Infected...issues

[Helplesswonder]

Hi,

I had/was in the process of removing outdated McAfee and other spyware/malware/antivirus software to replace with Microsoft Security Essentials. While in Firefox, kept getting redirected to some malware (forgot the name of it). Have had issues getting firewall back up and fixing registry issues. MSE scan revealed multiple infections including Trojan sifref.B. Despite being a novice at this, I thought I had everything fixed up last night after following multiple threads, but I was wrong...sfc /scannow stops at 68%, firewall back down, wireless connection fails to connect (ipconfig shows media disconnected - reinstalled driver, but didn't help) ...mbam quick scan revealed no malicious items detected...any help is greatly appreciated.

AJ

Attach.txt

DDS.txt

[Elise]

Hello and

COMBOFIX

---------------

Please download ComboFix from one of these locations:

• 
  

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

[Helplesswonder]

Thanks, Elise. Quick question, how long does Combofix typically take? I made sure to disable Antivirus/Antispyware, the firewall and Windows defender were already off, and I haven't touched the computer since the scan started but it has been going for quite a while. Just wanted to make sure it is not stalling or getting hung up on something...I remember running Microsoft Antimalware two days ago and it was getting hung up on a bunch of temp files.

Thanks,

AJ

[Elise]

It can take up to half an hour all in all, but shouldn't take longer than that. If it happens and seems to hang, manually reboot your computer in Safe Mode and try to run it from there.

[Helplesswonder]

Finally got ComboFix to go in Safe Mode and the following message popped up "ComboFix has detected the presence of rootkit activity and needs to reboot the machine" - Do I go ahead and click ok? Is there anything I need to do beforehand?

[Elise]

Yes, click OK there (you might get more than one such message).

[Helplesswonder]

OK...got the Rootkit.ZeroAccess! message. It is rebooting again so I will let you know what happens...

[Elise]

Okay, keep me posted.

[Helplesswonder]

The same messages keep coming up with each reboot - Rootkit (need to reboot) then Rootkit.ZeroAccess, Rootkit (need to reboot) then Rootkit (need to reboot), etc. Is it going to keep cycling like this?

[Elise]

This can take two reboots, but nor more than that. If it doesn't stop try to boot in Safe Mode, or try to exit combofix manually.

[Helplesswonder]

Each time I run it it just tells me there is the rootkit and wants to reboot, even in SafeMode.

[Elise]

Can you manually exit it (bring up the taskmanager and stop the application).

[Helplesswonder]

Yes. I can stop it manually but I am having difficulty locating combofix.txt

[Elise]

No need for that. Can you try to run it once more (if it loops again, stop it manually and let me know).

[Helplesswonder]

Ran Combofix again and got same cycle...

[Elise]

Can you please rerun DDS and post me a new dds.txt log?

[Helplesswonder]

New DDS log

.

DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Administrator at 16:11:24 on 2012-03-11

Microsoft® Windows Vista™ Enterprise 6.0.6002.2.1252.1.1033.18.2519.1985 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Windows\System32\svchost.exe -k LocalService

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.unc.edu

mSearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - c:\windows\system32\CbFsMntNtf3.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [TpShocks] TpShocks.exe

mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe

mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe

mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s

mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe

mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe

mRun: [CameraApplicationLauncher] c:\program files\lenovo\camera center\bin\CameraApplicationLaunchpadLauncher.exe

mRun: [RoxioDragToDisc] "c:\program files\lenovo\drag-to-disc\DrgToDsc.exe"

mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r

mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper

mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sKDaemon.exe] c:\program files\lenovo\productivity keyboard\SKDaemon.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{21e247d4-5e27-4bea-aa4d-19a81203fe2a}\Icon3E5562ED7.ico

uPolicies-explorer: RestrictWelcomeCenter = 0 (0x0)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

dPolicies-explorer: RestrictWelcomeCenter = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab

DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://gateway.tucsonortho.com/XTSAC.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://nccn.webex.com/client/T27LB/event/ieatgpc1.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: AfsLogon - c:\program files\openafs\client\program\afslogon.dll

Notify: igfxcui - igfxdev.dll

SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll

STS: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - c:\windows\system32\CbFsMntNtf3.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]

S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2011-11-22 293904]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-19 13480]

S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-28 48192]

S2 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2008-8-14 102400]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]

S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]

S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2008-8-15 1664248]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2008-10-12 66848]

S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]

S2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-6-29 58736]

S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-6-6 520192]

S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-28 253952]

S2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2008-10-12 2058776]

S3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\RCUVCMNP.sys [2009-9-10 186624]

S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2008-10-12 3881472]

S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2008-10-12 54784]

S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-8-15 480640]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-8-14 220152]

S3 intelkmd;intelkmd;c:\windows\system32\drivers\igdkmd32.sys [2008-10-12 2381312]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]

S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-6-26 3662848]

S3 NETwNv32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwNv32.sys [2010-10-31 6959616]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-12-18 20480]

S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-18 174720]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]

S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2008-3-24 15744]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]

S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]

S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]

.

=============== Created Last 30 ================

.

2012-03-11 19:57:07 -------- d-s---w- C:\Combo-Fix4490C

2012-03-11 19:47:03 -------- d-s---w- C:\Combo-Fix19742C

2012-03-11 19:13:47 -------- d-s---w- C:\Combo-Fix26754C

2012-03-11 17:33:15 -------- d-s---w- C:\Combo-Fix19626C

2012-03-11 17:16:58 -------- d-s---w- C:\Combo-Fix10075C

2012-03-11 17:04:29 -------- d-s---w- C:\Combo-Fix16208C

2012-03-11 16:53:45 -------- d-----w- c:\users\administrator\appdata\local\Apple

2012-03-11 16:46:54 -------- d-s---w- C:\Combo-Fix549C

2012-03-11 16:33:19 -------- d-s---w- C:\Combo-Fix32339C

2012-03-10 20:31:41 -------- d-s---w- C:\Combo-Fix6550C

2012-03-10 19:26:13 -------- d-s---w- C:\Combo-Fix

2012-03-10 18:44:59 -------- d-----w- c:\program files\CCleaner

2012-03-09 23:06:01 6552120 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{017f57a1-5408-4ec0-92b7-6d854e3a0b04}\mpengine.dll

