] () [Auto | Stopped] -- C:\Windows\System32\Irmonex.dll -- (Irmon)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - prefs.js..extensions.enabledItems: mp4downloader@jeff.net:1.2.10
FF - prefs.js..extensions.enabledItems: savefileto@mozdev.org:1.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105


FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/24 12:20:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/24 12:20:01 | 000,000,000 | ---D | M]

[2009/07/06 13:59:20 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2010/03/24 10:45:24 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\gz7jgimt.default\extensions
[2009/07/18 09:10:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\gz7jgimt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/24 10:45:24 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\gz7jgimt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/07/07 01:01:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\gz7jgimt.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}
[2010/02/01 19:18:34 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\gz7jgimt.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/02/01 19:18:35 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\gz7jgimt.default\extensions\mp4downloader@jeff.net
[2010/02/01 19:18:39 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\gz7jgimt.default\extensions\savefileto@mozdev.org
[2009/07/07 00:56:35 | 000,000,939 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\gz7jgimt.default\searchplugins\dictionary.xml
[2009/07/07 00:57:23 | 000,001,512 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\gz7jgimt.default\searchplugins\imdb.xml
[2009/07/07 01:07:32 | 000,004,153 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\gz7jgimt.default\searchplugins\youtube.xml
[2009/07/06 12:50:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (C:\Windows\system32\uyjudh0bkp.dll) - {A9BA40A1-74F1-52BD-F434-00B15A2C8953} - C:\Windows\System32\uyjudh0bkp.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\actray.exe ()
O4 - HKLM..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\acwlicon.exe ()
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe ()
O4 - HKLM..\Run: [CreateLMBCShortCut] C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe ()
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe ()
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\ezejmnap.exe ()
O4 - HKLM..\Run: [FingerPrintSoftware] File not found
O4 - HKLM..\Run: [kidewukaru] File not found
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\lpmlchk.exe ()
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\lpmgr.exe ()
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [QuickTime Task] C:\program files\quicktime\qttask .exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe ()
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\tposdsvc.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe ()
O4 - HKLM..\Run: [TpShocks] C:\Windows\System32\tpshocks.exe ()
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [wufayaveh] C:\Windows\System32\lihawefi.DLL File not found
O4 - HKCU..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\Users\John\appdata\local\temp\services .exe File not found
O4 - HKCU..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\RunOnce: [] File not found
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.165.28,93.188.161.121
O20 - AppInit_DLLs: (mupigijo.dll) - C:\Windows\System32\mupigijo.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist Express Customer: DllName - C:\Program Files\Citrix\GoToAssist Express Customer\177\g2ax_winlogon.dll - C:\Program Files\Citrix\GoToAssist Express Customer\177\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: kulofiwiv - {8bf43728-1c39-40de-bca6-eb599b0be168} - C:\Windows\System32\lihawefi.dll File not found
O22 - SharedTaskScheduler: {8bf43728-1c39-40de-bca6-eb599b0be168} - kupuhivus - C:\Windows\System32\lihawefi.dll File not found
O22 - SharedTaskScheduler: {A9BA40A1-74F1-52BD-F434-00B15A2C8953} - jsg9dgjisdogje94guiofjgd - C:\Windows\System32\uyjudh0bkp.dll ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O27 - HKLM IFEO\MSASCui.exe: Debugger - C:\Windows\system32\svchost.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/10 09:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2008/06/02 15:46:54 | 000,000,049 | -HS- | M] () - S:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{15430357-6871-11de-a6ea-002268101c91}\Shell - "" = AutoRun
O33 - MountPoints2\{15430357-6871-11de-a6ea-002268101c91}\Shell\AutoRun\command - "" = S:\LenovoSDrive.exe -- [2008/07/29 15:37:58 | 000,180,224 | -HS- | M] ()
O33 - MountPoints2\{b4174841-687a-11de-881f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b4174841-687a-11de-881f-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2008/07/21 09:09:40 | 000,262,144 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 14 Days ==========

[2010/04/03 00:58:43 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/04/03 00:55:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/04/03 00:55:06 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/04/02 08:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2010/04/02 08:18:59 | 000,773,992 | ---- | C] (Resplendence Software Projects Sp. ) -- C:\Users\John\Desktop\whocrashedSetup.exe
[2010/03/25 09:26:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/03/25 09:26:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/03/25 09:26:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/03/25 09:25:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/03/25 09:25:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/25 09:12:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/24 13:39:52 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2010/03/24 12:28:45 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\John\Desktop\winlogon.scr
[2010/03/24 11:52:59 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\TFC.exe
[2010/03/24 10:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mbytes
[2010/03/24 10:47:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/24 10:47:35 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/24 10:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/24 10:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/24 10:44:22 | 003,396,856 | ---- | C] (Piriform Ltd) -- C:\Users\John\Desktop\ccsetup229.exe
[2010/03/24 10:22:40 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/03/24 09:53:59 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\John\Desktop\mbam-setup.exe
[2010/03/24 07:58:33 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/03/24 03:06:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\msapps
[2009/07/04 02:28:34 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009/07/04 02:28:34 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

========== Files - Modified Within 14 Days ==========

[2099/01/01 12:00:00 | 000,201,728 | -HS- | M] () -- C:\Windows\System32\tesifoti.exe
[2099/01/01 12:00:00 | 000,193,024 | -HS- | M] () -- C:\Windows\System32\kahijoye.exe
[2099/01/01 12:00:00 | 000,095,744 | -HS- | M] () -- C:\Windows\System32\poroyoju.dll
[2099/01/01 12:00:00 | 000,095,744 | -HS- | M] () -- C:\Windows\System32\pehuraba.dll
[2099/01/01 12:00:00 | 000,095,744 | -HS- | M] () -- C:\Windows\System32\henijuve.dll
[2099/01/01 12:00:00 | 000,083,456 | -HS- | M] () -- C:\Windows\System32\gahejeyu.exe
[2099/01/01 12:00:00 | 000,082,944 | -HS- | M] () -- C:\Windows\System32\sosagatu.exe
[2099/01/01 12:00:00 | 000,070,144 | -HS- | M] () -- C:\Windows\System32\fafakaza.dll
[2099/01/01 12:00:00 | 000,070,144 | -HS- | M] () -- C:\Windows\System32\bamezafu.dll
[2099/01/01 12:00:00 | 000,066,560 | -HS- | M] () -- C:\Windows\System32\yofamoyu.dll
[2099/01/01 12:00:00 | 000,066,560 | -HS- | M] () -- C:\Windows\System32\dobazusi.dll
[2099/01/01 12:00:00 | 000,065,536 | -HS- | M] () -- C:\Windows\System32\pebehiti.dll
[2099/01/01 12:00:00 | 000,065,536 | -HS- | M] () -- C:\Windows\System32\mupigijo.dll
[2099/01/01 12:00:00 | 000,048,640 | -HS- | M] () -- C:\Windows\System32\tesawuzo.dll
[2099/01/01 12:00:00 | 000,048,640 | -HS- | M] () -- C:\Windows\System32\jelasisa.dll
[2099/01/01 12:00:00 | 000,046,080 | -HS- | M] () -- C:\Windows\System32\nozuzito.dll
[2099/01/01 12:00:00 | 000,042,496 | -HS- | M] () -- C:\Windows\System32\yasijote.dll
[2099/01/01 12:00:00 | 000,042,496 | -HS- | M] () -- C:\Windows\System32\risowupa.dll
[2099/01/01 12:00:00 | 000,042,496 | -HS- | M] () -- C:\Windows\System32\hovolile.dll
[2099/01/01 12:00:00 | 000,042,496 | -HS- | M] () -- C:\Windows\System32\halulohi.dll
[2099/01/01 12:00:00 | 000,042,496 | -HS- | M] () -- C:\Windows\System32\gamibefe.dll
[2099/01/01 12:00:00 | 000,006,144 | -HS- | M] () -- C:\Windows\System32\vohelipe.dll
[2099/01/01 12:00:00 | 000,006,144 | -HS- | M] () -- C:\Windows\System32\joyapate.dll
[2010/04/03 01:17:22 | 000,006,456 | -H-- | M] () -- C:\Windows\System32\vutolete
[2010/04/03 01:17:06 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\ayemgy.sys
[2010/04/03 01:16:37 | 002,359,296 | -HS- | M] () -- C:\Users\John\NTUSER.DAT
[2010/04/03 01:06:27 | 000,524,288 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/04/03 01:06:27 | 000,065,536 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/04/03 01:06:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/03 00:55:37 | 000,001,250 | -HS- | M] () -- C:\Users\John\AppData\Local\LK2mfPE2j
[2010/04/03 00:55:37 | 000,001,250 | -HS- | M] () -- C:\ProgramData\LK2mfPE2j
[2010/04/03 00:53:36 | 000,003,235 | ---- | M] () -- C:\Users\John\AppData\Local\Temp11.html
[2010/04/03 00:53:33 | 000,000,778 | ---- | M] () -- C:\Users\John\AppData\Local\Temp1.html
[2010/04/03 00:48:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/03 00:48:58 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/04/03 00:48:48 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/03 00:48:48 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/02 21:07:56 | 003,906,815 | R--- | M] () -- C:\Users\John\Desktop\ComboFix.exe
[2010/04/02 21:06:31 | 000,002,032 | ---- | M] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At96.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At95.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At94.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At93.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At92.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At91.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At90.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At89.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At88.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At87.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At86.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At85.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At84.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At83.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At82.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At81.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At80.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At79.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At78.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At77.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At76.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At75.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At74.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At73.job
[2010/04/02 09:25:14 | 000,100,908 | ---- | M] () -- C:\Users\John\Desktop\SystemLook.exe
[2010/04/02 09:06:31 | 000,000,004 | ---- | M] () -- C:\Program Files\2676150.dat
[2010/04/02 09:06:09 | 000,027,648 | ---- | M] () -- C:\Windows\System32\tpshocks.exe
[2010/04/02 09:04:05 | 000,000,244 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/04/02 09:04:04 | 000,000,288 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/04/02 09:00:54 | 000,183,808 | -HS- | M] () -- C:\Users\John\AppData\Local\ave.exe
[2010/04/02 09:00:38 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010/04/02 08:54:42 | 000,003,235 | ---- | M] () -- C:\Users\John\AppData\Local\Temp35.html
[2010/04/02 08:48:36 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1419061039-1915680080-1251473730-1003UA.job
[2010/04/02 08:27:11 | 000,094,208 | ---- | M] () -- C:\Windows\System32\app_dll.dll
[2010/04/02 08:25:51 | 000,027,648 | ---- | M] () -- C:\Windows\tsnp2uvc.exe.delme2654
[2010/04/02 08:25:48 | 000,027,648 | ---- | M] () -- C:\Windows\System32\tpshocks.exe.delme2653
[2010/04/02 08:24:20 | 000,038,512 | ---- | M] () -- C:\Users\Public\Documents\AccConnAdvanced.dat
[2010/04/02 08:24:19 | 000,021,352 | ---- | M] () -- C:\Users\Public\Documents\ACGinaWinlogon.dat
[2010/04/02 08:20:17 | 000,000,782 | ---- | M] () -- C:\Users\John\Desktop\WhoCrashed.lnk
[2010/04/02 08:19:00 | 000,773,992 | ---- | M] (Resplendence Software Projects Sp. ) -- C:\Users\John\Desktop\whocrashedSetup.exe
[2010/04/02 08:08:51 | 000,000,173 | ---- | M] () -- C:\Windows\hpbafd.ini
[2010/04/02 08:03:34 | 000,000,004 | ---- | M] () -- C:\Program Files\104193.dat
[2010/04/01 18:41:39 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2010/04/01 16:53:00 | 000,047,616 | ---- | M] () -- C:\Users\John\Desktop\Win32kDiag.exe
[2010/04/01 16:52:40 | 000,147,832 | ---- | M] () -- C:\Users\John\Desktop\profiles.exe
[2010/03/31 11:27:50 | 000,077,312 | ---- | M] () -- C:\Users\John\Desktop\mbr.exe
[2010/03/25 09:15:56 | 000,010,880 | -HS- | M] () -- C:\Users\John\AppData\Local\Mh3jm32txN
[2010/03/25 09:15:56 | 000,010,880 | -HS- | M] () -- C:\ProgramData\Mh3jm32txN
[2010/03/24 16:01:27 | 000,027,648 | ---- | M] () -- C:\Windows\tsnp2uvc.exe
[2010/03/24 15:20:37 | 000,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/24 15:20:37 | 000,598,588 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/24 15:20:37 | 000,102,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/24 14:12:43 | 000,203,776 | -HS- | M] () -- C:\Users\John\AppData\Local\128822158.dll
[2010/03/24 13:39:57 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2010/03/24 12:28:53 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\John\Desktop\winlogon.scr
[2010/03/24 11:53:35 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\TFC.exe
[2010/03/24 11:25:26 | 000,000,153 | ---- | M] () -- C:\Windows\wininit.ini
[2010/03/24 10:47:38 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/24 10:45:20 | 000,001,680 | ---- | M] () -- C:\Users\John\Desktop\CCleaner.lnk
[2010/03/24 10:44:37 | 003,396,856 | ---- | M] (Piriform Ltd) -- C:\Users\John\Desktop\ccsetup229.exe
[2010/03/24 10:00:49 | 000,004,286 | ---- | M] () -- C:\Users\John\AppData\Roaming\avp.ico
[2010/03/24 09:54:08 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\John\Desktop\mbam-setup.exe
[2010/03/24 09:34:13 | 000,036,864 | ---- | M] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/24 03:06:13 | 000,020,000 | ---- | M] () -- C:\Windows\System32\uyjudh0bkp.dll
[2010/03/24 00:02:25 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2010/03/23 17:48:02 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1419061039-1915680080-1251473730-1003Core.job
[2010/03/23 15:23:44 | 000,001,796 | -H-- | M] () -- C:\Users\John\Documents\Default.rdp

