# Infected with System Check!



## Jodee (Apr 11, 2007)

Hi there

I was watching a YouTube video yesterday and it seems I got infected with the System Check malware.
I scanned my laptop (Windows 7) with Malwarebytes and it removed 4 items however I'm still infected.

See enclosed for requested logs plus the malwarebytes log.

I scanned my laptop with GMER as per the instructions but at the end I couldn't find the SAVE button. I clicked on OK and it closed. *sighs*

Any chance I can retrieve that log from somewhere? It took many hours to complete.

Oh, and I remembered Combifix from a previous infection so I scanned my system with that. Maybe I should have waited for you but...I did it anyway. :/ Log attached.

Anyhow, I look forward to hearing from somebody.

Thanks!

Jodee


----------



## Jodee (Apr 11, 2007)

still no luck. Looking forward to your assistance. Thanks.


----------



## Jodee (Apr 11, 2007)

Hello! Here are my logs as requested:

*
HIJACK THIS*

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:37:57 PM, on 29/03/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\DSE\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local;127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [Classic Start Menu] "C:\Program Files\Classic Shell\ClassicStartMenu.exe"
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\DSE\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O9 - Extra button: (no name) - {64964764-1101-4bbd-8891-B56B1A53B9B3} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Visio\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} (IASRunner Class) - http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\Windows\system32\ADMonitor.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Windows\system32\AtService.exe
O23 - Service: BackupService - ArcSoft, Inc. - C:\Users\DSE\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\Windows\system32\DTS.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

--
End of file - 11312 bytes

*
DDS*

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by DSE at 12:16:11 on 2012-03-29
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.2520.1899 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = local;*.local;127.0.0.1:9421;<local>
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ExplorerBHO Class: {449d0d6e-2412-4e61-b68f-1cb625cd9e52} - c:\program files\classic shell\ClassicExplorer32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Classic Explorer Bar: {553891b7-a0d5-4526-be18-d3ce461d6310} - c:\program files\classic shell\ClassicExplorer32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Akamai NetSession Interface] "c:\users\dse\appdata\local\akamai\netsession_win.exe"
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [TpShocks] TpShocks.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [Classic Start Menu] "c:\program files\classic shell\ClassicStartMenu.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [kOVWhuUpjWR.exe] c:\programdata\kOVWhuUpjWR.exe
StartupFolder: c:\progra~2\appdata\roaming\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310} - c:\program files\classic shell\ClassicExplorer32.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\visio\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: Interfaces\{3B13E466-41C8-4710-A85E-6786D4AEBA43} : DhcpNameServer = 24.200.241.37 24.201.245.77 96.22.246.145
TCP: Interfaces\{8B6CC3D8-E686-48AD-9BFC-7C6C6A74E77E} : DhcpNameServer = 96.22.246.145 24.200.228.113 24.200.210.241
TCP: Interfaces\{8B6CC3D8-E686-48AD-9BFC-7C6C6A74E77E}\2454C4C4837303 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8B6CC3D8-E686-48AD-9BFC-7C6C6A74E77E}\4363335307162736 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8B6CC3D8-E686-48AD-9BFC-7C6C6A74E77E}\44A475 : DhcpNameServer = 24.200.241.37 24.201.245.77
TCP: Interfaces\{8B6CC3D8-E686-48AD-9BFC-7C6C6A74E77E}\4596465637245616368634C65726 : DhcpNameServer = 24.92.226.11 24.92.226.12
TCP: Interfaces\{8B6CC3D8-E686-48AD-9BFC-7C6C6A74E77E}\461647166716C65647 : DhcpNameServer = 10.255.1.1
TCP: Interfaces\{AE287D13-B197-499A-BA0A-E15F409FC6BC} : DhcpNameServer = 10.73.176.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dse\appdata\roaming\mozilla\firefox\profiles\efv5jupl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\dse\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\dse\appdata\roaming\mozilla\plugins\npatgpc.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-6-29 20520]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2008-8-22 225408]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2009-12-26 88832]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-8-1 13680]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-26 172032]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-9-1 1692920]
S2 BackupService;BackupService;c:\users\dse\appdata\roaming\hp simplesave application\uUACTokenSvc.exe [2010-9-3 83512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-9-1 98304]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-15 135664]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
S2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-1-6 331608]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2011-8-1 45496]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2010-10-5 93032]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-1-4 94880]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-1-31 158856]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-8-1 130920]
S2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2011-8-1 64952]
S3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\5U875.sys [2009-12-26 72320]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-9-1 106496]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2009-12-26 5073920]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2009-12-26 106496]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-9-1 485376]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-12-26 29472]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-15 135664]
S3 intelkmd;intelkmd;c:\windows\system32\drivers\igdpmd32.sys [2009-12-26 5946368]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 PCDSRVC{3037D694-FD904ACA-06020200}_0;PCDSRVC{3037D694-FD904ACA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-6-27 22640]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-12-26 75040]
S3 qrkis;Tether Miniport;c:\windows\system32\drivers\qrkis.sys [2010-6-27 45608]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-8-5 1124848]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-20 52224]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-7-2 38336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-30 1343400]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
S4 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\connectionmanager\SimplyConnectionManager.exe [2010-1-29 16680]
.
=============== Created Last 30 ================
.
2012-03-28 20:34:06	--------	d-sh--w-	C:\$RECYCLE.BIN
2012-03-28 20:32:56	--------	d--h--w-	c:\windows\system32\Settings
2012-03-28 20:21:46	--------	d-----w-	c:\users\dse\appdata\local\temp
2012-03-28 20:08:44	--------	d-----w-	C:\poool
2012-03-28 18:31:12	362496	---ha-w-	c:\programdata\cfcu6obeV8lFRJ.exe
2012-03-28 18:28:34	457728	---ha-w-	c:\programdata\kOVWhuUpjWR.exe
2012-03-22 18:37:59	--------	d-----w-	c:\windows\system32\??????
2012-03-21 17:34:43	--------	d-----w-	c:\program files\iTunes
2012-03-21 17:34:43	--------	d-----w-	c:\program files\iPod
2012-03-19 02:12:00	592824	----a-w-	c:\program files\mozilla firefox\gkmedias.dll
2012-03-19 02:12:00	44472	----a-w-	c:\program files\mozilla firefox\mozglue.dll
2012-03-14 18:12:08	--------	d-----w-	c:\users\dse\appdata\local\HP
2012-03-14 18:11:51	--------	d-----w-	c:\windows\Hewlett-Packard
2012-03-14 18:07:33	--------	d-----w-	c:\users\dse\appdata\roaming\HpUpdate
2012-03-14 18:05:44	--------	d-----w-	c:\program files\common files\HP
2012-03-14 18:05:43	--------	d-----w-	c:\program files\common files\Hewlett-Packard
2012-03-14 17:59:26	--------	d-----w-	c:\program files\HP
2012-03-08 05:04:54	--------	d-----w-	c:\program files\Phoenix Viewer
.
==================== Find3M ====================
.
2012-02-22 15:01:01	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 15:01:50	4547944	----a-w-	c:\windows\system32\usbaaplrc.dll
2012-02-15 15:01:50	43520	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2012-01-25 00:00:48	187904	----a-w-	c:\windows\system32\drivers\netbt.sys
.
============= FINISH: 12:17:51.81 ===============