2012-03-09 22:48:43 -------- d-----w- c:\programdata\Malwarebytes

2012-03-09 21:47:52 98816 ----a-w- c:\windows\sed.exe

2012-03-09 21:47:52 518144 ----a-w- c:\windows\SWREG.exe

2012-03-09 21:47:52 256000 ----a-w- c:\windows\PEV.exe

2012-03-09 21:47:52 208896 ----a-w- c:\windows\MBR.exe

2012-03-09 21:43:22 -------- d-----w- c:\program files\Smart Registry Cleaner

2012-03-09 20:48:16 -------- d-----w- C:\FRST

2012-03-09 00:33:57 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{97ea1902-a9d5-4412-adca-88c1208c5733}\gapaengine.dll

2012-03-08 16:35:56 -------- d-----w- c:\program files\Microsoft Security Client

2012-03-08 12:23:04 -------- d-----w- c:\programdata\SpeedyPC Software

2012-03-08 01:54:38 -------- d-----w- c:\programdata\Symantec

2012-03-08 01:54:38 -------- d-----w- c:\program files\common files\Symantec Shared

2012-03-07 14:14:24 221568 ----a-w- c:\windows\system32\drivers\netio.sys

2012-03-07 12:00:27 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-03-07 12:00:26 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-03-07 11:53:54 -------- d-----w- c:\program files\Windows Portable Devices

2012-03-07 04:48:09 92672 ----a-w- c:\windows\system32\UIAnimation.dll

2012-03-07 04:48:07 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2012-03-07 04:48:06 3023360 ----a-w- c:\windows\system32\UIRibbon.dll

2012-03-07 04:35:32 675152 ----a-w- c:\windows\system32\gpprefcl.dll

2012-03-07 03:37:32 471552 ----a-w- c:\windows\system32\secproc_isv.dll

2012-03-07 03:37:31 471552 ----a-w- c:\windows\system32\secproc.dll

2012-03-07 03:37:30 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe

2012-03-07 03:37:30 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2012-03-07 03:37:29 518144 ----a-w- c:\windows\system32\RMActivate.exe

2012-03-07 03:37:29 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2012-03-07 03:37:28 332288 ----a-w- c:\windows\system32\msdrm.dll

2012-03-07 03:37:28 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2012-03-07 03:37:28 152064 ----a-w- c:\windows\system32\secproc_ssp.dll

2012-03-07 03:37:19 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2012-03-07 03:36:56 1696256 ----a-w- c:\windows\system32\gameux.dll

2012-03-07 03:36:54 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2012-03-07 03:36:54 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2012-03-07 03:36:31 797696 ----a-w- c:\windows\system32\FntCache.dll

2012-03-07 03:36:31 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2012-03-07 03:36:31 1068544 ----a-w- c:\windows\system32\DWrite.dll

2012-03-07 03:36:18 714240 ----a-w- c:\windows\system32\timedate.cpl

2012-03-07 03:32:01 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2012-03-07 03:27:44 310784 ----a-w- c:\windows\system32\unregmp2.exe

2012-03-07 03:27:44 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe

2012-03-06 17:20:17 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-03-06 16:38:31 -------- d-----w- c:\programdata\F4D55F1703D82B4D01481C64570F1C55

2012-02-16 13:39:08 680448 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-16 13:39:04 2044416 ----a-w- c:\windows\system32\win32k.sys

.

==================== Find3M ====================

.

2012-03-07 02:20:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll

2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll

2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 16:12:32.26 ===============

[Elise]

Hi again, it looks like the rootkit is gone. How are things running at this point?

OTL

-----

Please download OTL from one of the following mirrors:

• • This is THE Mirror
    

[*]Save it to your desktop.

[*]Double click on the icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the button.

[*]Two reports will open, copy and paste them in a reply here:

• OTL.txt <-- Will be opened
  
• Extra.txt <-- Will be minimized
  

[Helplesswonder]

Things still run fine except the wireless connection - that is the only problem that I have really had throughout this process. There are a couple of Lenovo-related things that seem to have an issue during start-up after I log in (power manager, camera, and one other thing that I now have forgotten).

Here is the OTL report. I did not see extra report anywhere (not minimized or anything)...?

OTL logfile created on: 3/11/2012 4:54:39 PM - Run 3

OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Administrator\Desktop

Windows Vista Enterprise Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.46 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 59.73% Memory free

5.13 Gb Paging File | 4.04 Gb Available in Paging File | 78.63% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 93.16 Gb Total Space | 19.45 Gb Free Space | 20.87% Space Free | Partition Type: NTFS

Drive D: | 129.95 Gb Total Space | 110.05 Gb Free Space | 84.69% Space Free | Partition Type: NTFS

Drive H: | 499.72 Mb Total Space | 113.68 Mb Free Space | 22.75% Space Free | Partition Type: FAT

Computer Name: UNC-L3A8368 | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/11 16:44:32 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe

PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/06/15 16:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2010/04/23 01:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

PRC - [2009/11/17 13:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/08/15 02:22:38 | 001,664,248 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\AtService.exe

PRC - [2008/08/14 14:31:02 | 000,102,400 | ---- | M] () -- C:\Windows\System32\ADMonitor.exe

PRC - [2008/07/31 04:01:00 | 000,060,192 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe

PRC - [2008/07/28 13:33:00 | 000,066,848 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe

PRC - [2008/07/10 20:42:14 | 000,819,200 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe

PRC - [2008/07/10 20:12:40 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

PRC - [2008/06/13 17:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

PRC - [2008/06/08 14:00:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE

PRC - [2008/06/06 17:26:38 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

PRC - [2008/05/29 17:10:56 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

PRC - [2008/05/29 17:10:48 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe

PRC - [2008/05/08 20:47:36 | 000,509,440 | ---- | M] (OpenAFS Project) -- C:\Program Files\OpenAFS\Client\Program\afsd_service.exe

PRC - [2008/04/25 03:38:34 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe

PRC - [2008/03/26 21:45:12 | 000,058,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

PRC - [2008/03/24 01:41:22 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

PRC - [2008/03/23 21:15:04 | 000,068,464 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

PRC - [2008/01/20 22:23:08 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe