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,201,728 | -HS- | C] () -- C:\Windows\System32\tesifoti.exe
[2099/01/01 12:00:00 | 000,193,024 | -HS- | C] () -- C:\Windows\System32\kahijoye.exe
[2099/01/01 12:00:00 | 000,095,744 | -HS- | C] () -- C:\Windows\System32\poroyoju.dll
[2099/01/01 12:00:00 | 000,095,744 | -HS- | C] () -- C:\Windows\System32\pehuraba.dll
[2099/01/01 12:00:00 | 000,095,744 | -HS- | C] () -- C:\Windows\System32\henijuve.dll
[2099/01/01 12:00:00 | 000,083,456 | -HS- | C] () -- C:\Windows\System32\gahejeyu.exe
[2099/01/01 12:00:00 | 000,082,944 | -HS- | C] () -- C:\Windows\System32\sosagatu.exe
[2099/01/01 12:00:00 | 000,070,144 | -HS- | C] () -- C:\Windows\System32\fafakaza.dll
[2099/01/01 12:00:00 | 000,070,144 | -HS- | C] () -- C:\Windows\System32\bamezafu.dll
[2099/01/01 12:00:00 | 000,066,560 | -HS- | C] () -- C:\Windows\System32\yofamoyu.dll
[2099/01/01 12:00:00 | 000,066,560 | -HS- | C] () -- C:\Windows\System32\dobazusi.dll
[2099/01/01 12:00:00 | 000,065,536 | -HS- | C] () -- C:\Windows\System32\pebehiti.dll
[2099/01/01 12:00:00 | 000,065,536 | -HS- | C] () -- C:\Windows\System32\mupigijo.dll
[2099/01/01 12:00:00 | 000,048,640 | -HS- | C] () -- C:\Windows\System32\tesawuzo.dll
[2099/01/01 12:00:00 | 000,048,640 | -HS- | C] () -- C:\Windows\System32\jelasisa.dll
[2099/01/01 12:00:00 | 000,046,080 | -HS- | C] () -- C:\Windows\System32\nozuzito.dll
[2099/01/01 12:00:00 | 000,042,496 | -HS- | C] () -- C:\Windows\System32\yasijote.dll
[2099/01/01 12:00:00 | 000,042,496 | -HS- | C] () -- C:\Windows\System32\risowupa.dll
[2099/01/01 12:00:00 | 000,042,496 | -HS- | C] () -- C:\Windows\System32\hovolile.dll
[2099/01/01 12:00:00 | 000,042,496 | -HS- | C] () -- C:\Windows\System32\halulohi.dll
[2099/01/01 12:00:00 | 000,042,496 | -HS- | C] () -- C:\Windows\System32\gamibefe.dll
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\Windows\System32\vutolete
[2099/01/01 12:00:00 | 000,006,144 | -HS- | C] () -- C:\Windows\System32\vohelipe.dll
[2099/01/01 12:00:00 | 000,006,144 | -HS- | C] () -- C:\Windows\System32\joyapate.dll
[2010/04/02 21:07:51 | 003,906,815 | R--- | C] () -- C:\Users\John\Desktop\ComboFix.exe
[2010/04/02 09:25:12 | 000,100,908 | ---- | C] () -- C:\Users\John\Desktop\SystemLook.exe
[2010/04/02 09:08:26 | 000,003,235 | ---- | C] () -- C:\Users\John\AppData\Local\Temp11.html
[2010/04/02 09:06:31 | 000,000,004 | ---- | C] () -- C:\Program Files\2676150.dat
[2010/04/02 09:05:40 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At96.job
[2010/04/02 09:05:39 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At95.job
[2010/04/02 09:05:39 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At94.job
[2010/04/02 09:05:39 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At93.job
[2010/04/02 09:05:39 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At92.job
[2010/04/02 09:05:39 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At91.job
[2010/04/02 09:05:39 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At90.job
[2010/04/02 09:05:39 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At89.job
[2010/04/02 09:05:38 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At88.job
[2010/04/02 09:05:38 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At87.job
[2010/04/02 09:05:38 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At86.job
[2010/04/02 09:05:38 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At85.job
[2010/04/02 09:05:37 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At84.job
[2010/04/02 09:05:37 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At83.job
[2010/04/02 09:05:37 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At82.job
[2010/04/02 09:05:36 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At81.job
[2010/04/02 09:05:36 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At80.job
[2010/04/02 09:05:35 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At79.job
[2010/04/02 09:05:35 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At78.job
[2010/04/02 09:05:35 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At77.job
[2010/04/02 09:05:35 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At76.job
[2010/04/02 09:05:34 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At75.job
[2010/04/02 09:05:34 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At74.job
[2010/04/02 09:05:34 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At73.job
[2010/04/02 09:00:55 | 000,001,250 | -HS- | C] () -- C:\Users\John\AppData\Local\LK2mfPE2j
[2010/04/02 09:00:55 | 000,001,250 | -HS- | C] () -- C:\ProgramData\LK2mfPE2j
[2010/04/02 08:54:42 | 000,003,235 | ---- | C] () -- C:\Users\John\AppData\Local\Temp35.html
[2010/04/02 08:24:20 | 000,038,512 | ---- | C] () -- C:\Users\Public\Documents\AccConnAdvanced.dat
[2010/04/02 08:20:19 | 000,000,778 | ---- | C] () -- C:\Users\John\AppData\Local\Temp1.html
[2010/04/02 08:20:17 | 000,000,782 | ---- | C] () -- C:\Users\John\Desktop\WhoCrashed.lnk
[2010/04/02 08:10:55 | 000,027,648 | ---- | C] () -- C:\Windows\System32\tpshocks.exe.delme2653
[2010/04/02 08:10:55 | 000,027,648 | ---- | C] () -- C:\Windows\System32\tpshocks.exe
[2010/04/02 08:03:34 | 000,000,004 | ---- | C] () -- C:\Program Files\104193.dat
[2010/04/01 19:01:17 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At9.job
[2010/04/01 19:01:17 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At24.job
[2010/04/01 19:01:17 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At23.job
[2010/04/01 19:01:17 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At22.job
[2010/04/01 19:01:17 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At21.job
[2010/04/01 19:01:17 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At20.job
[2010/04/01 19:01:17 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At19.job
[2010/04/01 19:01:17 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At18.job
[2010/04/01 19:01:17 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At17.job
[2010/04/01 19:01:17 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At16.job
[2010/04/01 19:01:17 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At15.job
[2010/04/01 19:01:17 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At14.job
[2010/04/01 19:01:17 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At13.job
[2010/04/01 19:01:17 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At12.job
[2010/04/01 19:01:17 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At11.job
[2010/04/01 19:01:17 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At10.job
[2010/04/01 19:01:16 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At8.job
[2010/04/01 19:01:16 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At7.job
[2010/04/01 19:01:16 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At6.job
[2010/04/01 19:01:16 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At5.job
[2010/04/01 19:01:16 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At4.job
[2010/04/01 19:01:16 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At3.job
[2010/04/01 19:01:16 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010/04/01 19:01:16 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/04/01 16:53:00 | 000,047,616 | ---- | C] () -- C:\Users\John\Desktop\Win32kDiag.exe
[2010/04/01 16:52:39 | 000,147,832 | ---- | C] () -- C:\Users\John\Desktop\profiles.exe
[2010/03/31 11:27:48 | 000,077,312 | ---- | C] () -- C:\Users\John\Desktop\mbr.exe
[2010/03/25 09:26:02 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/03/25 09:26:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/03/25 09:26:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/03/25 09:26:02 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/03/25 09:26:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/03/24 16:01:27 | 000,027,648 | ---- | C] () -- C:\Windows\tsnp2uvc.exe.delme2654
[2010/03/24 16:01:27 | 000,027,648 | ---- | C] () -- C:\Windows\tsnp2uvc.exe
[2010/03/24 10:47:38 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/24 10:45:20 | 000,001,680 | ---- | C] () -- C:\Users\John\Desktop\CCleaner.lnk
[2010/03/24 09:35:29 | 000,203,776 | -HS- | C] () -- C:\Users\John\AppData\Local\128822158.dll
[2010/03/24 09:18:19 | 000,021,352 | ---- | C] () -- C:\Users\Public\Documents\ACGinaWinlogon.dat
[2010/03/24 03:14:13 | 000,004,286 | ---- | C] () -- C:\Users\John\AppData\Roaming\avp.ico
[2010/03/24 03:10:53 | 000,094,208 | ---- | C] () -- C:\Windows\System32\app_dll.dll
[2010/03/24 03:06:12 | 000,020,000 | ---- | C] () -- C:\Windows\System32\uyjudh0bkp.dll
[2010/03/24 03:06:10 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\ayemgy.sys
[2010/03/24 03:05:31 | 000,010,880 | -HS- | C] () -- C:\Users\John\AppData\Local\Mh3jm32txN
[2010/03/24 03:05:31 | 000,010,880 | -HS- | C] () -- C:\ProgramData\Mh3jm32txN
[2010/03/24 03:05:29 | 000,183,808 | -HS- | C] () -- C:\Users\John\AppData\Local\ave.exe
[2010/03/24 01:42:59 | 000,000,288 | -H-- | C] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/03/24 01:42:56 | 000,000,244 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/02/23 02:25:21 | 000,009,702 | -HS- | C] () -- C:\Users\John\AppData\Local\J50l1AiqIvJy
[2010/02/23 02:25:20 | 000,182,272 | -HS- | C] () -- C:\Users\John\AppData\Local\av.exe
[2010/01/03 00:46:26 | 000,047,104 | -HS- | C] () -- C:\Windows\System32\pemivubu.dll
[2010/01/03 00:46:26 | 000,042,496 | -HS- | C] () -- C:\Windows\System32\kevidobi.dll
[2010/01/02 10:03:37 | 000,053,248 | -HS- | C] () -- C:\Windows\System32\yakituro.dll
[2010/01/02 10:03:37 | 000,042,496 | -HS- | C] () -- C:\Windows\System32\pafikiwu.dll
[2010/01/02 09:03:23 | 000,096,256 | -HS- | C] () -- C:\Windows\System32\sekoseye.dll
[2010/01/02 09:03:23 | 000,042,496 | -HS- | C] () -- C:\Windows\System32\hayaheta.dll
[2010/01/02 08:03:01 | 000,096,256 | -HS- | C] () -- C:\Windows\System32\gahejeyu.dll
[2010/01/02 08:03:01 | 000,042,496 | -HS- | C] () -- C:\Windows\System32\hujepaka.dll
[2010/01/01 18:49:55 | 000,042,496 | -HS- | C] () -- C:\Windows\System32\rukabipe.dll
[2010/01/01 18:49:55 | 000,034,816 | -HS- | C] () -- C:\Windows\System32\yevilido.dll
[2010/01/01 17:49:50 | 000,047,104 | -HS- | C] () -- C:\Windows\System32\nuyakete.dll
[2010/01/01 17:49:50 | 000,042,496 | -HS- | C] () -- C:\Windows\System32\tajokigu.dll
[2010/01/01 17:49:50 | 000,028,672 | -HS- | C] () -- C:\Windows\System32\rivesogo.dll
[2010/01/01 09:20:53 | 000,042,496 | -HS- | C] () -- C:\Windows\System32\toteduba.dll
[2010/01/01 09:20:53 | 000,036,864 | -HS- | C] () -- C:\Windows\System32\rigebevu.dll
[2010/01/01 09:20:53 | 000,031,744 | -HS- | C] () -- C:\Windows\System32\sizesare.dll
[2009/11/03 14:32:51 | 000,870,128 | ---- | C] () -- C:\Users\John\AppData\Roaming\mcs.rma
[2009/11/03 14:32:51 | 000,000,004 | ---- | C] () -- C:\Users\John\AppData\Roaming\589080
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/07/28 14:44:30 | 000,000,173 | ---- | C] () -- C:\Windows\hpbafd.ini
[2009/07/14 14:25:53 | 000,061,678 | ---- | C] () -- C:\Users\John\AppData\Roaming\PFP120JPR.{PB
[2009/07/14 14:25:53 | 000,012,358 | ---- | C] () -- C:\Users\John\AppData\Roaming\PFP120JCM.{PB
[2009/07/14 13:24:22 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/09 15:30:33 | 000,002,032 | ---- | C] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2009/07/07 01:15:01 | 000,036,864 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/04 02:43:03 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2009/07/04 02:43:03 | 000,000,153 | ---- | C] () -- C:\Windows\wininit.ini
[2009/07/04 02:40:49 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/07/04 02:40:49 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/07/04 02:40:49 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/07/04 02:40:49 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/07/04 02:40:49 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/07/04 02:40:49 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/07/04 02:29:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/07/04 02:28:34 | 001,754,368 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/07/04 02:28:34 | 000,028,800 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009/07/04 02:28:34 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009/07/04 01:55:18 | 000,329,752 | ---- | C] () -- C:\Windows\System32\drivers\iaStor.sys
[2008/01/20 19:24:13 | 000,053,248 | ---- | C] () -- C:\Windows\System32\FastUv32.dll
[2008/01/20 19:24:13 | 000,002,304 | ---- | C] () -- C:\Windows\System32\seagate.sys
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/08/17 20:00:00 | 000,073,748 | -H-- | C] () -- C:\Windows\System32\Irmonex.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/07/30 12:34:53 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\CachedFiles
[2009/07/06 14:07:54 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Downloaded Installations
[2009/08/10 20:42:13 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Elluminate
[2009/10/08 23:33:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\InterVideo
[2009/07/06 12:25:08 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Lenovo
[2009/11/03 14:00:05 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ParaView
[2009/10/06 13:53:04 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\QcWizard
[2010/03/24 05:37:36 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\uTorrent
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/04/02 09:00:38 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At73.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At74.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At75.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At76.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At77.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At78.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At79.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At80.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At81.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At82.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At83.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At84.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At85.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At86.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At87.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At88.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At89.job
[2010/04/02 20:39:34 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At90.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At91.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At92.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At93.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At94.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At95.job
[2010/04/02 20:39:34 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At96.job
[2010/04/01 18:41:39 | 000,000,252 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
[2010/03/18 17:00:01 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2010/04/03 00:48:59 | 000,032,374 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/03/24 00:02:25 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
[2010/04/02 09:04:05 | 000,000,244 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/04/02 09:04:04 | 000,000,288 | -H-- | M] () -- C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