*ATTACH log*

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 31/12/2009 12:03:43 PM
System Uptime: 29/03/2012 12:08:15 PM (0 hours ago)
.
Motherboard: LENOVO | | 4058CTO
Processor: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz | None | 2793/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 166 GiB total, 50.687 GiB free.
D: is FIXED (NTFS) - 121 GiB total, 48.65 GiB free.
H: is CDROM ()
Q: is FIXED (NTFS) - 10 GiB total, 3.048 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer: 
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro 8500 A909n
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet Pro 8500 A909n
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service: 
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Color LaserJet 2605dn
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet 2605dn
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service: 
.
==== System Restore Points ===================
.
RP636: 04/03/2012 1:51:34 AM - Revo Uninstaller's restore point - Phoenix Viewer 1.5.2.1102
RP637: 14/03/2012 1:59:43 PM - Device Driver Package Install: Hewlett-Packard Imaging devices
RP638: 14/03/2012 2:00:32 PM - Device Driver Package Install: HP Printers
RP639: 14/03/2012 2:00:54 PM - Device Driver Package Install: Hewlett-Packard IEEE 1284.4 compatible printer
RP640: 14/03/2012 2:01:24 PM - Device Driver Package Install: Hewlett-Packard Universal Serial Bus controllers
RP641: 21/03/2012 1:29:41 PM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
RP643: 21/03/2012 3:24:47 PM - Revo Uninstaller's restore point - Bing Bar
RP645: 21/03/2012 3:30:47 PM - Revo Uninstaller's restore point - ESET Online Scanner v3
RP647: 21/03/2012 3:31:54 PM - Revo Uninstaller's restore point - NVIDIA PhysX Plug-in for Autodesk Maya 2012 32 bit
RP648: 21/03/2012 3:32:05 PM - Removed NVIDIA PhysX Plug-in for Autodesk Maya 2012 32 bit
.
==== Installed Programs ======================
.
Registry Patch to arrange icons in Device and Printers folder of Windows 7
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
3DVIA player 5.0
7-Zip 9.10 beta
8500A909_eDocs
ABBYY FineReader 8.0 Professional Edition
Access Help
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.0 - CPSID_83708
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Asset Services CS4
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Digital Editions
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS4
Adobe InDesign CS3 Icon Handler
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4 Third Party Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player 11.5
Adobe SING CS3
Adobe SING CS4
Adobe Soundbooth CS4 Codecs
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
ATI Uninstaller
µTorrent
BlackWidow version 6.10
Bonjour
BPD_DSWizards
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Dutch
CCC Help English
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Swedish
CCleaner
Classic Shell
Client Security - Password Manager
Conexant 20561 SmartAudio HD
Connect
Core Temp version 0.99.8
Create Recovery Media
D3DX10
Destinations
DeviceDiscovery
DirectX 9 Runtime
DocMgr
DocProc
Dropbox
Facebook Plug-In
Fax
FileZilla Client 3.5.0
Firestorm-Release (remove only)
Font Fitting Room Deluxe
Google Update Helper
GoToMeeting 4.5.0.457
GPBaseService2
Hex Color Finder
HiJackThis
Hotspot Shield 2.24
HP Customer Participation Program 14.0
HP Document Manager 2.0
HP Imaging Device Functions 14.0
HP Officejet Pro 8500 A909 Series
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPProductAssistant
HPSSupply
iCloud
Integrated Camera Driver Installer Package Ver.1.27.500.0
Integrated Camera TWAIN
Intel PROSet Wireless
Intel(R) Management Engine Interface
Intel(R) Network Connections Drivers
Intel(R) PROSet/Wireless WiFi Software
InterVideo WinDVD 8
IsoBuster 2.7
iTunes
Java Auto Updater
Java(TM) 6 Update 30
kuler
Lenovo Auto Scroll Utility
Lenovo Fingerprint Software
Lenovo System Interface Driver
Lenovo ThinkVantage Toolbox
Lenovo Welcome
Magic ISO Maker v5.5 (build 0276)
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
McAfee SiteAdvisor
Message Center Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Easy Assist v2
Microsoft IntelliType Pro 8.0
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Reader
Microsoft Research AutoCollage Touch 2009
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mobile Broadband Connect
Mozilla Firefox 11.0 (x86 en-US)
MPM
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyFonts Order M2709896
MySQL Connector/ODBC 3.51
Network
NVIDIA PhysX Plug-in for Autodesk Maya 2012 32 bit
OCR Software by I.R.I.S. 14.0
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
On Screen Display
PDF Settings CS4
Phoenix Viewer 1.6.0.1600
Photoshop Camera Raw
Pixel Bender Toolkit
PractiCount and Invoice 3.2 (Standard)
PX Profile Update
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
Rescue and Recovery
Revo Uninstaller 1.85
Roxio Activation Module
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator Business Edition
Roxio Express Labeler 3
Scan
SDL TRADOS 7 Freelance
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB2553010)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shop for HP Supplies