PRC - [2007/03/13 09:05:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe

PRC - [2007/02/28 19:38:18 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbucoms.exe

PRC - [2007/02/09 16:00:54 | 000,262,144 | ---- | M] (LITE-ON TECHNOLOGY CORP.) -- C:\Program Files\Lenovo\Productivity Keyboard\Skdaemon.exe

PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2008/07/28 13:33:00 | 000,028,672 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL

MOD - [2008/05/08 20:52:44 | 000,040,960 | ---- | M] () -- C:\Program Files\OpenAFS\Client\Program\afs_shl_ext_1033.dll

MOD - [2007/06/18 16:28:44 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)

SRV - [2012/02/10 17:50:36 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)

SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/04/27 16:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/11/17 13:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2008/10/12 10:26:51 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008/08/15 02:22:38 | 001,664,248 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\System32\AtService.exe -- (ATService)

SRV - [2008/08/14 14:31:02 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ADMonitor.exe -- (ADMonitor)

SRV - [2008/07/28 13:33:00 | 000,066,848 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)

SRV - [2008/07/10 20:42:14 | 000,819,200 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV - [2008/07/10 20:12:40 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV - [2008/06/13 17:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)

SRV - [2008/06/06 17:26:38 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)

SRV - [2008/05/29 17:10:56 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel®

SRV - [2008/05/29 17:10:48 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®

SRV - [2008/05/28 14:15:18 | 000,253,952 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)

SRV - [2008/05/24 15:52:50 | 000,032,768 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)

SRV - [2008/05/08 20:47:36 | 000,509,440 | ---- | M] (OpenAFS Project) [Auto | Running] -- C:\Program Files\OpenAFS\Client\Program\afsd_service.exe -- (TransarcAFSDaemon)

SRV - [2008/03/26 21:45:12 | 000,058,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)

SRV - [2008/01/20 22:23:07 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/02/28 19:38:18 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbucoms.exe -- (dlbu_device)

SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- -- (PMEM)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)

DRV - [2011/10/14 20:39:50 | 000,293,904 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cbfs3.sys -- (cbfs3)

DRV - [2011/04/27 16:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2011/04/18 14:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)

DRV - [2010/10/18 05:14:22 | 006,959,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNv32.sys -- (NETwNv32) ___ Intel®

DRV - [2010/06/17 04:37:30 | 000,467,072 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)

DRV - [2009/12/18 12:13:02 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)

DRV - [2009/12/18 12:13:00 | 000,230,912 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)

DRV - [2009/12/18 12:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2)

DRV - [2009/12/18 12:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)

DRV - [2009/12/18 12:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)

DRV - [2009/11/17 13:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2009/09/10 02:17:36 | 000,186,624 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RCUVCMNP.sys -- (5U875UVC)

DRV - [2009/08/14 21:18:24 | 000,220,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel®

DRV - [2009/04/11 00:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)

DRV - [2008/11/16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)

DRV - [2008/10/12 08:31:40 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)

DRV - [2008/08/22 00:21:28 | 003,881,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2008/08/22 00:21:28 | 003,881,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)

DRV - [2008/08/21 23:18:34 | 000,054,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)

DRV - [2008/08/15 02:39:46 | 000,480,640 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)

DRV - [2008/07/28 13:33:00 | 000,012,080 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)

DRV - [2008/06/26 06:30:50 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®

DRV - [2008/05/28 14:15:20 | 000,048,192 | ---- | M] (Lenovo) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tvtumon.sys -- (tvtumon)

DRV - [2008/05/14 16:21:16 | 000,114,728 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)

DRV - [2008/05/14 16:21:16 | 000,019,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)

DRV - [2008/05/12 05:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)

DRV - [2008/04/09 19:16:48 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2008/03/26 14:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®

DRV - [2008/02/22 15:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)

DRV - [2008/02/15 05:01:00 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2008/01/20 22:23:00 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)

DRV - [2008/01/20 22:22:59 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

DRV - [2008/01/20 22:22:56 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2008/01/20 22:22:55 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\loop.sys -- (msloop)

DRV - [2007/10/18 15:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2007/07/29 22:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/07/29 21:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2007/06/18 16:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)

DRV - [2007/06/18 16:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)

DRV - [2007/06/18 16:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2007/06/18 16:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2007/06/18 16:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2007/06/18 16:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2007/06/18 16:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2007/06/18 16:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)

DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2007/01/18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006/11/02 03:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2006/06/30 22:27:02 | 000,015,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmx_svga.sys -- (vmx_svga)

DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)

DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)

DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-943858465-1166881987-3745741496-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.unc.edu

IE - HKU\S-1-5-21-943858465-1166881987-3745741496-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\UNC Support\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/12/18 08:44:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/01/12 13:41:59 | 000,000,000 | ---D | M]

[2012/03/06 23:56:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/09/27 11:56:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

[2011/07/07 07:54:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011/08/23 09:59:27 | 000,175,416 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll

[2011/07/07 07:54:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/05/24 17:59:55 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

Hosts file not found

O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe ()

O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)

O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)

O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)

O4 - HKLM..\Run: [sKDaemon.exe] C:\Program Files\Lenovo\Productivity Keyboard\Skdaemon.exe (LITE-ON TECHNOLOGY CORP.)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictWelcomeCenter = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictWelcomeCenter = 0

O7 - HKU\S-1-5-21-943858465-1166881987-3745741496-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-943858465-1166881987-3745741496-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictWelcomeCenter = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)

O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://gateway.tucsonortho.com/XTSAC.cab (XTSAC Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://nccn.webex.com/client/T27LB/event/ieatgpc1.cab (GpcContainer Class)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AfsLogon: DllName - (C:\Program Files\OpenAFS\Client\Program\afslogon.dll) - C:\Program Files\OpenAFS\Client\Program\afslogon.dll (OpenAFS Project)

O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)

O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)

O24 - Desktop WallPaper: C:\Program Files\UNC\wallpaper3_1024x768.jpg

O24 - Desktop BackupWallPaper: C:\Program Files\UNC\wallpaper3_1024x768.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/11 16:54:30 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe

[2012/03/11 16:11:14 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\dds.com