Extras.txt:

OTL Extras logfile created on: 3/24/2010 1:42:33 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\John\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.82 Gb Total Space | 7.38 Gb Free Space | 5.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 9.77 Gb Total Space | 2.81 Gb Free Space | 28.78% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.69 Gb Free Space | 46.98% Space Free | Partition Type: NTFS

Computer Name: MINI-JOHN
Current User Name: John
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = secfile] -- C:\Users\John\AppData\Local\ave.exe ()
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D2D8393-C3C1-4725-8FCC-98A977B71081}" = lport=445 | protocol=6 | dir=in | app=system |
"{579088F0-539A-4CF3-840F-AAA6DBE602EB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{59407501-5380-4A54-A52E-6D1D276FCA65}" = rport=445 | protocol=6 | dir=out | app=system |
"{66DEC1C6-1F38-49C0-97B8-E218974C1283}" = lport=137 | protocol=17 | dir=in | app=system |
"{991DEFAF-B588-4780-9D50-08A7A0B2F94C}" = lport=139 | protocol=6 | dir=in | app=system |
"{9D456DF1-9EF8-45CE-81D8-AF5C4C7FE58D}" = rport=139 | protocol=6 | dir=out | app=system |
"{AFD521E8-E6E4-4E86-B7D9-A5E518FA5F08}" = lport=138 | protocol=17 | dir=in | app=system |
"{C68662D0-5328-4681-A558-CC0C60B4D51E}" = rport=137 | protocol=17 | dir=out | app=system |
"{EA48C20F-B935-4C4F-A023-66CE058D096F}" = rport=138 | protocol=17 | dir=out | app=system |
"{F39D69D6-8670-48E8-BE6E-252960A4C13D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0228A5BC-006A-48FD-B8AD-447F73E901FF}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{03EFB3DA-B797-4B60-8120-1D0B91F3755D}" = protocol=6 | dir=in | app=c:\windows\system32\lsass.exe |
"{04FA7F82-E955-4775-A746-56E57E3E050B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0770ED79-8CEC-4DD8-8E74-63CE167536F0}" = protocol=17 | dir=in | app=c:\windows\system32\wininit.exe |
"{10EAB2E5-D636-4337-A8E8-B2E1B7E206B7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{14DE38FA-F8CD-4B6D-99B7-F8B0CD2A3043}" = protocol=17 | dir=in | app=c:\windows\system32\wininit.exe |
"{16D0CA68-84CB-4629-A62F-C80DB1E49ECE}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{1875AE41-DCDC-4C66-A0DD-D931E1BF2D27}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1A63F992-D3DB-4147-AA6F-7BE9A58054BF}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1B428852-C07D-4F41-8E2F-F90487626732}" = protocol=6 | dir=in | app=c:\windows\system32\wininit.exe |
"{2B12F8EB-63E7-429D-BB1B-054E3DD478E1}" = protocol=17 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{2FC75EE2-2512-4943-BC5D-3A3E34824CB4}" = protocol=17 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{3066CFB5-8191-419E-918D-4C9AB08D60F1}" = protocol=6 | dir=in | app=c:\windows\system32\lsass.exe |
"{38838781-A56A-449B-A7CA-887FE4346644}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4247ABD4-8DA7-4E1B-87C6-3E7BC46A2E8A}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{482B4277-B625-4F80-9FB3-FD20B0BF19EB}" = protocol=6 | dir=in | app=c:\windows\system32\winlogon.exe |
"{5017550F-6EC5-4E7D-86EE-13162BDA0BD0}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{5113F70A-C1E7-4BEC-A34B-1D90D2E136DA}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{567888C6-91A0-45A6-B947-3888BBB4926F}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{57162018-37B0-4AA2-9BA8-77F7D2FA0B97}" = protocol=17 | dir=in | app=c:\windows\system32\lsass.exe |
"{5D350BE8-B956-4377-A0B1-4FD10205EF07}" = protocol=6 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe |
"{5F4EC81B-6D16-4AD8-B2D9-A92375E7B09B}" = protocol=17 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe |
"{69D572FB-FF1A-40AC-801A-05894F31B806}" = protocol=6 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{6DAB5F98-075F-4F20-87B1-5119ECBD9D15}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{6E53D614-BA24-4406-B021-70770ECEF5C7}" = protocol=6 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{7178B1EB-41BF-4196-B01F-8473D4A94353}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{72362143-918E-47E2-8EE5-A6332D34B861}" = protocol=6 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{7474632A-036E-4B07-9AF6-BDCF9816A158}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{78066C5F-4A19-40A4-9CB3-3801EF8D69DD}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{79F8A92B-C09A-42BC-B485-E8A822FD89D2}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7B97E506-D0EE-403F-B6AA-31931718E270}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{7E4F235F-22F3-45F0-AF90-FE1B7220B6B6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8CD53BC7-64DB-44DF-8B25-4F06740C7658}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{93042864-CC97-4875-AB11-E95606F3177C}" = protocol=6 | dir=in | app=c:\windows\system32\wininit.exe |
"{B5537EF3-DFFA-4B61-8843-307591A696B1}" = protocol=17 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe |
"{BE80847A-ADE5-433D-956B-6AF5BA7A2050}" = protocol=17 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{C173E385-318F-414B-9D14-469CA8FDF32A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CC903C6B-A89E-48C3-A925-4837C7B1703F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CFC06B9A-9070-4BCF-8DFB-2C10D594A0AF}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{D27BC515-678C-44BF-8C28-CCEE8FA07226}" = protocol=17 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{D3F8310E-9AC0-40D4-9939-EA5A0BE64840}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{D8A8807B-2C0D-4C1E-ABB1-BC6CB055665C}" = protocol=6 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{E90AF0EF-D08D-4497-8407-1EBF3C052362}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{EA0ED95B-8CA8-4F24-9B05-097F67B87FAE}" = protocol=6 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe |
"{EBC28F27-FA2E-4D7E-9CE3-76421B957ECF}" = protocol=17 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{EF4FCF86-30D8-4F48-8F60-DE3B220C8376}" = protocol=6 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{F732B900-1FC3-4EF1-A8B4-FF815C84CCDF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F756285B-0DAC-452E-A543-5AF55D37649B}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{FC81E2F1-C025-4B63-A609-263E6DD1CAA0}" = protocol=17 | dir=in | app=c:\windows\system32\winlogon.exe |
"{FF9E1AAE-947D-40D7-9E2C-A497410A13AA}" = protocol=17 | dir=in | app=c:\windows\system32\lsass.exe |
"TCP Query User{3A71A9DB-C494-48A5-85E6-1C00B24D572C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{97224B0D-54A3-41FB-94F6-D2F713603958}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{12FE05DA-9AB1-4E98-8998-561C3002AC7D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{D2B7AA2D-E71F-4491-9CF5-9D141EC8F684}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00AF2FB0-BBD6-F757-5828-DE25462217BE}" = Catalyst Control Center Graphics Previews Vista
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.02.02.01
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0AD36E45-565F-04A9-1CA2-2ABCD2E88C62}" = Catalyst Control Center Localization Italian
"{0AEEB83B-565E-A806-D345-222DDB93CA1C}" = Catalyst Control Center Graphics Full Existing
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{20BFD848-897A-48BB-97A7-CDB5A8D4719E}" = WordPerfect Office 12
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{22AE425C-6409-D3F0-B80D-D4F7ACDA3292}" = Catalyst Control Center Core Implementation
"{25EEB51E-7DB8-464D-AE46-1C8C74F73035}" = Catalyst Control Center - Branding
"{26831B01-C26C-821A-68AC-1077C0437FF1}" = Catalyst Control Center Localization Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{35A11BEC-F37D-56C8-2E3C-9A4F65BE72D6}" = Catalyst Control Center Localization Chinese Standard
"{365001D9-0C56-8E13-FB01-B17E2DB91A31}" = Catalyst Control Center Localization Korean
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3A3B2181-1F12-C601-F2E0-9E2ACE43AD7B}" = Catalyst Control Center Localization Japanese
"{3D8994A3-02A8-45B5-B955-53E608BC69ED}" = Lenovo Fingerprint Software
"{3E89079A-08A5-55B4-1341-701740632579}" = CCC Help French
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{404693A9-89CD-D4CD-E770-088864FBA83E}" = CCC Help Italian
"{417B2288-FA04-EBA6-36FC-582CC31045AE}" = Skins
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{45316B3F-47A4-9BCD-0C30-0555E869C8DD}" = CCC Help Japanese