Simply Accounting by Sage 2009
Skype 5.8
SmartWebPrinting
Snagit 9.1
SolutionCenter
Sonic CinePlayer Decoder Pack
Sonic Icons for Lenovo
Status
Suite Shared Configuration CS4
System Update
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Integration Setup
ThinkPad Modem Adapter
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
TK8 StickyNotes 3.4
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
VLC media player 1.1.11
WeatherEye
WebEx
WebReg
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (07/07/2009 8.1.2.56)
Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55)
Windows Driver Package - Ricoh (5U875UVC) Image (07/08/2009 1.27.500.0)
Windows Driver Package - Ricoh Company (rimsptsk) hdc (09/03/2009 6.10.01.05)
Windows Driver Package - Ricoh Company (rismxdp) hdc (09/03/2009 6.10.01.05)
Windows Driver Package - Ricoh Company MMC Host Controller (09/03/2009 6.10.01.05)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinRAR archiver
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
29/03/2012 12:10:42 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
29/03/2012 12:10:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
29/03/2012 12:09:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
29/03/2012 12:09:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
29/03/2012 12:09:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
29/03/2012 12:08:59 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
29/03/2012 12:08:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
29/03/2012 12:08:42 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache lenovo.smi spldr TPPWRIF Wanarpv6
29/03/2012 12:08:41 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
29/03/2012 12:08:41 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.
29/03/2012 12:08:41 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
29/03/2012 12:08:41 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
29/03/2012 12:08:41 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
28/03/2012 4:47:11 PM, Error: Service Control Manager [7023] - The WMI Performance Adapter service terminated with the following error: %%-2147467259
28/03/2012 4:38:17 PM, Error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
28/03/2012 4:34:48 PM, Error: Service Control Manager [7022] - The Windows Presentation Foundation Font Cache 3.0.0.0 service hung on starting.
28/03/2012 4:32:45 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
28/03/2012 4:32:13 PM, Error: amdkmdag [52236] - CPLIB :: General - Invalid Parameter
28/03/2012 4:32:13 PM, Error: amdkmdag [43029] - Display is not active
28/03/2012 4:20:53 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS + Programs.
28/03/2012 4:17:59 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
28/03/2012 4:08:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
28/03/2012 4:03:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
28/03/2012 3:53:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb avkmgr discache lenovo.smi spldr ssmdrv TPPWRIF Wanarpv6
28/03/2012 3:53:46 PM, Error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends the following service: NetBT. This service might not be installed.
28/03/2012 3:48:46 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
28/03/2012 2:52:08 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
28/03/2012 2:50:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
28/03/2012 2:50:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
28/03/2012 2:50:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb avkmgr CSC DfsC discache lenovo.smi NetBIOS nsiproxy Psched rdbss spldr ssmdrv tdx TPPWRIF vwififlt Wanarpv6 WfpLwf
28/03/2012 2:50:16 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
28/03/2012 2:50:16 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
28/03/2012 2:50:16 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
28/03/2012 2:50:16 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
28/03/2012 2:50:16 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
28/03/2012 2:50:16 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
28/03/2012 2:50:16 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
28/03/2012 2:50:16 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
28/03/2012 2:50:16 PM, Error: Service Control Manager [7001] - The Hotspot Shield Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
28/03/2012 2:50:16 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
28/03/2012 2:50:16 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
28/03/2012 2:44:56 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
27/03/2012 5:22:49 PM, Error: Service Control Manager [7016] - The Data Transfer Service service has reported an invalid current state 0.
25/03/2012 5:10:41 AM, Error: Service Control Manager [7034] - The Skype Updater service terminated unexpectedly. It has done this 1 time(s).
24/03/2012 2:52:26 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
24/03/2012 2:13:23 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
22/03/2012 9:44:01 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
.
==== End Of File ===========================