[2012/03/11 15:57:07 | 000,000,000 | --SD | C] -- C:\Combo-Fix4490C

[2012/03/11 15:47:03 | 000,000,000 | --SD | C] -- C:\Combo-Fix19742C

[2012/03/11 15:13:47 | 000,000,000 | --SD | C] -- C:\Combo-Fix26754C

[2012/03/11 13:33:15 | 000,000,000 | --SD | C] -- C:\Combo-Fix19626C

[2012/03/11 13:16:58 | 000,000,000 | --SD | C] -- C:\Combo-Fix10075C

[2012/03/11 13:04:29 | 000,000,000 | --SD | C] -- C:\Combo-Fix16208C

[2012/03/11 12:53:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apple

[2012/03/11 12:46:54 | 000,000,000 | --SD | C] -- C:\Combo-Fix549C

[2012/03/11 12:33:19 | 000,000,000 | --SD | C] -- C:\Combo-Fix32339C

[2012/03/11 12:27:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe

[2012/03/11 12:27:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Apple Computer

[2012/03/10 16:31:41 | 000,000,000 | --SD | C] -- C:\Combo-Fix6550C

[2012/03/10 16:31:12 | 004,432,490 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\Combo-Fix.exe

[2012/03/10 15:26:13 | 000,000,000 | --SD | C] -- C:\Combo-Fix

[2012/03/10 14:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2012/03/10 14:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012/03/09 18:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/03/09 17:47:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/03/09 17:47:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/03/09 17:47:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/03/09 17:47:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/03/09 17:46:07 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/03/09 17:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\Smart Registry Cleaner

[2012/03/09 16:48:16 | 000,000,000 | ---D | C] -- C:\FRST

[2012/03/08 12:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2012/03/08 08:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software

[2012/03/07 21:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared

[2012/03/07 21:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec

[2012/03/07 10:14:24 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys

[2012/03/07 08:00:27 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys

[2012/03/07 07:53:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices

[2012/03/07 00:48:09 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll

[2012/03/07 00:48:07 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll

[2012/03/07 00:48:06 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll

[2012/03/07 00:46:24 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll

[2012/03/07 00:46:24 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe

[2012/03/07 00:46:11 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll

[2012/03/07 00:46:09 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll

[2012/03/07 00:46:09 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll

[2012/03/07 00:46:08 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll

[2012/03/07 00:46:08 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll

[2012/03/07 00:46:08 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll

[2012/03/07 00:46:08 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll

[2012/03/07 00:46:08 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll

[2012/03/07 00:46:07 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll

[2012/03/07 00:46:07 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll

[2012/03/07 00:35:32 | 000,675,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprefcl.dll

[2012/03/06 23:43:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll

[2012/03/06 23:43:27 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe

[2012/03/06 23:43:27 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe

[2012/03/06 23:43:27 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe

[2012/03/06 23:43:25 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll

[2012/03/06 23:43:25 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll

[2012/03/06 23:43:22 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll

[2012/03/06 23:43:22 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe

[2012/03/06 23:43:22 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll

[2012/03/06 23:43:22 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll

[2012/03/06 23:43:22 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll

[2012/03/06 23:43:14 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll

[2012/03/06 23:43:14 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe

[2012/03/06 23:43:14 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll

[2012/03/06 23:43:14 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll

[2012/03/06 23:43:14 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll

[2012/03/06 23:37:32 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll

[2012/03/06 23:37:31 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll

[2012/03/06 23:37:30 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe

[2012/03/06 23:37:30 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe

[2012/03/06 23:37:29 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe

[2012/03/06 23:37:29 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe

[2012/03/06 23:37:28 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll

[2012/03/06 23:37:28 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll

[2012/03/06 23:37:28 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll

[2012/03/06 23:37:19 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2012/03/06 23:36:56 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll

[2012/03/06 23:36:54 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2012/03/06 23:36:54 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2012/03/06 23:36:31 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2012/03/06 23:36:31 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2012/03/06 23:36:18 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl

[2012/03/06 23:27:44 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe

[2012/03/06 22:35:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 1.0

[2012/03/06 22:35:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell

[2012/03/06 13:20:17 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2012/03/06 12:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F1703D82B4D01481C64570F1C55

[2012/03/06 12:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings

[2012/02/16 17:12:29 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012/02/16 17:12:27 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012/02/16 17:12:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012/02/16 17:12:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012/02/16 17:12:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012/02/16 17:12:20 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012/02/16 09:39:04 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/11 16:56:29 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/03/11 16:45:10 | 000,603,222 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/03/11 16:45:10 | 000,103,786 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/03/11 16:44:32 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe

[2012/03/11 16:30:00 | 000,001,024 | ---- | M] () -- C:\Users\Administrator\.rnd

[2012/03/11 16:28:34 | 000,002,565 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk

[2012/03/11 16:28:29 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/03/11 16:28:07 | 000,003,872 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/03/11 16:28:07 | 000,003,872 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/03/11 16:27:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/03/11 15:54:08 | 003,813,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/03/11 13:41:02 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012/03/11 12:27:30 | 000,000,446 | RHS- | M] () -- C:\Users\Administrator\ntuser.pol

[2012/03/11 12:18:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-943858465-1166881987-3745741496-1000UA.job

[2012/03/10 16:30:23 | 000,004,234 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20120310_153017.reg

[2012/03/10 16:23:54 | 004,432,490 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\Combo-Fix.exe

[2012/03/10 15:23:04 | 000,370,124 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20120310_142246.reg

[2012/03/10 14:45:00 | 000,000,815 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/03/09 17:51:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\dds.com

[2012/03/09 15:18:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-943858465-1166881987-3745741496-1000Core.job

[2012/03/09 13:59:58 | 000,003,613 | ---- | M] () -- C:\WirelessDiagLog.csv

[2012/03/08 21:00:30 | 000,001,982 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012/03/08 18:00:48 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/03/08 12:32:37 | 000,000,438 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2012/03/07 08:03:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf

[2012/03/07 08:02:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2012/03/07 07:53:23 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

[2012/03/07 07:53:04 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf

[2012/03/06 22:33:12 | 004,718,592 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl