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4BD295B9-0190-4C54-B08E-33A6ECA922DF}" = ThinkVantage Access Connections
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5B0F1A29-10C7-495F-77D7-7E99DD7FCE40}" = CCC Help Chinese Traditional
"{5CDA75CA-B7CC-D8C6-CB32-9FFA1B7BA989}" = PX Profile Update
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60B8D26D-5D6D-21D5-0366-3664E5DE3471}" = ATI Catalyst Install Manager
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{668ACF05-E455-4932-A2D2-5822A8206FEB}" = Camera Center
"{67C50033-2353-DD1C-7296-C5FD7359EACA}" = CCC Help English
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{81ED33AC-3CBF-5FC9-AF3E-F5CED063C984}" = CCC Help Portuguese
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86DF760F-FDE8-B3BA-D955-1B9758AD156D}" = Catalyst Control Center Localization Dutch
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E4C24FB-B456-DC43-E154-0A4A09182122}" = Catalyst Control Center Localization German
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90FABD40-E741-446F-839D-CEAE905D63BE}" = ThinkPad Mobility Center Customization
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{97BBF90F-A852-4AA0-872B-42D13AA22D94}" = Mobile Broadband Connect
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A75A28C1-BCA7-68BD-FB88-223760FB65E5}" = Catalyst Control Center Localization French
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ABC6E084-55EA-5860-4654-B21FFE886B1B}" = PX Profile Update
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AECC8BFF-B02C-D02A-66E1-C3B8CCDF1B53}" = CCC Help Dutch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B193113E-4A16-2FC3-CFF0-ECC6DEC9340A}" = Catalyst Control Center Graphics Light
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BBF6D0CD-A081-369F-B0B8-F168594CBB6B}" = Google Talk Plugin
"{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}" = Symantec Endpoint Protection
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C710E77E-6AC2-608B-214C-CEF6B9CDBA6E}" = Catalyst Control Center InstallProxy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D22E6706-136E-4810-AF2E-359AE30A7323}" = ThinkVantage Status Gadget
"{D239B547-8B20-4BDE-888D-C9CCA823FFD8}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D83079BD-1B70-0E0C-E09B-FA0598FAF7CE}" = CCC Help Spanish
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E42B5633-876B-7549-47E0-FB6AD4D300D3}" = CCC Help Korean
"{E47FA707-9763-72D7-C1B2-539DFD70C285}" = Catalyst Control Center Graphics Full New
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E9BE4F08-5684-6B5E-5314-FD399455B23A}" = Catalyst Control Center Localization Chinese Traditional
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ECE27738-36CE-B725-4172-1DF105D587F0}" = Catalyst Control Center Localization Swedish
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}" = Intel(R) PROSet/Wireless WiFi Software
"{F3B148A3-9D5E-D3CA-4B27-67F9F858F921}" = CCC Help German
"{F74D2920-8671-1260-DA81-F0783B948A0B}" = ccc-utility
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FA62B4C2-6CFD-462F-9B59-68A730001AB3}" = Product Recovery Disc Burning Utility
"{FBE9C8DF-E5F0-C364-497C-0A01F0F5165C}" = ccc-core-static
"{FBFAE49C-9815-AB37-0896-641C1D358771}" = CCC Help Chinese Standard
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD810A54-C8D1-ED74-D071-931DA1B5E0E5}" = Catalyst Control Center Localization Spanish
"{FF460D73-62F0-D249-3FD2-7D620726DC10}" = CCC Help Swedish
"0A7603E3091C168CDE422A2B3481A2F7D17D0954" = Windows Driver Package - Intel hdc (02/20/2008 6.9.1.1001)
"1205965EF392C9B0D5A9BDB139035F058E76359E" = Windows Driver Package - Ricoh Company MMC Host Controller (02/15/2008 6.00.03.05)
"1A96FF9D9E5F19776E6749D8F6557FCC437EB294" = Windows Driver Package - Ricoh Company MS Host Controller (07/30/2007 6.00.01.11)
"25A4FC9EFE7A8860FCF6F86FFABDD9334A2619E3" = Windows Driver Package - Intel (e1yexpress) Net (08/22/2008 9.52.10.1001)
"3EB6CB625B5778835F0A66A7529E69050E0EE033" = Windows Driver Package - Lenovo 1.53 (03/19/2009 1.53)
"432D918ED17EA51B73E8491A0369730C0076A292" = Windows Driver Package - Intel System (02/20/2008 8.6.1.1002)
"464CE3922A214073AAEE00DEB23EA5C750AF8CE8" = Windows Driver Package - Intel USB (02/05/2007 8.3.0.1011)
"513C7D1BF4530B30EC84716327E4D7E76810DCC5" = Windows Driver Package - Intel System (02/20/2008 8.7.0.1007)
"5A4D4FF375E24E41AE5D2D907E67E0884BE2CAF4" = Windows Driver Package - Intel System (01/30/2008 8.6.1.1001)
"778DAA8FB0D52FC214BC306BBDC33E26ACAB6F44" = Windows Driver Package - Ricoh Company xD Host Controller (07/30/2007 6.00.01.13)
"A4680BD43717441189C52EBF2C4FD6B182EE1101" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (10/02/2008 8.1.2.37)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Uninstaller" = ATI Uninstaller
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"E6CEFD9A59425A2A27E92572AB367B28C371D3D8" = Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)
"EC1E678D1EFB79A1D02C312390944027C715CD5C" = Windows Driver Package - Intel (iaStor) hdc (02/11/2009 8.8.0.1009)
"EphPod" = EphPod
"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
"GoToAssist Express Customer" = GoToAssist Express Customer 1.2.0.177
"HECI" = Intel(R) Management Engine Interface
"HijackThis" = HijackThis 2.0.2
"iPod To Computer Transfer_is1" = iPod To Computer Transfer 5.5
"Lenovo Registration" = Lenovo Registration
"Lenovo Welcome_is1" = Lenovo Welcome
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MESOL" = Intel Active Management Technology
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
"uTorrent" = µTorrent
"Windows Live Toolbar" = Windows Live Toolbar
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/24/2010 2:56:06 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 3/24/2010 2:56:07 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 3/24/2010 2:56:07 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 3/24/2010 2:56:08 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 3/24/2010 2:56:08 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 3/24/2010 2:59:38 PM | Computer Name = Mini-John | Source = WinMgmt | ID = 10
Description =

Error - 3/24/2010 3:05:20 PM | Computer Name = Mini-John | Source = EventSystem | ID = 4609
Description =

Error - 3/24/2010 4:45:54 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 3/24/2010 4:45:54 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 3/24/2010 4:45:55 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

[ Lenovo-Message Center Plus/Admin Events ]
Error - 7/8/2009 7:43:33 PM | Computer Name = Mini-John | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp
does not have a Lenovo Digital Signature. The file will be deleted

Error - 7/25/2009 1:40:47 PM | Computer Name = Mini-John | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
does not have a Lenovo Digital Signature. The file will be deleted

Error - 7/26/2009 1:24:01 AM | Computer Name = Mini-John | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
does not have a Lenovo Digital Signature. The file will be deleted

Error - 7/26/2009 1:38:33 PM | Computer Name = Mini-John | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
does not have a Lenovo Digital Signature. The file will be deleted

[ System Events ]
Error - 3/24/2010 2:53:51 PM | Computer Name = Mini-John | Source = Service Control Manager | ID = 7031
Description =

Error - 3/24/2010 2:58:59 PM | Computer Name = Mini-John | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 3/24/2010 2:59:21 PM | Computer Name = Mini-John | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 3/24/2010 2:59:39 PM | Computer Name = Mini-John | Source = Service Control Manager | ID = 7001
Description =

Error - 3/24/2010 2:59:39 PM | Computer Name = Mini-John | Source = Service Control Manager | ID = 7026
Description =

Error - 3/24/2010 3:05:13 PM | Computer Name = Mini-John | Source = DCOM | ID = 10005
Description =

Error - 3/24/2010 3:05:20 PM | Computer Name = Mini-John | Source = DCOM | ID = 10005
Description =

Error - 3/24/2010 3:05:20 PM | Computer Name = Mini-John | Source = DCOM | ID = 10005
Description =

Error - 3/24/2010 3:05:23 PM | Computer Name = Mini-John | Source = DCOM | ID = 10005
Description =

Error - 3/24/2010 3:28:53 PM | Computer Name = Mini-John | Source = DCOM | ID = 10005
Description =