*Combofix log*

ComboFix 12-03-28.02 - DSE 28/03/2012 16:10:21.6.2 - x86 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.2520.1892 [GMT -4:00]
Running from: c:\users\DSE\Downloads\poool.com
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Microsoft
c:\programdata\~cfcu6obeV8lFRJ
c:\programdata\~cfcu6obeV8lFRJr
c:\programdata\cfcu6obeV8lFRJ
c:\users\DSE\AppData\Roaming\Microsoft\AddIns\PDFMOfficeAddIn.DEU
c:\users\DSE\AppData\Roaming\Microsoft\AddIns\PDFMOfficeAddin.dll
c:\users\DSE\AppData\Roaming\Microsoft\AddIns\PDFMOfficeAddIn.FRA
c:\users\DSE\AppData\Roaming\Microsoft\AddIns\PDFMWord.dll
c:\users\DSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\DSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\DSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\DSE\Desktop\System Check.lnk
c:\windows\system32\Settings
c:\windows\system32\Settings\Settings.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-28 )))))))))))))))))))))))))))))))
.
.
2012-03-28 20:21 . 2012-03-28 20:34	--------	d-----w-	c:\users\DSE\AppData\Local\temp
2012-03-28 20:21 . 2012-03-28 20:21	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-03-28 20:21 . 2012-03-28 20:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-28 18:31 . 2012-03-28 18:31	362496	---ha-w-	c:\programdata\cfcu6obeV8lFRJ.exe
2012-03-28 18:28 . 2012-03-28 18:25	457728	---ha-w-	c:\programdata\kOVWhuUpjWR.exe
2012-03-21 17:34 . 2012-03-21 17:35	--------	d-----w-	c:\program files\iTunes
2012-03-21 17:34 . 2012-03-21 17:34	--------	d-----w-	c:\program files\iPod
2012-03-19 02:12 . 2012-03-19 02:12	592824	----a-w-	c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-19 02:12 . 2012-03-19 02:12	44472	----a-w-	c:\program files\Mozilla Firefox\mozglue.dll
2012-03-14 18:13 . 2012-03-14 18:13	--------	d-----w-	c:\users\DSE\AppData\Roaming\HP
2012-03-14 18:12 . 2012-03-14 18:12	--------	d-----w-	c:\users\DSE\AppData\Local\HP
2012-03-14 18:11 . 2012-03-14 18:11	--------	d-----w-	c:\windows\Hewlett-Packard
2012-03-14 18:07 . 2012-03-21 18:54	--------	d-----w-	c:\users\DSE\AppData\Roaming\HpUpdate
2012-03-14 18:06 . 2012-03-14 18:06	--------	d--h--w-	c:\programdata\HP Product Assistant
2012-03-14 18:05 . 2012-03-14 18:05	--------	d-----w-	c:\program files\Common Files\HP
2012-03-14 18:05 . 2012-03-14 18:05	--------	d-----w-	c:\program files\Common Files\Hewlett-Packard
2012-03-14 17:59 . 2012-03-14 18:11	--------	d-----w-	c:\program files\HP
2012-03-14 17:58 . 2012-03-14 18:06	--------	d--h--w-	c:\programdata\HP
2012-03-14 17:34 . 2012-03-22 22:45	--------	d-----w-	c:\users\molly
2012-03-08 05:04 . 2012-03-08 05:06	--------	d-----w-	c:\program files\Phoenix Viewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-22 15:01 . 2011-06-16 13:49	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 15:01 . 2012-02-15 15:01	4547944	----a-w-	c:\windows\system32\usbaaplrc.dll
2012-02-15 15:01 . 2012-02-15 15:01	43520	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2012-01-25 00:00 . 2012-01-25 00:00	187904	----a-w-	c:\windows\system32\drivers\netbt.sys
2012-03-19 02:12 . 2011-05-15 16:34	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\DSE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\DSE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\DSE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\DSE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\DSE\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2009-10-11 55072]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]
"TpShocks"="TpShocks.exe" [2009-07-09 337184]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-08-23 709920]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-08-26 3089720]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2009-12-22 86528]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-22 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-22 174104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"kOVWhuUpjWR.exe"="c:\programdata\kOVWhuUpjWR.exe" [2012-03-28 457728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^DSE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Utilities^Startup^Bluetooth.lnk]
path=c:\users\DSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^DSE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Utilities^Startup^Digital Line Detect.lnk]
path=c:\users\DSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^DSE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Utilities^Startup^EvernoteClipper.lnk]
path=c:\users\DSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities\Startup\EvernoteClipper.lnk
backup=c:\windows\pss\EvernoteClipper.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^DSE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Utilities^Startup^HP SimpleSave Monitor.lnk]
path=c:\users\DSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities\Startup\HP SimpleSave Monitor.lnk
backup=c:\windows\pss\HP SimpleSave Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^DSE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Utilities^Startup^RCIMGDIR.exe.lnk]
path=c:\users\DSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities\Startup\RCIMGDIR.exe.lnk
backup=c:\windows\pss\RCIMGDIR.exe.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2012-01-03 13:23	640440	----a-w-	c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcWin7Hlpr]