[2012/03/06 22:33:12 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf

[2012/03/06 22:33:11 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx

[2012/03/06 22:20:55 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/11 12:27:30 | 000,000,446 | RHS- | C] () -- C:\Users\Administrator\ntuser.pol

[2012/03/10 16:30:20 | 000,004,234 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20120310_153017.reg

[2012/03/10 15:22:53 | 000,370,124 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20120310_142246.reg

[2012/03/10 14:45:00 | 000,000,815 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/03/09 17:47:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/03/09 17:47:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/03/09 17:47:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/03/09 17:47:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/03/09 17:47:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/03/08 15:09:14 | 000,003,613 | ---- | C] () -- C:\WirelessDiagLog.csv

[2012/03/08 12:36:03 | 000,001,819 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012/03/07 08:03:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf

[2012/03/07 08:02:45 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2012/03/07 08:00:41 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf

[2012/03/07 07:53:23 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

[2012/03/07 07:53:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf

[2012/03/06 23:43:17 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs

[2012/03/06 23:43:17 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl

[2012/03/06 23:43:16 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml

[2012/03/06 22:32:13 | 004,718,592 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl

[2012/03/06 22:32:13 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf

[2012/03/06 22:32:13 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx

[2012/03/06 13:09:52 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif

[2011/04/20 17:56:11 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:63238B95

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

[Helplesswonder]

I see that I did not have the Extra box checked, here is the extra log:

OTL Extras logfile created on: 3/11/2012 5:13:08 PM - Run 3

OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Administrator\Desktop

Windows Vista Enterprise Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.46 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 59.59% Memory free

5.13 Gb Paging File | 4.04 Gb Available in Paging File | 78.68% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 93.16 Gb Total Space | 19.45 Gb Free Space | 20.87% Space Free | Partition Type: NTFS

Drive D: | 129.95 Gb Total Space | 110.05 Gb Free Space | 84.69% Space Free | Partition Type: NTFS

Computer Name: UNC-L3A8368 | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"AntiVirusDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallDisableNotify" = 0

"FirewallOverride" = 1

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-943858465-1166881987-3745741496-1000]

"EnableNotifications" = 0

"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{05EDF0DF-E44F-49E2-925B-BEB35D33739E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{1A310A9F-C7E4-497D-B11F-725174C24D8B}" = lport=49184 | protocol=6 | dir=in | name=akamai netsession interface |

"{2B8C8AF6-504E-493C-B499-B07961E688FF}" = lport=139 | protocol=6 | dir=in | app=system |

"{38B713DF-FA54-4BF2-A7BC-90CAB2940D04}" = rport=137 | protocol=17 | dir=out | app=system |

"{4EEC0614-5648-4DA3-8681-DFAB62405F16}" = lport=7001 | protocol=17 | dir=in | name=afs cachemanager callback (udp) |

"{51BDF62E-5EC2-4FD3-8675-C2C3A6FFAB63}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{58803614-1DFB-4DFC-948E-738DD438A5A7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{60E2E6D4-1B1B-4B65-A844-7761556F48C8}" = lport=7001 | protocol=6 | dir=in | name=afs cachemanager callback (tcp) |

"{7A90FAFD-1FB8-4F9B-B6E4-09E1CCB557DD}" = lport=445 | protocol=6 | dir=in | app=system |

"{81111B50-2491-4949-9FB3-73A17386A75A}" = rport=139 | protocol=6 | dir=out | app=system |

"{84090BC8-34F9-4798-8D0B-A36579C828F2}" = lport=10243 | protocol=6 | dir=in | app=system |

"{A62E599A-568D-4C07-B0A2-0B8DC0249119}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{B4CA4685-0D06-4D96-98BC-4666EA322948}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{B686F6CA-B858-40E1-9076-7F477AD90AFB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{BA89E7A2-03CD-436E-8ECB-3BE36935B434}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{BB0822B9-A518-4588-8C54-83DB9CBB625B}" = lport=138 | protocol=17 | dir=in | app=system |

"{BF875C0E-B717-4FDA-9CEC-A4EF2A8E9219}" = lport=137 | protocol=17 | dir=in | app=system |

"{C1892039-D3B0-4B20-98DF-3C9B6FE23E69}" = rport=138 | protocol=17 | dir=out | app=system |

"{C3E910F6-92EC-4EBD-B33D-A760BBB07205}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{C4B6AF94-3C27-42FF-B740-84DB46DBECFA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{C4F257EB-2DC9-4E52-838A-D5BAEE2A11A7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{D264E15F-9DA3-4DD5-8710-8A4811F647AC}" = rport=10243 | protocol=6 | dir=out | app=system |

"{D28AE4E4-C8DF-4672-8267-70564F3A44AB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{D3846D6A-9B34-4A0F-8FD2-64C5E2C6C5A3}" = rport=445 | protocol=6 | dir=out | app=system |

"{DBB5D7A9-EAA7-4874-B948-B8C773F756B4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{DE4D6701-3F5F-4FFA-9E9E-7CF6A7EF41BC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{E076C182-1DF4-41E4-98AF-05738DCC9AD8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{E1C50404-CD7C-4573-AE1E-C52D5CF5E857}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F3204C40-F1D8-4483-A9FB-2A96AF056A65}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F7C8D4B8-FE05-4B28-95AF-FF4B7ADAFC27}" = lport=2967 | protocol=6 | dir=in | name=symantec antivirus managed client (2967:tcp) |

"{FCCF25F7-E64C-49DB-B68B-E9B524148C4E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{FDCEA647-9353-4EC8-BD62-57B9BE3EEDBE}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00BC2AE1-6AC4-4F24-A773-FB646A3F61C0}" = protocol=58 | dir=out | name=core networking - time exceeded (icmpv6-out) |

"{092990BA-3AD5-4721-AABB-C372F0E74500}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{0C338F4F-512F-45AA-88FC-8E7A33E081AB}" = protocol=6 | dir=in | app=c:\users\unc support\appdata\roaming\spotify\spotify.exe |

"{10685058-4ABB-4B99-BDDD-F99FACB69D52}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{1BDC7ADF-89FE-4D71-A2FE-CB08A65E4D7E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{1C93FBFF-1302-46FE-B387-06E5DC3AF8B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{1D7E9D2B-84D0-41F7-AD4C-3239EF5E44E3}" = protocol=17 | dir=in | app=c:\users\unc support\appdata\roaming\spotify\spotify.exe |