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = secfile] -- C:\Users\John\AppData\Local\ave.exe ()
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D2D8393-C3C1-4725-8FCC-98A977B71081}" = lport=445 | protocol=6 | dir=in | app=system |
"{579088F0-539A-4CF3-840F-AAA6DBE602EB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{59407501-5380-4A54-A52E-6D1D276FCA65}" = rport=445 | protocol=6 | dir=out | app=system |
"{66DEC1C6-1F38-49C0-97B8-E218974C1283}" = lport=137 | protocol=17 | dir=in | app=system |
"{991DEFAF-B588-4780-9D50-08A7A0B2F94C}" = lport=139 | protocol=6 | dir=in | app=system |
"{9D456DF1-9EF8-45CE-81D8-AF5C4C7FE58D}" = rport=139 | protocol=6 | dir=out | app=system |
"{AFD521E8-E6E4-4E86-B7D9-A5E518FA5F08}" = lport=138 | protocol=17 | dir=in | app=system |
"{C68662D0-5328-4681-A558-CC0C60B4D51E}" = rport=137 | protocol=17 | dir=out | app=system |
"{EA48C20F-B935-4C4F-A023-66CE058D096F}" = rport=138 | protocol=17 | dir=out | app=system |
"{F39D69D6-8670-48E8-BE6E-252960A4C13D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0228A5BC-006A-48FD-B8AD-447F73E901FF}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{03EFB3DA-B797-4B60-8120-1D0B91F3755D}" = protocol=6 | dir=in | app=c:\windows\system32\lsass.exe |
"{04FA7F82-E955-4775-A746-56E57E3E050B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0770ED79-8CEC-4DD8-8E74-63CE167536F0}" = protocol=17 | dir=in | app=c:\windows\system32\wininit.exe |
"{10EAB2E5-D636-4337-A8E8-B2E1B7E206B7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{14DE38FA-F8CD-4B6D-99B7-F8B0CD2A3043}" = protocol=17 | dir=in | app=c:\windows\system32\wininit.exe |
"{16D0CA68-84CB-4629-A62F-C80DB1E49ECE}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{1875AE41-DCDC-4C66-A0DD-D931E1BF2D27}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1A63F992-D3DB-4147-AA6F-7BE9A58054BF}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1B428852-C07D-4F41-8E2F-F90487626732}" = protocol=6 | dir=in | app=c:\windows\system32\wininit.exe |
"{2B12F8EB-63E7-429D-BB1B-054E3DD478E1}" = protocol=17 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{2FC75EE2-2512-4943-BC5D-3A3E34824CB4}" = protocol=17 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{3066CFB5-8191-419E-918D-4C9AB08D60F1}" = protocol=6 | dir=in | app=c:\windows\system32\lsass.exe |
"{38838781-A56A-449B-A7CA-887FE4346644}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4247ABD4-8DA7-4E1B-87C6-3E7BC46A2E8A}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{482B4277-B625-4F80-9FB3-FD20B0BF19EB}" = protocol=6 | dir=in | app=c:\windows\system32\winlogon.exe |
"{5017550F-6EC5-4E7D-86EE-13162BDA0BD0}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{5113F70A-C1E7-4BEC-A34B-1D90D2E136DA}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{567888C6-91A0-45A6-B947-3888BBB4926F}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{57162018-37B0-4AA2-9BA8-77F7D2FA0B97}" = protocol=17 | dir=in | app=c:\windows\system32\lsass.exe |
"{5D350BE8-B956-4377-A0B1-4FD10205EF07}" = protocol=6 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe |
"{5F4EC81B-6D16-4AD8-B2D9-A92375E7B09B}" = protocol=17 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe |
"{69D572FB-FF1A-40AC-801A-05894F31B806}" = protocol=6 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{6DAB5F98-075F-4F20-87B1-5119ECBD9D15}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{6E53D614-BA24-4406-B021-70770ECEF5C7}" = protocol=6 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{7178B1EB-41BF-4196-B01F-8473D4A94353}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{72362143-918E-47E2-8EE5-A6332D34B861}" = protocol=6 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{7474632A-036E-4B07-9AF6-BDCF9816A158}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{78066C5F-4A19-40A4-9CB3-3801EF8D69DD}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{79F8A92B-C09A-42BC-B485-E8A822FD89D2}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7B97E506-D0EE-403F-B6AA-31931718E270}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{7E4F235F-22F3-45F0-AF90-FE1B7220B6B6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8CD53BC7-64DB-44DF-8B25-4F06740C7658}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{93042864-CC97-4875-AB11-E95606F3177C}" = protocol=6 | dir=in | app=c:\windows\system32\wininit.exe |
"{B5537EF3-DFFA-4B61-8843-307591A696B1}" = protocol=17 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe |
"{BE80847A-ADE5-433D-956B-6AF5BA7A2050}" = protocol=17 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{C173E385-318F-414B-9D14-469CA8FDF32A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CC903C6B-A89E-48C3-A925-4837C7B1703F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CFC06B9A-9070-4BCF-8DFB-2C10D594A0AF}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{D27BC515-678C-44BF-8C28-CCEE8FA07226}" = protocol=17 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{D3F8310E-9AC0-40D4-9939-EA5A0BE64840}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{D8A8807B-2C0D-4C1E-ABB1-BC6CB055665C}" = protocol=6 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{E90AF0EF-D08D-4497-8407-1EBF3C052362}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{EA0ED95B-8CA8-4F24-9B05-097F67B87FAE}" = protocol=6 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe |
"{EBC28F27-FA2E-4D7E-9CE3-76421B957ECF}" = protocol=17 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{EF4FCF86-30D8-4F48-8F60-DE3B220C8376}" = protocol=6 | dir=in | app=c:\users\john\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{F732B900-1FC3-4EF1-A8B4-FF815C84CCDF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F756285B-0DAC-452E-A543-5AF55D37649B}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{FC81E2F1-C025-4B63-A609-263E6DD1CAA0}" = protocol=17 | dir=in | app=c:\windows\system32\winlogon.exe |
"{FF9E1AAE-947D-40D7-9E2C-A497410A13AA}" = protocol=17 | dir=in | app=c:\windows\system32\lsass.exe |
"TCP Query User{3A71A9DB-C494-48A5-85E6-1C00B24D572C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{97224B0D-54A3-41FB-94F6-D2F713603958}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{12FE05DA-9AB1-4E98-8998-561C3002AC7D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{D2B7AA2D-E71F-4491-9CF5-9D141EC8F684}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00AF2FB0-BBD6-F757-5828-DE25462217BE}" = Catalyst Control Center Graphics Previews Vista
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.02.02.01
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0AD36E45-565F-04A9-1CA2-2ABCD2E88C62}" = Catalyst Control Center Localization Italian
"{0AEEB83B-565E-A806-D345-222DDB93CA1C}" = Catalyst Control Center Graphics Full Existing
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{20BFD848-897A-48BB-97A7-CDB5A8D4719E}" = WordPerfect Office 12
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{22AE425C-6409-D3F0-B80D-D4F7ACDA3292}" = Catalyst Control Center Core Implementation
"{25EEB51E-7DB8-464D-AE46-1C8C74F73035}" = Catalyst Control Center - Branding
"{26831B01-C26C-821A-68AC-1077C0437FF1}" = Catalyst Control Center Localization Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{35A11BEC-F37D-56C8-2E3C-9A4F65BE72D6}" = Catalyst Control Center Localization Chinese Standard
"{365001D9-0C56-8E13-FB01-B17E2DB91A31}" = Catalyst Control Center Localization Korean
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3A3B2181-1F12-C601-F2E0-9E2ACE43AD7B}" = Catalyst Control Center Localization Japanese
"{3D8994A3-02A8-45B5-B955-53E608BC69ED}" = Lenovo Fingerprint Software
"{3E89079A-08A5-55B4-1341-701740632579}" = CCC Help French
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{404693A9-89CD-D4CD-E770-088864FBA83E}" = CCC Help Italian
"{417B2288-FA04-EBA6-36FC-582CC31045AE}" = Skins
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{45316B3F-47A4-9BCD-0C30-0555E869C8DD}" = CCC Help Japanese
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4BD295B9-0190-4C54-B08E-33A6ECA922DF}" = ThinkVantage Access Connections
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5B0F1A29-10C7-495F-77D7-7E99DD7FCE40}" = CCC Help Chinese Traditional
"{5CDA75CA-B7CC-D8C6-CB32-9FFA1B7BA989}" = PX Profile Update
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60B8D26D-5D6D-21D5-0366-3664E5DE3471}" = ATI Catalyst Install Manager
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{668ACF05-E455-4932-A2D2-5822A8206FEB}" = Camera Center
"{67C50033-2353-DD1C-7296-C5FD7359EACA}" = CCC Help English
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{81ED33AC-3CBF-5FC9-AF3E-F5CED063C984}" = CCC Help Portuguese
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86DF760F-FDE8-B3BA-D955-1B9758AD156D}" = Catalyst Control Center Localization Dutch
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E4C24FB-B456-DC43-E154-0A4A09182122}" = Catalyst Control Center Localization German
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90FABD40-E741-446F-839D-CEAE905D63BE}" = ThinkPad Mobility Center Customization
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{97BBF90F-A852-4AA0-872B-42D13AA22D94}" = Mobile Broadband Connect
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A75A28C1-BCA7-68BD-FB88-223760FB65E5}" = Catalyst Control Center Localization French
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ABC6E084-55EA-5860-4654-B21FFE886B1B}" = PX Profile Update
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AECC8BFF-B02C-D02A-66E1-C3B8CCDF1B53}" = CCC Help Dutch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B193113E-4A16-2FC3-CFF0-ECC6DEC9340A}" = Catalyst Control Center Graphics Light
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BBF6D0CD-A081-369F-B0B8-F168594CBB6B}" = Google Talk Plugin
"{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}" = Symantec Endpoint Protection
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C710E77E-6AC2-608B-214C-CEF6B9CDBA6E}" = Catalyst Control Center InstallProxy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D22E6706-136E-4810-AF2E-359AE30A7323}" = ThinkVantage Status Gadget
"{D239B547-8B20-4BDE-888D-C9CCA823FFD8}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D83079BD-1B70-0E0C-E09B-FA0598FAF7CE}" = CCC Help Spanish
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E42B5633-876B-7549-47E0-FB6AD4D300D3}" = CCC Help Korean
"{E47FA707-9763-72D7-C1B2-539DFD70C285}" = Catalyst Control Center Graphics Full New
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E9BE4F08-5684-6B5E-5314-FD399455B23A}" = Catalyst Control Center Localization Chinese Traditional
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ECE27738-36CE-B725-4172-1DF105D587F0}" = Catalyst Control Center Localization Swedish
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}" = Intel(R) PROSet/Wireless WiFi Software
"{F3B148A3-9D5E-D3CA-4B27-67F9F858F921}" = CCC Help German
"{F74D2920-8671-1260-DA81-F0783B948A0B}" = ccc-utility
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FA62B4C2-6CFD-462F-9B59-68A730001AB3}" = Product Recovery Disc Burning Utility
"{FBE9C8DF-E5F0-C364-497C-0A01F0F5165C}" = ccc-core-static
"{FBFAE49C-9815-AB37-0896-641C1D358771}" = CCC Help Chinese Standard
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD810A54-C8D1-ED74-D071-931DA1B5E0E5}" = Catalyst Control Center Localization Spanish
"{FF460D73-62F0-D249-3FD2-7D620726DC10}" = CCC Help Swedish
"0A7603E3091C168CDE422A2B3481A2F7D17D0954" = Windows Driver Package - Intel hdc (02/20/2008 6.9.1.1001)
"1205965EF392C9B0D5A9BDB139035F058E76359E" = Windows Driver Package - Ricoh Company MMC Host Controller (02/15/2008 6.00.03.05)
"1A96FF9D9E5F19776E6749D8F6557FCC437EB294" = Windows Driver Package - Ricoh Company MS Host Controller (07/30/2007 6.00.01.11)
"25A4FC9EFE7A8860FCF6F86FFABDD9334A2619E3" = Windows Driver Package - Intel (e1yexpress) Net (08/22/2008 9.52.10.1001)
"3EB6CB625B5778835F0A66A7529E69050E0EE033" = Windows Driver Package - Lenovo 1.53 (03/19/2009 1.53)
"432D918ED17EA51B73E8491A0369730C0076A292" = Windows Driver Package - Intel System (02/20/2008 8.6.1.1002)
"464CE3922A214073AAEE00DEB23EA5C750AF8CE8" = Windows Driver Package - Intel USB (02/05/2007 8.3.0.1011)
"513C7D1BF4530B30EC84716327E4D7E76810DCC5" = Windows Driver Package - Intel System (02/20/2008 8.7.0.1007)
"5A4D4FF375E24E41AE5D2D907E67E0884BE2CAF4" = Windows Driver Package - Intel System (01/30/2008 8.6.1.1001)
"778DAA8FB0D52FC214BC306BBDC33E26ACAB6F44" = Windows Driver Package - Ricoh Company xD Host Controller (07/30/2007 6.00.01.13)
"A4680BD43717441189C52EBF2C4FD6B182EE1101" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (10/02/2008 8.1.2.37)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Uninstaller" = ATI Uninstaller
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"E6CEFD9A59425A2A27E92572AB367B28C371D3D8" = Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)
"EC1E678D1EFB79A1D02C312390944027C715CD5C" = Windows Driver Package - Intel (iaStor) hdc (02/11/2009 8.8.0.1009)
"EphPod" = EphPod
"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
"GoToAssist Express Customer" = GoToAssist Express Customer 1.2.0.177
"HECI" = Intel(R) Management Engine Interface
"HijackThis" = HijackThis 2.0.2
"iPod To Computer Transfer_is1" = iPod To Computer Transfer 5.5
"Lenovo Registration" = Lenovo Registration
"Lenovo Welcome_is1" = Lenovo Welcome
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MESOL" = Intel Active Management Technology
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
"uTorrent" = µTorrent
"Windows Live Toolbar" = Windows Live Toolbar
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/24/2010 2:56:06 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 3/24/2010 2:56:07 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 3/24/2010 2:56:07 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 3/24/2010 2:56:08 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 3/24/2010 2:56:08 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 3/24/2010 2:59:38 PM | Computer Name = Mini-John | Source = WinMgmt | ID = 10
Description =