2009-10-14 01:33	36864	------w-	c:\program files\Lenovo\Access Connections\AcTBenabler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2012-01-04 03:50	40376	----a-w-	c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37	843712	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2010-01-25 14:31	611712	----a-w-	c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionManager]
2008-09-19 05:00	87336	----a-w-	c:\program files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16	357696	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 23:05	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Message Center Plus]
2009-05-28 06:09	49976	------w-	c:\program files\Lenovo\Message Center Plus\MCPLaunch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-01-31 20:14	17147528	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-04-23 04:16	1725736	----a-w-	c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TK8 StickyNotes]
2011-01-05 18:28	9212720	----a-w-	c:\program files\TK8 StickyNotes\TK8StickyNotes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherEye]
2009-10-27 01:42	718232	------w-	c:\program files\WeatherNetwork\WeatherEye.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 135664]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-04-04 45496]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-09-01 106496]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 GPU-Z;GPU-Z;c:\users\DSE\AppData\Local\Temp\GPU-Z.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 135664]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PCDSRVC{3037D694-FD904ACA-06020200}_0;PCDSRVC{3037D694-FD904ACA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-06-27 22640]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-08-23 75040]
R3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys [2009-10-16 45608]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-05 1124848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-30 1343400]
R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2010-01-25 288112]
R4 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\Winsim\ConnectionManager\SimplyConnectionManager.exe [2008-09-19 16680]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-06-29 20520]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-24 172032]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-09-01 1692920]
S2 BackupService;BackupService;c:\users\DSE\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [2010-07-01 83512]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-09-01 98304]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [2012-01-06 331608]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2012-01-04 329544]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2011-08-10 94880]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-04-20 130920]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-03-29 64952]
S3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\5U875.sys [2009-07-08 72320]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-08-24 5073920]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-08-24 106496]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-09-01 485376]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 44432]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-08-23 225408]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2009-09-22 5946368]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2009-05-11 88832]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService	REG_MULTI_SZ HsfXAudioService
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Akamai	REG_MULTI_SZ Akamai
HPService	REG_MULTI_SZ HPSLPSVC
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 02:04]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 02:04]
.
2012-03-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
.
2012-03-28 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local;*.local;127.0.0.1:9421;<local>
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\DSE\AppData\Roaming\Mozilla\Firefox\Profiles\efv5jupl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1648386945-1692156067-1516593421-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Æ:ßNìî*,+(.+ø.+X-+,+¸++*Û)ÐÚ)*Ú)0Ù)`Ø)×)ÀÖ)ðÕ)H6+]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1648386945-1692156067-1516593421-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Æ:ßNìî*,+(.+ø.+X-+,+¸++*Û)ÐÚ)*Ú)0Ù)`Ø)×)ÀÖ)ðÕ)H6+\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2792)
c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
c:\users\DSE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\PC-Doctor\PcdToolbar584923.dll
c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\windows\system32\PrintIsolationHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\schtasks.exe
c:\windows\system32\conhost.exe
c:\windows\System32\TpShocks.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\system32\conhost.exe
c:\programdata\cfcu6obeV8lFRJ.exe
c:\program files\Lenovo\Client Security Solution\password_manager.exe
c:\program files\iPod\bin\iPodService.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\attrib.exe
c:\windows\system32\conhost.exe
c:\windows\system32\attrib.exe
c:\windows\system32\conhost.exe
c:\program files\PC-Doctor\pcdrcui.exe
c:\windows\system32\wbem\WmiApSrv.exe
c:\windows\system32\attrib.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-03-28 16:45:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-28 20:45
ComboFix2.txt 2011-12-21 18:41
ComboFix3.txt 2011-12-17 20:31
.
Pre-Run: 52,820,275,200 bytes free
Post-Run: 54,500,274,176 bytes free
.
- - End Of File - - 23512550CA8171CB2A05EAC5567F7376