"{25A75C48-7184-414D-9FAC-5E7AEAC780F8}" = protocol=58 | dir=out | name=@firewallapi.dll,-26079 |

"{2CDCBDFE-70D3-4556-BA06-88A502863CF6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{38D6B939-CF05-4D79-BDA0-6801F471BCDC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{3B63C70B-CED4-42A3-96CD-17A72CC52BD2}" = protocol=58 | dir=out | name=core networking - parameter problem (icmpv6-out) |

"{422756A5-5CD5-4567-B239-F2EB805C8C22}" = protocol=58 | dir=in | name=@firewallapi.dll,-26078 |

"{43282351-628D-40E5-AD38-7E4BF304B30F}" = protocol=6 | dir=in | app=c:\users\unc support\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{4B976A8C-584D-4269-AEBD-FB6F23BF8EC1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{4BFA93FB-ECBF-4450-9DF6-005689251711}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{5019479C-3E75-435A-9471-6D89BB8B64F0}" = protocol=1 | dir=in | name=@firewallapi.dll,-26043 |

"{55C4C8E7-3F00-4D85-9B36-CCA136928A56}" = protocol=1 | dir=out | name=@firewallapi.dll,-26009 |

"{55ED62BD-2BE4-4E8C-A2E2-2C3D4F8F9432}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{66EAB485-E9BA-4CDF-BBAB-C0A5E3CE286A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{6BE2F405-6DD0-47E8-84BE-80BDAB9A9A92}" = protocol=1 | dir=out | name=@firewallapi.dll,-26058 |

"{6E120B79-41CA-4380-B24B-C031DC729AAE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{6E3EDF23-E3FC-42D0-A7B6-99326BDB3693}" = protocol=6 | dir=in | app=c:\windows\system32\dlbucoms.exe |

"{73968552-673A-4A57-B1C7-CA9E3F18927A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{78C4AEFA-0CFD-4E63-AC53-5248B1D1752A}" = protocol=17 | dir=in | app=c:\users\unc support\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{7C6A236D-E2FF-4B6D-A2D0-42FC6AB95AAF}" = protocol=17 | dir=in | app=c:\windows\system32\dlbucoms.exe |

"{85FB45D3-C2B1-427E-86EB-AF5490A33F99}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{87776A88-1A42-4A20-B7E9-1505335DF5F5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{899D3530-5138-40E6-9DEF-BACD427B9CC5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{907FE3F0-5DE9-4213-90E2-7B9456113A80}" = protocol=1 | dir=in | name=@firewallapi.dll,-26137 |

"{92D50D4D-F935-44BD-8A37-3351F0F086CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{9A372ABA-360F-4D1E-972F-F085E15C1FED}" = protocol=17 | dir=in | app=c:\users\unc support\appdata\local\akamai\netsession_win.exe |

"{9B0E6228-BF39-45D1-A252-18753A9191CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{A0B4695B-1D77-4A81-8BFE-2C442A8E629C}" = protocol=6 | dir=out | app=system |

"{A81A81C6-39CE-4F48-B233-520E20720482}" = protocol=1 | dir=in | name=@firewallapi.dll,-26022 |

"{A9D6F93B-AB57-475C-B7DD-6F9BE862A759}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{AE2CB1F5-6D2E-4DE9-BEF8-82479E3EF0BE}" = protocol=6 | dir=in | app=c:\users\unc support\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{B93E28D7-28C5-4F1E-A331-0A89DBDD3AFD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{BCCC2E3F-6CBA-4022-97E5-596D9334CD2B}" = protocol=1 | dir=out | name=@firewallapi.dll,-26023 |

"{CB55DC56-5EBA-49DA-8774-67BA8A5AA646}" = protocol=58 | dir=in | name=@firewallapi.dll,-26142 |

"{CE82F308-3F19-488A-82EF-B9B50F4CC618}" = protocol=17 | dir=in | app=c:\users\unc support\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{D197B070-F556-4A38-9A2B-C34C9FA6FF68}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{D7D61832-35A3-48A1-80F1-ED6EA33FC37D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{D82B2357-FD07-4E3D-B2B1-5B9750E45A7E}" = protocol=1 | dir=in | name=@firewallapi.dll,-26134 |

"{DC28DAB0-FF02-457D-B3DB-53600D9C0278}" = protocol=58 | dir=out | name=@firewallapi.dll,-25111 |

"{DDFB66FA-99EB-487D-B0CB-E31D4A5C691B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{DE56677B-98E7-4206-96F3-26939AD6075F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{DE71BA1B-127A-40E9-8565-7FE039151EFF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{DF2AFD45-BA2C-4AF5-99B0-BA8F7F59C561}" = protocol=1 | dir=out | name=@firewallapi.dll,-26037 |

"{E0B0FBB8-BF1D-4E53-92B3-29621611655A}" = protocol=1 | dir=in | name=@firewallapi.dll,-26140 |

"{E5A1830C-BC63-4C99-9ED3-182065B4B12A}" = protocol=6 | dir=in | app=c:\users\unc support\appdata\local\akamai\netsession_win.exe |

"{EB884874-7666-4F12-8838-0E465C022EFE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{ECC11AE3-6244-40A1-BD19-164416995BCF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{F30EE737-6E72-4081-B990-2A748EAF486C}" = protocol=1 | dir=out | name=@firewallapi.dll,-26016 |

"TCP Query User{0CF950F9-0B7C-47F1-8107-08865C199C5E}C:\program files\starnet\x-win32 2011\esd.exe" = protocol=6 | dir=in | app=c:\program files\starnet\x-win32 2011\esd.exe |

"TCP Query User{634525BE-26A4-476D-88A0-59D8DE8E08A3}C:\program files\sas\sasfoundation\9.2\sas.exe" = protocol=6 | dir=in | app=c:\program files\sas\sasfoundation\9.2\sas.exe |

"TCP Query User{9683188F-46EB-41E1-B42B-61545D06637F}C:\program files\xming\xming.exe" = protocol=6 | dir=in | app=c:\program files\xming\xming.exe |