Error - 3/24/2010 3:05:20 PM | Computer Name = Mini-John | Source = EventSystem | ID = 4609
Description =

Error - 3/24/2010 4:45:54 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 3/24/2010 4:45:54 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 3/24/2010 4:45:55 PM | Computer Name = Mini-John | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

[ Lenovo-Message Center Plus/Admin Events ]
Error - 7/8/2009 7:43:33 PM | Computer Name = Mini-John | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp
does not have a Lenovo Digital Signature. The file will be deleted

Error - 7/25/2009 1:40:47 PM | Computer Name = Mini-John | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
does not have a Lenovo Digital Signature. The file will be deleted

Error - 7/26/2009 1:24:01 AM | Computer Name = Mini-John | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
does not have a Lenovo Digital Signature. The file will be deleted

Error - 7/26/2009 1:38:33 PM | Computer Name = Mini-John | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
does not have a Lenovo Digital Signature. The file will be deleted

[ System Events ]
Error - 3/24/2010 2:53:51 PM | Computer Name = Mini-John | Source = Service Control Manager | ID = 7031
Description =

Error - 3/24/2010 2:58:59 PM | Computer Name = Mini-John | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 3/24/2010 2:59:21 PM | Computer Name = Mini-John | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 3/24/2010 2:59:39 PM | Computer Name = Mini-John | Source = Service Control Manager | ID = 7001
Description =

Error - 3/24/2010 2:59:39 PM | Computer Name = Mini-John | Source = Service Control Manager | ID = 7026
Description =

Error - 3/24/2010 3:05:13 PM | Computer Name = Mini-John | Source = DCOM | ID = 10005
Description =

Error - 3/24/2010 3:05:20 PM | Computer Name = Mini-John | Source = DCOM | ID = 10005
Description =

Error - 3/24/2010 3:05:20 PM | Computer Name = Mini-John | Source = DCOM | ID = 10005
Description =

Error - 3/24/2010 3:05:23 PM | Computer Name = Mini-John | Source = DCOM | ID = 10005
Description =

Error - 3/24/2010 3:28:53 PM | Computer Name = Mini-John | Source = DCOM | ID = 10005
Description =


< End of report >

By the way, I just noticed a process which is starting itself, which may be related to the virus?

wmpnscfg.exe (description: windows media player network sharing service configuration application)

Obviously it says its related to windows media player, but the fact that it starts by itself somewhat concerns me.

Thanks again for all your help!

That is a major infection.

Delete that copy of ComboFix.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /killall
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Hi Dragonmaster,
I don't want to jinx anything, but it would appear that combofix was successful. Here's the log:

ComboFix 10-04-04.01 - John 04/05/2010 1:47.4.2 - x86 NETWORK
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.1.1033.18.2519.1926 [GMT -7:00]
Running from: c:\users\John\Desktop\commy.exe
Command switches used :: /killall
AV: Symantec Endpoint Protection *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec Endpoint Protection *disabled* (Outdated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1419061039-1915680080-1251473730-500
c:\program files\Adobe\1299942462.old
c:\program files\Adobe\2915299.old
c:\program files\Adobe\317025.old
c:\program files\Adobe\acrotray .exe
c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\wmpscfgs.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\users\John\AppData\Local\av.exe
c:\users\John\AppData\Local\ave.exe
c:\users\John\AppData\Roaming\avp.ico
c:\windows\system32\app_dll.dll
c:\windows\system32\certstore.dat
c:\windows\system32\drivers\ayemgy.sys
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxpers .exe
c:\windows\system32\igfxtray .exe
c:\windows\system32\joyapate.dll
c:\windows\system32\kahijoye.exe
c:\windows\system32\kayukore.exe
c:\windows\system32\kojofaba.exe
c:\windows\system32\lipewedi.exe
c:\windows\system32\msapps\comsrvr.exe
c:\windows\system32\mupigijo.dll
c:\windows\system32\nilujete.dll
c:\windows\system32\nuyakete.dll
c:\windows\system32\pebehiti.dll
c:\windows\system32\pemivubu.dll
c:\windows\system32\rigebevu.dll
c:\windows\system32\risowupa.dll
c:\windows\system32\rukabipe.dll
c:\windows\system32\seagate.sys
c:\windows\system32\spool\prtprocs\w32x86\000019c6.tmp
c:\windows\system32\spool\prtprocs\w32x86\00003ca7.tmp
c:\windows\system32\spool\prtprocs\w32x86\00003cf2.tmp
c:\windows\system32\spool\prtprocs\w32x86\00007d5b.tmp
c:\windows\system32\tesawuzo.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\tojedela.exe
c:\windows\system32\tpshocks .exe
c:\windows\system32\uyjudh0bkp.dll
c:\windows\system32\yakituro.dll
c:\windows\system32\yevilido.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
Q:\AUTORUN.INF
S:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SEAGATE
-------\Service_seagate
-------\Legacy_ayemgy
-------\Service_ayemgy
-------\Service_COMServer


((((((((((((((((((((((((( Files Created from 2010-03-05 to 2010-04-05 )))))))))))))))))))))))))))))))
.

2010-04-05 08:55 . 2010-04-05 08:58 -------- d-----w- c:\users\John\AppData\Local\temp
2010-04-05 08:55 . 2010-04-05 08:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-05 08:41 . 2010-04-05 08:45 -------- d-----w- C:\32788R22FWJFW
2010-04-03 08:51 . 2010-04-03 08:51 -------- d-----w- C:\A
2010-04-02 16:06 . 2010-04-02 16:06 4 ----a-w- c:\program files\2676150.dat
2010-04-02 15:20 . 2010-04-02 15:20 -------- d-----w- c:\program files\WhoCrashed
2010-04-02 15:10 . 2010-04-02 16:06 27648 ----a-w- c:\windows\system32\tpshocks.exe
2010-04-02 15:03 . 2010-04-02 15:03 4 ----a-w- c:\program files\104193.dat
2010-03-25 16:12 . 2010-03-25 16:12 -------- d-----w- C:\_OTL
2010-03-24 23:01 . 2010-03-24 23:01 27648 ----a-w- c:\windows\tsnp2uvc.exe
2010-03-24 17:48 . 2010-03-24 17:57 -------- d-----w- c:\program files\Mbytes
2010-03-24 17:47 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-24 17:47 . 2010-03-24 17:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-24 17:47 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-24 17:45 . 2010-03-24 17:45 -------- d-----w- c:\program files\CCleaner
2010-03-24 16:35 . 2010-03-24 21:12 203776 --sha-w- c:\users\John\AppData\Local\128822158.dll
2010-03-24 10:06 . 2010-04-05 08:55 -------- d-----w- c:\windows\system32\msapps

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-03 08:53 . 2009-07-04 09:17 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-03 08:28 . 2009-07-09 22:30 2032 ----a-w- c:\users\John\AppData\Local\d3d9caps.dat
2010-04-02 16:06 . 2009-07-04 09:35 -------- d-----w- c:\program files\Lenovo Fingerprint Software
2010-04-02 15:26 . 2009-08-13 02:47 -------- d-----w- c:\program files\iTunes
2010-04-02 15:26 . 2009-07-06 20:34 -------- d-----w- c:\program files\QuickTime
2010-04-02 15:26 . 2009-07-04 09:29 27648 ----a-w- c:\windows\system32\igfxpers.exe
2010-04-02 15:26 . 2009-07-04 09:29 27648 ----a-w- c:\windows\system32\hkcmd.exe
2010-04-02 15:26 . 2009-07-04 09:29 27648 ----a-w- c:\windows\system32\igfxtray.exe
2010-04-02 15:26 . 2009-07-14 20:13 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-24 14:57 . 2010-01-20 19:40 -------- d-----w- c:\program files\uTorrent
2010-03-24 12:37 . 2010-01-20 19:40 -------- d-----w- c:\users\John\AppData\Roaming\uTorrent
2010-03-16 02:37 . 2009-11-25 09:56 -------- d-----w- c:\program files\PC-Doctor
2010-03-10 21:30 . 2009-07-04 09:41 -------- d-----w- c:\programdata\Roxio
2010-03-10 21:30 . 2009-07-04 09:41 -------- d-----w- c:\program files\Roxio
2010-03-10 21:30 . 2009-07-04 09:41 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-03-10 21:30 . 2009-07-04 09:41 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-03-10 21:26 . 2009-07-06 22:01 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-03-10 21:22 . 2009-09-12 01:57 -------- d-----w- c:\program files\Binary News Reaper
2010-03-09 09:11 . 2009-07-06 19:23 135128 ----a-w- c:\users\John\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-09 09:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-05 18:39 . 2010-02-05 18:39 251376 ----a-w- c:\users\John\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-02-01 22:44 . 2010-02-01 22:44 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-01 19:52 . 2010-02-05 10:20 15424 ----a-w- c:\programdata\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPToLTT2\LTTCheck.exe
2010-01-25 12:48 . 2010-02-24 07:54 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48 . 2010-02-24 07:54 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48 . 2010-02-24 07:54 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48 . 2010-02-24 07:54 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45 . 2010-02-24 07:54 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35 . 2010-02-24 07:54 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-24 07:54 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34 . 2010-02-24 07:54 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34 . 2010-02-24 07:54 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:44 . 2010-02-24 07:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-15 18:13 . 2010-01-15 18:13 218864 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-15 17:18 . 2010-01-15 17:18 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2010-01-06 11:12 . 2010-01-31 18:59 24304 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
2010-01-06 11:12 . 2009-07-04 09:50 382312 ------w- c:\windows\PWMBTHLV.EXE
2010-01-06 11:12 . 2009-07-04 09:50 11552 ------w- c:\windows\system32\drivers\TPPWR32V.SYS
1601-01-01 00:03 . 1601-01-01 00:03 70144 --sha-w- c:\windows\System32\bamezafu.dll
1601-01-01 00:03 . 1601-01-01 00:03 66560 --sha-w- c:\windows\System32\dobazusi.dll
1601-01-01 00:03 . 1601-01-01 00:03 70144 --sha-w- c:\windows\System32\fafakaza.dll
2010-01-02 15:03 . 2010-01-02 15:03 96256 --sha-w- c:\windows\System32\gahejeyu.dll
1601-01-01 00:03 . 1601-01-01 00:03 83456 --sha-w- c:\windows\System32\gahejeyu.exe
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\System32\gamibefe.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\System32\halulohi.dll
2010-01-02 16:03 . 2010-01-02 16:03 42496 --sha-w- c:\windows\System32\hayaheta.dll
1601-01-01 00:03 . 1601-01-01 00:03 95744 --sha-w- c:\windows\System32\henijuve.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\System32\hovolile.dll
2010-01-02 15:03 . 2010-01-02 15:03 42496 --sha-w- c:\windows\System32\hujepaka.dll
1601-01-01 00:03 . 1601-01-01 00:03 48640 --sha-w- c:\windows\System32\jelasisa.dll
2010-01-03 07:46 . 2010-01-03 07:46 42496 --sha-w- c:\windows\System32\kevidobi.dll
2010-01-02 16:03 . 2010-01-02 16:03 82944 --sha-w- c:\windows\System32\kunozole.exe
1601-01-01 00:03 . 1601-01-01 00:03 46080 --sha-w- c:\windows\System32\nozuzito.dll
2010-01-02 17:03 . 2010-01-02 17:03 42496 --sha-w- c:\windows\System32\pafikiwu.dll
1601-01-01 00:03 . 1601-01-01 00:03 95744 --sha-w- c:\windows\System32\pehuraba.dll
1601-01-01 00:03 . 1601-01-01 00:03 95744 --sha-w- c:\windows\System32\poroyoju.dll
2010-01-03 08:46 . 2010-01-03 08:46 42496 --sha-w- c:\windows\System32\pubinibu.dll
2010-01-02 00:49 . 2010-01-02 00:49 28672 --sha-w- c:\windows\System32\rivesogo.dll
2010-01-02 16:03 . 2010-01-02 16:03 96256 --sha-w- c:\windows\System32\sekoseye.dll
2010-01-01 16:20 . 2010-01-01 16:20 31744 --sha-w- c:\windows\System32\sizesare.dll
1601-01-01 00:03 . 1601-01-01 00:03 82944 --sha-w- c:\windows\System32\sosagatu.exe
2010-01-02 00:49 . 2010-01-02 00:49 42496 --sha-w- c:\windows\System32\tajokigu.dll
1601-01-01 00:03 . 1601-01-01 00:03 201728 --sha-w- c:\windows\System32\tesifoti.exe
2010-01-01 16:20 . 2010-01-01 16:20 42496 --sha-w- c:\windows\System32\toteduba.dll
1601-01-01 00:03 . 1601-01-01 00:03 6144 --sha-w- c:\windows\System32\vohelipe.dll
2010-01-02 15:03 . 2010-01-02 15:03 82944 --sha-w- c:\windows\System32\yaponema.exe
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\System32\yasijote.dll
1601-01-01 00:03 . 1601-01-01 00:03 66560 --sha-w- c:\windows\System32\yofamoyu.dll
2009-07-04 08:57 . 2009-07-04 08:55 8192 --sh--w- c:\windows\Users\Default\NTUSER.DAT
.