*MalwareBytes log 1*

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.27.04

Windows 7 Service Pack 1 x86 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
DSE :: DTHINK [administrator]

28/03/2012 2:56:26 PM
mbam-log-2012-03-28 (14-56-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230244
Time elapsed: 10 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

*Malwarebytes log 2*

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.29.06

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
DSE :: DTHINK [limited]

29/03/2012 12:58:06 PM
mbam-log-2012-03-29 (12-58-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234889
Time elapsed: 11 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|kOVWhuUpjWR.exe (Trojan.FakeAlert) -> Data: C:\ProgramData\kOVWhuUpjWR.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\ProgramData\kOVWhuUpjWR.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)


----------



## Cookiegal (Aug 27, 2003)

Open Notepad and copy and paste the text in the code box below into it:


```
http://forums.techguy.org/virus-other-malware-removal/1047110-infected-system-check.html

Collect::
c:\programdata\cfcu6obeV8lFRJ.exe
c:\programdata\kOVWhuUpjWR.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kOVWhuUpjWR.exe"=-

DDS::
uInternet Settings,ProxyOverride = local;*.local;127.0.0.1:9421;<local>
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

*Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.*

***Note** *

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
Ensure you are connected to the internet and click OK on the message box.


----------



## Jodee (Apr 11, 2007)

Done. Here is the log:

ComboFix 12-04-01.03 - DSE 02/04/2012 14:20:19.7.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.2520.1597 [GMT -4:00]
Running from: c:\users\DSE\Desktop\ComboFix.exe
Command switches used :: c:\users\DSE\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
file zipped: c:\programdata\cfcu6obeV8lFRJ.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~cfcu6obeV8lFRJ
c:\programdata\~cfcu6obeV8lFRJr
c:\programdata\cfcu6obeV8lFRJ
c:\programdata\cfcu6obeV8lFRJ.exe
c:\users\DSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\DSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\DSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\DSE\Desktop\System Check.lnk
c:\windows\system32\Settings
c:\windows\system32\Settings\Settings.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-04-02 19:19 . 2012-04-02 19:19	--------	d-----w-	C:\microsoft
2012-04-02 19:18 . 2012-04-02 19:18	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-04-02 19:18 . 2012-04-02 19:18	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-28 20:21 . 2012-04-02 19:21	--------	d-----w-	c:\users\DSE\AppData\Local\temp
2012-03-28 20:08 . 2012-03-28 20:45	--------	d-----w-	C:\poool
2012-03-21 17:34 . 2012-03-21 17:35	--------	d-----w-	c:\program files\iTunes
2012-03-21 17:34 . 2012-03-21 17:34	--------	d-----w-	c:\program files\iPod
2012-03-19 02:12 . 2012-03-19 02:12	592824	----a-w-	c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-19 02:12 . 2012-03-19 02:12	44472	----a-w-	c:\program files\Mozilla Firefox\mozglue.dll
2012-03-14 18:13 . 2012-03-14 18:13	--------	d-----w-	c:\users\DSE\AppData\Roaming\HP
2012-03-14 18:12 . 2012-03-14 18:12	--------	d-----w-	c:\users\DSE\AppData\Local\HP
2012-03-14 18:11 . 2012-03-14 18:11	--------	d-----w-	c:\windows\Hewlett-Packard
2012-03-14 18:07 . 2012-03-21 18:54	--------	d-----w-	c:\users\DSE\AppData\Roaming\HpUpdate
2012-03-14 18:06 . 2012-03-14 18:06	--------	d--h--w-	c:\programdata\HP Product Assistant
2012-03-14 18:05 . 2012-03-14 18:05	--------	d-----w-	c:\program files\Common Files\HP
2012-03-14 18:05 . 2012-03-14 18:05	--------	d-----w-	c:\program files\Common Files\Hewlett-Packard
2012-03-14 17:59 . 2012-03-14 18:11	--------	d-----w-	c:\program files\HP
2012-03-14 17:58 . 2012-03-14 18:06	--------	d--h--w-	c:\programdata\HP
2012-03-14 17:34 . 2012-03-22 22:45	--------	d-----w-	c:\users\molly
2012-03-08 05:04 . 2012-03-08 05:06	--------	d-----w-	c:\program files\Phoenix Viewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-22 15:01 . 2011-06-16 13:49	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 15:01 . 2012-02-15 15:01	4547944	----a-w-	c:\windows\system32\usbaaplrc.dll
2012-02-15 15:01 . 2012-02-15 15:01	43520	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2012-01-25 00:00 . 2012-01-25 00:00	187904	----a-w-	c:\windows\system32\drivers\netbt.sys
2012-03-19 02:12 . 2011-05-15 16:34	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\DSE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\DSE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\DSE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\DSE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\DSE\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2009-10-11 55072]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]
"TpShocks"="TpShocks.exe" [2009-07-09 337184]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-08-23 709920]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-08-26 3089720]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2009-12-22 86528]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-22 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-22 174104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^DSE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Utilities^Startup^Bluetooth.lnk]
path=c:\users\DSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^DSE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Utilities^Startup^Digital Line Detect.lnk]
path=c:\users\DSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^DSE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Utilities^Startup^EvernoteClipper.lnk]
path=c:\users\DSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities\Startup\EvernoteClipper.lnk
backup=c:\windows\pss\EvernoteClipper.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^DSE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Utilities^Startup^HP SimpleSave Monitor.lnk]
path=c:\users\DSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities\Startup\HP SimpleSave Monitor.lnk
backup=c:\windows\pss\HP SimpleSave Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^DSE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Utilities^Startup^RCIMGDIR.exe.lnk]
path=c:\users\DSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities\Startup\RCIMGDIR.exe.lnk
backup=c:\windows\pss\RCIMGDIR.exe.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2012-01-03 13:23	640440	----a-w-	c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcWin7Hlpr]