"TCP Query User{D7F9E301-AAE2-4815-98A7-62975DF85850}C:\program files\starnet\x-win32 2011\xwin32.exe" = protocol=6 | dir=in | app=c:\program files\starnet\x-win32 2011\xwin32.exe |

"TCP Query User{F9F03825-FA04-47FF-9EEE-F42FC239B70E}C:\program files\xming\xming.exe" = protocol=6 | dir=in | app=c:\program files\xming\xming.exe |

"UDP Query User{03BAC0A8-1606-4238-80E7-132D362B6E47}C:\program files\xming\xming.exe" = protocol=17 | dir=in | app=c:\program files\xming\xming.exe |

"UDP Query User{1EE6E9B5-8CFE-4CEA-A50D-A6F64B7E180B}C:\program files\starnet\x-win32 2011\xwin32.exe" = protocol=17 | dir=in | app=c:\program files\starnet\x-win32 2011\xwin32.exe |

"UDP Query User{877D5CDD-2AF3-4DD4-B2F8-4CABFC5731F9}C:\program files\xming\xming.exe" = protocol=17 | dir=in | app=c:\program files\xming\xming.exe |

"UDP Query User{8C4873D0-9858-4D63-B0C9-B4B13E737DC7}C:\program files\starnet\x-win32 2011\esd.exe" = protocol=17 | dir=in | app=c:\program files\starnet\x-win32 2011\esd.exe |

"UDP Query User{FAE918A4-F08E-4F15-BBF6-E562AB48DE2E}C:\program files\sas\sasfoundation\9.2\sas.exe" = protocol=17 | dir=in | app=c:\program files\sas\sasfoundation\9.2\sas.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{0003BC6C-355A-DDCF-56D2-4C826A371237}" = ccc-core-static

"{026746B0-B68C-498E-9174-906F0DB9A66E}" = X-Win32 2011

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService

"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility

"{1351F191-3629-64FF-44C4-08510DC2A8C9}" = CCC Help Korean

"{156DCF5B-BC94-66ED-9A19-C8F00D1D35D4}" = Catalyst Control Center Localization Portuguese

"{169EC721-66BD-5CF8-3876-9E50E42B9B52}" = PX Profile Update

"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility

"{1DB58ADA-A8B6-31E5-DEED-38664AA764CE}" = CCC Help Swedish

"{20CD28E9-293F-4C27-9905-FA1991A00F8F}" = Lenovo Fingerprint Software

"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility

"{21D19A30-31FB-0B59-31A2-006D3E82FF5C}" = CCC Help German

"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160

"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 26

"{2E355C9C-8860-0D7A-6FB4-1F02A655AF1B}" = CCC Help Italian

"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc

"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{344DEEDF-D169-4DE0-A285-E66850E9585A}" = VitalSource Bookshelf

"{34E264CD-CEF9-1E2A-2B1F-C71AE2D4479D}" = Catalyst Control Center Localization German

"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help

"{356C896A-6BE6-487D-AA37-C999F945E6CF}" = Integrated Camera TWAIN

"{373B3836-1B22-9A5A-6162-3224B6E60B89}" = Catalyst Control Center Graphics Full Existing

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E876EF6-3E12-FA91-012E-812D38030A44}" = Catalyst Control Center InstallProxy

"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

"{4269577A-ECD6-3EFA-945B-4979AE4630D2}" = Catalyst Control Center Localization Italian

"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager

"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista

"{4DA016C7-9AC2-4BA7-AD31-3EBA29BC21B1}" = Oracle Calendar

"{5317612E-3294-CE6E-C7B0-9808627BB7D5}" = Catalyst Control Center Localization Chinese Standard

"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = Integrated Camera Driver Installer Package Ver.1.23.500.0

"{5BDC87AE-3181-BFDE-AE76-8D6152D8FE8C}" = CCC Help Portuguese

"{5BFDB365-AB82-9989-A06B-B93B287B1F35}" = CCC Help Dutch

"{6238EF3B-48E2-06B8-916E-D07ED79A3BE2}" = Catalyst Control Center Graphics Previews Vista

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{6395D480-9F3B-4930-8204-B91C8882F967}" = Stata 10

"{64211D43-D195-413C-A7E7-666C10B53E1F}" = Ericsson Wireless Module Core

"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director

"{668ACF05-E455-4932-A2D2-5822A8206FEB}" = Camera Center

"{6693BD7C-CB4E-43AC-A0D6-10D1A1B88DCF}" = Canon PhotoRecord

"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{777E4A84-AC43-3F07-9534-114F3356AAF3}" = Catalyst Control Center Localization Korean

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{793510E7-98E3-2113-DAB5-ED244DF365CF}" = Catalyst Control Center Localization Spanish

"{79872596-B887-E700-8D56-CADBC78BA5DE}" = Adobe Download Assistant

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery

"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support

"{83E222CC-223F-BE8C-0C77-0CEBDC2F9B57}" = Acrobat.com

"{83EB2646-B79F-D31C-C961-D26B10C05185}" = CCC Help French

"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update

"{875E7F75-8119-DE1A-E327-684BCD710FD1}" = Catalyst Control Center Localization Dutch

"{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}" = EndNote X1

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DCD7536-93EF-2282-3CD2-05FC1F39FCEB}" = CCC Help Chinese Traditional

"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{B59631B3-CC18-4849-AABF-DE41AB76D625}" =

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{B59631B3-CC18-4849-AABF-DE41AB76D625}" =

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{B59631B3-CC18-4849-AABF-DE41AB76D625}" =

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{B59631B3-CC18-4849-AABF-DE41AB76D625}" =

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90FABD40-E741-446F-839D-CEAE905D63BE}" = ThinkPad Mobility Center Customization

"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{93C8BDB1-2BD3-694B-725C-486C027F3144}" = CCC Help Japanese

"{94BFB7AD-EE7B-9A93-3C37-E881EDE0BA6E}" = Catalyst Control Center Localization Japanese

"{956A4FEB-D69B-6334-A4EE-DB16334E6D50}" = Skins

"{989DC5D9-A776-430D-9E16-D36E5B81CD86}" = USB Enhanced Performance Keyboard Software

"{9B81FE1C-E79A-1627-BCB0-946D951CBB36}" = Catalyst Control Center Core Implementation