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-02 27648]
"Google Update"="c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-02 27648]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"QuickTime Task"="c:\program files\quicktime\qttask .exe -atboottime" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2010-04-02 27648]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-04-02 27648]
"TpShocks"="TpShocks.exe" [2010-04-02 27648]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2010-03-24 27648]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-19 1434920]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2010-04-02 27648]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2010-04-02 27648]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2010-04-02 27648]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2010-04-02 27648]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-01-06 869736]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2010-01-06 214576]
"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2010-04-02 27648]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2010-04-02 27648]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2010-04-02 27648]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2010-04-02 27648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-04-02 27648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-02 27648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-02 27648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-02 27648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-02 27648]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2010-04-02 27648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-02 27648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-04-02 27648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-02 27648]
"kidewukaru"="yamisepa.dll" [N/A]
"wufayaveh"="c:\windows\system32\lihawefi.dll" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
""="" [N/A]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-7-4 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
2009-07-14 19:40 75064 ------w- c:\program files\Citrix\GoToAssist Express Customer\177\g2ax_winlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AntiVirus Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AntiVirus Plus.lnk
backup=c:\windows\pss\AntiVirus Plus.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AntiVirus Plus.lnk]
path=c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AntiVirus Plus.lnk
backup=c:\windows\pss\AntiVirus Plus.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2009-01-08 15:36 2521464 ----a-w- c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiVirus Plus]
c:\users\John\AppData\Roaming\AntiVirus Plus\AntiVirus Plus.55532.dll [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hsa8ffushf83hoigjhs98jgijg9sd8e]
c:\users\John\appdata\local\temp\w51he5h6lc .exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hsf87efjhdsf87f3jfsdi7fhsujfd]
c:\users\John\AppData\Local\Temp\win32.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2009-02-27 13:40 1202448 ------w- c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-02 15:26 27648 ----a-w- c:\program files\iTunes\ituneshelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-24 15:02 27648 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WordPerfect Office 1215]
2010-03-24 17:02 27648 ----a-w- c:\program files\WordPerfect Office 12\Programs\registration .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wufayaveh]
c:\windows\system32\lihawefi.dll [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YVIBBBHA8C]
c:\users\John\appdata\local\temp\pdp .exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001

R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-03-19 1680632]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-03-19 106496]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-04-01 4172288]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-04-01 88576]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-03-20 482176]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2010-04-02 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]

2010-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1419061039-1915680080-1251473730-1003Core.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-01 16:05]

2010-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1419061039-1915680080-1251473730-1003UA.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-01 16:05]

2010-03-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]

2010-03-24 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2010-02-18 00:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lenovo.live.com
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\gz7jgimt.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\John\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\John\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

BHO-{6d792e9e-f4e0-41d6-8455-cf11104e3f3d} - pebehiti.dll
SharedTaskScheduler-{8bf43728-1c39-40de-bca6-eb599b0be168} - c:\windows\system32\lihawefi.dll
SSODL-kulofiwiv-{8bf43728-1c39-40de-bca6-eb599b0be168} - c:\windows\system32\lihawefi.dll
SafeBoot-Symantec Antvirus
AddRemove-HijackThis - c:\users\John\Desktop\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-05 01:59
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys >>UNKNOWN [0x879C68C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x893ca322
\Driver\ACPI -> acpi.sys @ 0x80696d4c
\Driver\atapi -> ataport.SYS @ 0x805aaa14
\Driver\iaStor -> iaStor.sys @ 0x807660ac
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK
copy of MBR has been found in sector 1 !

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,93,ee,cb,61,e1,3d,66,49,be,00,b7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,93,ee,cb,61,e1,3d,66,49,be,00,b7,\

[HKEY_USERS\S-1-5-21-1419061039-1915680080-1251473730-1003\Software\SecuROM\License information*]
"datasecu"=hex:b9,4e,26,92,2e,dd,e7,30,28,1a,24,e4,7a,11,f6,77,22,99,41,3b,32,
c4,ef,d9,e3,6b,0c,0b,a1,e4,f4,82,02,e3,e9,76,9e,cb,82,ec,3a,a0,1d,98,a7,13,\
"rkeysecu"=hex:4e,69,3d,c5,d4,a0,7e,91,01,a3,18,1c,98,7a,04,49

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(776)
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\Taskmgr.exe
c:\windows\helppane.exe
.
**************************************************************************
.
Completion time: 2010-04-05 02:05:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-05 09:05

Pre-Run: 28,265,226,240 bytes free
Post-Run: 27,925,299,200 bytes free

- - End Of File - - 2B4F55684CF021AAB1F9359D9DBBC660

1. ComboFix re-run

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the box below into it:
  
  

  Code:

  killall::

Files::
c:\users\John\AppData\Local\128822158.dll
c:\windows\System32\bamezafu.dll
c:\windows\System32\dobazusi.dll
c:\windows\System32\fafakaza.dll
c:\windows\System32\gahejeyu.dll
c:\windows\System32\gahejeyu.exe
c:\windows\System32\gamibefe.dll
c:\windows\System32\halulohi.dll
c:\windows\System32\hayaheta.dll
c:\windows\System32\henijuve.dll
c:\windows\System32\hovolile.dll
c:\windows\System32\hujepaka.dll
c:\windows\System32\jelasisa.dll
c:\windows\System32\kevidobi.dll
c:\windows\System32\kunozole.exe
c:\windows\System32\nozuzito.dll
c:\windows\System32\pafikiwu.dll
c:\windows\System32\pehuraba.dll
c:\windows\System32\poroyoju.dll
c:\windows\System32\pubinibu.dll
c:\windows\System32\rivesogo.dll
c:\windows\System32\sekoseye.dll
c:\windows\System32\sizesare.dll
c:\windows\System32\sosagatu.exe
c:\windows\System32\tajokigu.dll
c:\windows\System32\tesifoti.exe
c:\windows\System32\toteduba.dll
c:\windows\System32\vohelipe.dll
c:\windows\System32\yaponema.exe
c:\windows\System32\yasijote.dll
c:\windows\System32\yofamoyu.dll
c:\users\John\appdata\local\temp\w51he5h6lc .exe
c:\users\John\AppData\Local\Temp\win32.exe
c:\users\John\appdata\local\temp\pdp .exe
c:\windows\system32\lihawefi.dll

RenV::
c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\clistart .exe
c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe
c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy .exe
c:\program files\Common Files\Symantec Shared\ccapp .exe
c:\program files\CONEXANT\SAII\saiicpl .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\Lenovo\Client Security Solution\cssauth .exe
c:\program files\Lenovo\Message Center Plus\mcplaunch .exe
c:\program files\Lenovo\Mobile Broadband Connect\usershortcutcreator .exe
c:\program files\Lenovo\NPDIRECT\tpfnf7sp .exe
c:\program files\Lenovo Fingerprint Software\fpapp .exe
c:\program files\QuickTime\qttask    .exe
c:\program files\QuickTime\qttask    .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\QuickTime\qttask .exe
c:\program files\ThinkPad\ConnectUtilities\actray .exe
c:\program files\ThinkPad\ConnectUtilities\acwlicon .exe
c:\program files\ThinkPad\Utilities\ezejmnap .exe
c:\program files\ThinkPad\Utilities\tpkmapap .exe
c:\program files\ThinkVantage\PrdCtr\lpmgr .exe
c:\program files\ThinkVantage\PrdCtr\lpmlchk .exe
c:\program files\WordPerfect Office 12\Programs\registration  .exe
c:\program files\WordPerfect Office 12\Programs\registration .exe

DirLook::
C:\A

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"kidewukaru"=-
"wufayaveh"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiVirus Plus]
[-HKLM\~\startupfolder\C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AntiVirus Plus.lnk]
[-HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AntiVirus Plus.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hsa8ffushf83hoigjhs98jgijg9sd8e]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hsf87efjhdsf87f3jfsdi7fhsujfd]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wufayaveh]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YVIBBBHA8C]

MBR::

Reboot::
  
  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

2. Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

3. Post logs

Make sure to post these logs for my review:

• ComboFix log
  
• ESET Scan log

Also, let me know how your computer is running.

Thanks!

Hey there,
I'm running the online scan now, but in the interim, here's the Combofix log:

ComboFix 10-04-04.01 - John 04/05/2010 10:12:22.5.2 - x86 NETWORK
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.1.1033.18.2519.2070 [GMT -7:00]
Running from: c:\users\John\Desktop\Commy.exe
Command switches used :: c:\users\John\Desktop\CFscript.txt
AV: Symantec Endpoint Protection *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec Endpoint Protection *disabled* (Outdated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-03-05 to 2010-04-05 )))))))))))))))))))))))))))))))
.