2009-10-14 01:33	36864	------w-	c:\program files\Lenovo\Access Connections\AcTBenabler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2012-01-04 03:50	40376	----a-w-	c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37	843712	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2010-01-25 14:31	611712	----a-w-	c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionManager]
2008-09-19 05:00	87336	----a-w-	c:\program files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16	357696	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 23:05	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Message Center Plus]
2009-05-28 06:09	49976	------w-	c:\program files\Lenovo\Message Center Plus\MCPLaunch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\QTTask.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-01-31 20:14	17147528	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-04-23 04:16	1725736	----a-w-	c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TK8 StickyNotes]
2011-01-05 18:28	9212720	----a-w-	c:\program files\TK8 StickyNotes\TK8StickyNotes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherEye]
2009-10-27 01:42	718232	------w-	c:\program files\WeatherNetwork\WeatherEye.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 135664]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-04-04 45496]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-09-01 106496]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 CFcatchme;CFcatchme;c:\users\DSE\AppData\Local\Temp\CFcatchme.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 44432]
R3 GPU-Z;GPU-Z;c:\users\DSE\AppData\Local\Temp\GPU-Z.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 135664]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PCDSRVC{3037D694-FD904ACA-06020200}_0;PCDSRVC{3037D694-FD904ACA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-06-27 22640]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-08-23 75040]
R3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys [2009-10-16 45608]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-05 1124848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-30 1343400]
R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2010-01-25 288112]
R4 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\Winsim\ConnectionManager\SimplyConnectionManager.exe [2008-09-19 16680]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-06-29 20520]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-24 172032]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-09-01 1692920]
S2 BackupService;BackupService;c:\users\DSE\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [2010-07-01 83512]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-09-01 98304]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [2012-01-06 331608]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2012-01-04 329544]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2011-08-10 94880]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-04-20 130920]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-03-29 64952]
S3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\5U875.sys [2009-07-08 72320]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-08-24 5073920]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-08-24 106496]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-09-01 485376]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-08-23 225408]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2009-09-22 5946368]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2009-05-11 88832]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService	REG_MULTI_SZ HsfXAudioService
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Akamai	REG_MULTI_SZ Akamai
HPService	REG_MULTI_SZ HPSLPSVC
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 02:04]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 02:04]
.
2012-03-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
.
2012-04-02 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 24.200.241.37 24.201.245.77 96.22.246.145
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\DSE\AppData\Roaming\Mozilla\Firefox\Profiles\efv5jupl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1648386945-1692156067-1516593421-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Æ:ßNìî*€,+(.+ø.+X-+ˆ,+¸++*Û)ÐÚ)*Ú)0Ù)`Ø)×)ÀÖ)ðÕ)H6+]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1648386945-1692156067-1516593421-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Æ:ßNìî*€,+(.+ø.+X-+ˆ,+¸++*Û)ÐÚ)*Ú)0Ù)`Ø)×)ÀÖ)ðÕ)H6+\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5748)
c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
c:\users\DSE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\PC-Doctor\PcdToolbar584923.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
c:\windows\system32\igfxsrvc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\windows\system32\PrintIsolationHost.exe
c:\windows\System32\TpShocks.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\schtasks.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Lenovo\Client Security Solution\password_manager.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\sppsvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2012-04-02 15:28:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-02 19:28
ComboFix2.txt 2012-03-28 20:45
ComboFix3.txt 2011-12-21 18:41
ComboFix4.txt 2011-12-17 20:31
.
Pre-Run: 54,223,745,024 bytes free
Post-Run: 54,040,969,216 bytes free
.
- - End Of File - - 2D2F3DC37FF6CE22374FB45362225225
Upload was successful


----------



## Cookiegal (Aug 27, 2003)

I meant to ask about this folder:

C:\poool

Is this something you created?

If not can you tell me the names of all (or some if there are too many) of the files it contains?


----------



## Jodee (Apr 11, 2007)

Hi,

Yes, I created that folder.
Thanks


----------



## Cookiegal (Aug 27, 2003)

OK good. I had a feeling that was the case but malware creates various folders as well so I wanted to be sure.

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
Under the *Additional Scans *section put a check in the box next to Disabled MS Config Items, Drivers32, NetSvcs, SafeBoot Minimal and EventViewer logs (Last 10 errors)
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## Jodee (Apr 11, 2007)

OTS scan done and log attached.

Thanks


----------



## Cookiegal (Aug 27, 2003)

I'm sorry for the delay. I'll post back with further instructions shortly.


----------



## Cookiegal (Aug 27, 2003)

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.