"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer

"{9FCE66F0-EE03-43BD-916E-66EDF0DBC18C}" = Catalyst Control Center - Branding

"{A14CDDB0-B238-B74E-C8E3-BF6F65792D75}" = CCC Help Chinese Standard

"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library

"{A59EBED3-A75D-5516-9A7B-8D9077642C32}" = Catalyst Control Center Localization French

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC2BA148-EE9C-4F1A-AFCE-F38C2C71D29B}" = Mobile Broadband Generic Drivers

"{AC6A0FD9-0BCA-034A-F153-A66B795B2854}" = ATI Catalyst Install Manager

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)

"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel® PROSet/Wireless WiFi Software

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo

"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86

"{C25BAC9C-5559-A160-52E3-A8CF95CD87CF}" = CCC Help Spanish

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{C8192B14-5B56-2E27-6652-8AA650091D6E}" = Shutterfly Express Uploader

"{C9B97D35-69CF-4F96-69D5-29ADB78335D3}" = Catalyst Control Center Localization Swedish

"{CAABE288-14DA-F6B6-9F0D-BD51E81C65CF}" = ccc-utility

"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D1BF3916-EE21-8C87-3C46-C981BB67D4F5}" = Catalyst Control Center Graphics Full New

"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager

"{DB97FEB4-5814-4938-94F0-EEB00D617BA8}" = OpenAFS for Windows

"{DD4E816C-BAC8-801C-6BAA-4724D886741C}" = Catalyst Control Center Graphics Light

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager

"{F61F08C1-44F6-A637-83A6-F6FC3733F586}" = Catalyst Control Center Localization Chinese Traditional

"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes

"{F9390B82-786C-43CF-A970-D39E23EF0366}" = SAS 9.2

"{FC7BB79A-DC14-A4F2-9B2D-F57BAE868AD4}" = CCC Help English

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"1d8476e4fcca11dab0f6f685d746a93a" = SAS/SECURE Java 9.2

"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)

"7B99AFC70F5AE68199F67385AEF7E294D24B30D9" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (08/08/2008 8.1.2.10)

"ActiveTouchMeetingClient" = WebEx

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Akamai" = Akamai NetSession Interface Service

"ATI Uninstaller" = ATI Uninstaller

"CCleaner" = CCleaner

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD

"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter

"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader

"d512c678901db9d321c85ecf7c30ae2e" = SAS Deployment Tester - Client 1.3

"doPDF 6 printer_is1" = doPDF 6.1 printer

"e7b5d423e2fcc19f6c91a3c2b5238c8a" = SAS Private JRE (J2SE Java Runtime Environment 1.4.1)

"ENTERPRISE" = Microsoft Office Enterprise 2007

"febb569a337f725f5f8607711f665d3b" = SAS Versioned Jar Repository 9.2

"Google Chrome" = Google Chrome

"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library

"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper

"LENOVO.SMIIF" = Lenovo System Interface Driver

"MESOL" = Intel® Active Management Technology

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers

"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)

"Mulberry" = Mulberry

"OnScreenDisplay" = On Screen Display

"Picasa 3" = Picasa 3

"Power Management Driver" = ThinkPad Power Management Driver

"ProInst" = Intel PROSet Wireless

"SynTPDeinstKey" = ThinkPad UltraNav Driver

"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier

"Write-N-Cite" = Write-N-Cite

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

[Helplesswonder]

I can connect through wireless now, but still have issues with not being able to turn Windows Firewall back on.

When I got through Windows Firewall, Update settings now I get "Windows Firewall was unable to make the requested updates."

On Control Panel/Security I get "Windows cannot start the firewall service."

I am staying disconnected on that computer for the time being just to be safe...

[Elise]

Lets have a look at some settings, likely a security center related service has been deleted and needs to be restored.

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
    
  • Windows Firewall
    
  • System Restore
    
  • Security Center
    
  • Windows Update
    

  [*]Press "Scan".

  [*]It will create a log (FSS.txt) in the same directory the tool is run.

  [*]Please copy and paste the log to your reply.

[Helplesswonder]

Farbar Service Scanner Version: 01-03-2012

Ran by Administrator (administrator) on 12-03-2012 at 07:27:35

Running from "C:\Users\Administrator\Desktop"

Microsoft® Windows Vista™ Enterprise Service Pack 2 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

There is no connection to network.

Attempt to access Google IP returned error: Google IP is unreachable

Attempt to access Yahoo IP returend error: Yahoo IP is unreachable

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

The start type of MpsSvc service is OK.

The ImagePath of MpsSvc service is OK.

The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:

The start type of bfe service is OK.

The ImagePath of bfe service is OK.

The ServiceDll of bfe service is OK.

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcsvc.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys

[2011-11-09 10:16] - [2011-09-20 17:02] - 0913280 ____A (Microsoft Corporation) 16731B631F28F63CD9F4CB60940E7DDD

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

[Elise]

Please download: http://download.bleepingcomputer.com/sUBs/MiniFixes/RestoreBFE.exe

Double click on the downloaded file. It should only take a few seconds to run.

When complete, it will say .. "Done! Please check if BFE service is running now".

[Helplesswonder]

This is what I get now with FSS

Farbar Service Scanner Version: 01-03-2012

Ran by Administrator (administrator) on 12-03-2012 at 09:30:28

Running from "C:\Users\Administrator\Desktop"

Microsoft® Windows Vista™ Enterprise Service Pack 2 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

There is no connection to network.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

The start type of MpsSvc service is OK.

The ImagePath of MpsSvc service is OK.

The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.

Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcsvc.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys

[2011-11-09 10:16] - [2011-09-20 17:02] - 0913280 ____A (Microsoft Corporation) 16731B631F28F63CD9F4CB60940E7DDD

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

When I restart windows I get the following message:

Windows failed to start. A recent hardware or software change might be the cause....

These are the only issues that I have noticed so far when I log in:

Power Manager has stopped working

Lenovo Fingerprint has stopped working

Catalyst Control Center: Monitoring program has stopped working

CameraApplicationLaunchPadLauncher has stopped working

Also, my other computer (via Symantec) picked up that the initial Combofix download I had on my flash drive was infected by a Trojan. That may have been why the Combofix wasn't working for me initially?