2010-04-05 17:19 . 2010-04-05 17:24 -------- d-----w- c:\users\John\AppData\Local\temp
2010-04-05 17:19 . 2010-04-05 17:19 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-05 17:19 . 2010-04-05 17:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-05 17:05 . 2010-04-05 17:08 -------- d-----w- C:\32788R22FWJFW
2010-04-03 08:51 . 2010-04-03 08:51 -------- d-----w- C:\A
2010-04-02 16:06 . 2010-04-02 16:06 4 ----a-w- c:\program files\2676150.dat
2010-04-02 15:20 . 2010-04-02 15:20 -------- d-----w- c:\program files\WhoCrashed
2010-04-02 15:10 . 2010-04-02 16:06 27648 ----a-w- c:\windows\system32\tpshocks.exe
2010-04-02 15:03 . 2010-04-02 15:03 4 ----a-w- c:\program files\104193.dat
2010-03-25 16:12 . 2010-03-25 16:12 -------- d-----w- C:\_OTL
2010-03-24 23:01 . 2010-03-24 23:01 27648 ----a-w- c:\windows\tsnp2uvc.exe
2010-03-24 17:48 . 2010-03-24 17:57 -------- d-----w- c:\program files\Mbytes
2010-03-24 17:47 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-24 17:47 . 2010-03-24 17:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-24 17:47 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-24 17:45 . 2010-03-24 17:45 -------- d-----w- c:\program files\CCleaner
2010-03-24 16:35 . 2010-03-24 21:12 203776 --sha-w- c:\users\John\AppData\Local\128822158.dll
2010-03-24 10:06 . 2010-04-05 08:55 -------- d-----w- c:\windows\system32\msapps

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-05 17:22 . 2009-07-04 09:17 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-05 17:11 . 2009-07-06 20:34 -------- d-----w- c:\program files\QuickTime
2010-04-05 17:11 . 2009-08-13 02:47 -------- d-----w- c:\program files\iTunes
2010-04-05 17:11 . 2009-07-04 09:35 -------- d-----w- c:\program files\Lenovo Fingerprint Software
2010-04-05 17:11 . 2009-07-14 20:13 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-03 08:28 . 2009-07-09 22:30 2032 ----a-w- c:\users\John\AppData\Local\d3d9caps.dat
2010-04-02 15:26 . 2009-07-04 09:29 27648 ----a-w- c:\windows\system32\igfxpers.exe
2010-04-02 15:26 . 2009-07-04 09:29 27648 ----a-w- c:\windows\system32\hkcmd.exe
2010-04-02 15:26 . 2009-07-04 09:29 27648 ----a-w- c:\windows\system32\igfxtray.exe
2010-03-24 14:57 . 2010-01-20 19:40 -------- d-----w- c:\program files\uTorrent
2010-03-24 12:37 . 2010-01-20 19:40 -------- d-----w- c:\users\John\AppData\Roaming\uTorrent
2010-03-16 02:37 . 2009-11-25 09:56 -------- d-----w- c:\program files\PC-Doctor
2010-03-10 21:30 . 2009-07-04 09:41 -------- d-----w- c:\programdata\Roxio
2010-03-10 21:30 . 2009-07-04 09:41 -------- d-----w- c:\program files\Roxio
2010-03-10 21:30 . 2009-07-04 09:41 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-03-10 21:30 . 2009-07-04 09:41 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-03-10 21:26 . 2009-07-06 22:01 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-03-10 21:22 . 2009-09-12 01:57 -------- d-----w- c:\program files\Binary News Reaper
2010-03-09 09:11 . 2009-07-06 19:23 135128 ----a-w- c:\users\John\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-09 09:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-05 18:39 . 2010-02-05 18:39 251376 ----a-w- c:\users\John\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-02-01 22:44 . 2010-02-01 22:44 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-01 19:52 . 2010-02-05 10:20 15424 ----a-w- c:\programdata\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPToLTT2\LTTCheck.exe
2010-01-25 12:48 . 2010-02-24 07:54 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48 . 2010-02-24 07:54 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48 . 2010-02-24 07:54 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48 . 2010-02-24 07:54 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45 . 2010-02-24 07:54 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35 . 2010-02-24 07:54 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-24 07:54 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34 . 2010-02-24 07:54 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34 . 2010-02-24 07:54 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:44 . 2010-02-24 07:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-15 18:13 . 2010-01-15 18:13 218864 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-15 17:18 . 2010-01-15 17:18 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2010-01-06 11:12 . 2010-01-31 18:59 24304 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
2010-01-06 11:12 . 2009-07-04 09:50 382312 ------w- c:\windows\PWMBTHLV.EXE
2010-01-06 11:12 . 2009-07-04 09:50 11552 ------w- c:\windows\system32\drivers\TPPWR32V.SYS
1601-01-01 00:03 . 1601-01-01 00:03 70144 --sha-w- c:\windows\System32\bamezafu.dll
1601-01-01 00:03 . 1601-01-01 00:03 66560 --sha-w- c:\windows\System32\dobazusi.dll
1601-01-01 00:03 . 1601-01-01 00:03 70144 --sha-w- c:\windows\System32\fafakaza.dll
2010-01-02 15:03 . 2010-01-02 15:03 96256 --sha-w- c:\windows\System32\gahejeyu.dll
1601-01-01 00:03 . 1601-01-01 00:03 83456 --sha-w- c:\windows\System32\gahejeyu.exe
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\System32\gamibefe.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\System32\halulohi.dll
2010-01-02 16:03 . 2010-01-02 16:03 42496 --sha-w- c:\windows\System32\hayaheta.dll
1601-01-01 00:03 . 1601-01-01 00:03 95744 --sha-w- c:\windows\System32\henijuve.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\System32\hovolile.dll
2010-01-02 15:03 . 2010-01-02 15:03 42496 --sha-w- c:\windows\System32\hujepaka.dll
1601-01-01 00:03 . 1601-01-01 00:03 48640 --sha-w- c:\windows\System32\jelasisa.dll
2010-01-03 07:46 . 2010-01-03 07:46 42496 --sha-w- c:\windows\System32\kevidobi.dll
2010-01-02 16:03 . 2010-01-02 16:03 82944 --sha-w- c:\windows\System32\kunozole.exe
1601-01-01 00:03 . 1601-01-01 00:03 46080 --sha-w- c:\windows\System32\nozuzito.dll
2010-01-02 17:03 . 2010-01-02 17:03 42496 --sha-w- c:\windows\System32\pafikiwu.dll
1601-01-01 00:03 . 1601-01-01 00:03 95744 --sha-w- c:\windows\System32\pehuraba.dll
1601-01-01 00:03 . 1601-01-01 00:03 95744 --sha-w- c:\windows\System32\poroyoju.dll
2010-01-03 08:46 . 2010-01-03 08:46 42496 --sha-w- c:\windows\System32\pubinibu.dll
2010-01-02 00:49 . 2010-01-02 00:49 28672 --sha-w- c:\windows\System32\rivesogo.dll
2010-01-02 16:03 . 2010-01-02 16:03 96256 --sha-w- c:\windows\System32\sekoseye.dll
2010-01-01 16:20 . 2010-01-01 16:20 31744 --sha-w- c:\windows\System32\sizesare.dll
1601-01-01 00:03 . 1601-01-01 00:03 82944 --sha-w- c:\windows\System32\sosagatu.exe
2010-01-02 00:49 . 2010-01-02 00:49 42496 --sha-w- c:\windows\System32\tajokigu.dll
1601-01-01 00:03 . 1601-01-01 00:03 201728 --sha-w- c:\windows\System32\tesifoti.exe
2010-01-01 16:20 . 2010-01-01 16:20 42496 --sha-w- c:\windows\System32\toteduba.dll
1601-01-01 00:03 . 1601-01-01 00:03 6144 --sha-w- c:\windows\System32\vohelipe.dll
2010-01-02 15:03 . 2010-01-02 15:03 82944 --sha-w- c:\windows\System32\yaponema.exe
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\System32\yasijote.dll
1601-01-01 00:03 . 1601-01-01 00:03 66560 --sha-w- c:\windows\System32\yofamoyu.dll
2009-07-04 08:57 . 2009-07-04 08:55 8192 --sh--w- c:\windows\Users\Default\NTUSER.DAT
.


(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\A ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]
"Google Update"="c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-02 27648]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-07 256576]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-05-28 61728]
"TpShocks"="TpShocks.exe" [2010-04-02 27648]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2010-03-24 27648]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-19 1434920]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-01-28 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-01-28 124248]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-01-06 869736]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2010-01-06 214576]
"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-05-15 40960]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-12-11 435560]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2009-12-11 181608]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-03-20 115560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-02 27648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-02 27648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-02 27648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-02-27 992816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
""="" [N/A]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-7-4 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
2009-07-14 19:40 75064 ------w- c:\program files\Citrix\GoToAssist Express Customer\177\g2ax_winlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2009-01-08 15:36 2521464 ----a-w- c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2009-02-27 13:40 1202448 ------w- c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-13 00:33 141600 ----a-w- c:\program files\iTunes\ituneshelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-24 16:42 27648 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WordPerfect Office 1215]
c:\program files\wordperfect office 12\programs\registration .exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
R1 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2008-07-11 48192]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-03-19 1680632]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2010-01-06 132456]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-03-19 98304]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-03-30 45424]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2010-01-06 75112]
R2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-04-02 62320]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-24 520192]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-02-12 2058776]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-03-19 106496]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-04-01 4172288]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-04-01 88576]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-03-20 482176]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-02-27 29736]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2009-03-20 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-10-29 102448]
R3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\Citrix\GoToAssist Express Customer\177\g2ax_service.exe Start=service [x]
R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2009-04-01 2473472]
R3 MUXP;My WiFi PAN Mux-IM Protocol Driver;c:\windows\system32\DRIVERS\mux.sys [2009-02-18 30768]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-02-27 211216]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-25 1120752]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2008-02-22 37312]
R4 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2010-01-06 24304]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-01-29 20520]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-03-27 221824]
S3 MUXMP;My WiFi PAN MUX-IM Virtual Miniport Driver;c:\windows\system32\DRIVERS\mux.sys [2009-02-18 30768]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-03-04 4232704]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2010-04-02 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]

2010-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1419061039-1915680080-1251473730-1003Core.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-01 16:05]

2010-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1419061039-1915680080-1251473730-1003UA.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-01 16:05]

2010-03-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]

2010-03-24 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2010-02-18 00:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lenovo.live.com
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\gz7jgimt.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\John\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\John\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-05 10:25
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,93,ee,cb,61,e1,3d,66,49,be,00,b7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,93,ee,cb,61,e1,3d,66,49,be,00,b7,\

[HKEY_USERS\S-1-5-21-1419061039-1915680080-1251473730-1003\Software\SecuROM\License information*]
"datasecu"=hex:b9,4e,26,92,2e,dd,e7,30,28,1a,24,e4,7a,11,f6,77,22,99,41,3b,32,
c4,ef,d9,e3,6b,0c,0b,a1,e4,f4,82,02,e3,e9,76,9e,cb,82,ec,3a,a0,1d,98,a7,13,\
"rkeysecu"=hex:4e,69,3d,c5,d4,a0,7e,91,01,a3,18,1c,98,7a,04,49

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(152)
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
.
**************************************************************************
.
Completion time: 2010-04-05 10:30:45 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-05 17:30
ComboFix2.txt 2010-04-05 09:05

Pre-Run: 28,012,945,408 bytes free
Post-Run: 27,928,064,000 bytes free

- - End Of File - - 14F4534B678E5C6F03D1CD2C5600FE32

Hi Dragonmaster,
Just so you know, ESET has finished scanning. It found 66 threats, all of which it deleted off the computer. However, without thinking I chose to uninstall the program upon closing, which deleted the log file. :sad: I'm running the scan again now, and will post the results when I'm done.

Hi there,
Here's the log from eset:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - delete file error:Access is denied.

OnlineScanner.ocx - copy file error :The process cannot access the file because it is being used by another process.

OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=2b0294d4d303e54587e499765c21481c
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-04-06 12:29:49
# local_time=2010-04-05 05:29:49 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776638 100 100 22114347 107115949 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=158312
# found=0
# cleaned=0
# scan_time=5368