```
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
YN -> C:^Users^DSE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Utilities^Startup^EvernoteClipper.lnk -> 
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
YN -> SynTPEnh hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
[Files - No Company Name]
NY ->  q8ek34q6dk3uce -> C:\Users\DSE\AppData\Local\q8ek34q6dk3uce
NY ->  q8ek34q6dk3uce -> C:\ProgramData\q8ek34q6dk3uce
[Empty Temp Folders]
[EmptyFlash]
[EmptyJava]
[Start Explorer]
[Reboot]
```


----------



## Cookiegal (Aug 27, 2003)

Also, please do this:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*
Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:DIR
C:\Windows\System32
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*

and lastly,

Please go to *VirusTotal* and upload the following file for scanning.

Click *Browse*
Copy and paste the contents of the following code box into the text box next to *File name:* then click *Open* 

```
C:\Windows\System32\mzdse.sys
```

Click *Send File*
If confronted with two options, choose *Reanalyse file now*
Wait for the scan to finish and then copy and paste the URL from your browser address bar in your next reply please.


----------



## Jodee (Apr 11, 2007)

Hmm I seem to have trouble posting here.


----------



## Jodee (Apr 11, 2007)

*OTS Fix log:
*

All Processes Killed
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
[Registry - Additional Scans - Safe List]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^DSE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Utilities^Startup^EvernoteClipper.lnk\ deleted successfully.
File C:\Windows\pss\vernoteClipper.lnk not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
[Files - No Company Name]
C:\Users\DSE\AppData\Local\q8ek34q6dk3uce moved successfully.
C:\ProgramData\q8ek34q6dk3uce moved successfully.
[Empty Temp Folders]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DSE
->Temp folder emptied: 155246 bytes
->Temporary Internet Files folder emptied: 43072486 bytes
->Java cache emptied: 1751519 bytes
->FireFox cache emptied: 150827055 bytes
->Flash cache emptied: 1277998 bytes

User: molly
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 328057 bytes
->Flash cache emptied: 405 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 87832 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 188.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: DSE
->Flash cache emptied: 0 bytes

User: molly
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: DSE
->Java cache emptied: 0 bytes

User: molly

User: Public

Total Java Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 04032012_141050

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


----------



## Jodee (Apr 11, 2007)

*Hijack This Log*

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:15:36 PM, on 03/04/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Windows\System32\jureg.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\DSE\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\DSE\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Users\DSE\Downloads\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [Classic Start Menu] "C:\Program Files\Classic Shell\ClassicStartMenu.exe"
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\DSE\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O9 - Extra button: (no name) - {64964764-1101-4bbd-8891-B56B1A53B9B3} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Visio\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} (IASRunner Class) - http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\Windows\system32\ADMonitor.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Windows\system32\AtService.exe
O23 - Service: BackupService - ArcSoft, Inc. - C:\Users\DSE\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\Windows\system32\DTS.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

--
End of file - 11921 bytes


----------



## Jodee (Apr 11, 2007)

*
VirusTotal URL:*

https://www.virustotal.com/file/76c...08aa6107bbf3da5e553c417d/analysis/1333477291/


----------



## Jodee (Apr 11, 2007)

I seem to be unable to post the contents of Systemlook here so I've attached the log.

Thank you so much for your assistance.


----------



## Cookiegal (Aug 27, 2003)

It was probably too long to copy/paste.

If you look at the SystemLook text file, in the bottom portion you will see this list of folders:

---Folders---
0409	d------	[04:56 14/07/2009]
Adobe	d------	[17:08 02/03/2010]
AdvancedInstallers	d------	[02:37 14/07/2009]
appmgmt	d------	[18:29 30/12/2009]
ar-SA	d------	[02:37 14/07/2009]
bg-BG	d------	[02:37 14/07/2009]
Boot	d------	[02:37 14/07/2009]
catroot	d------	[02:37 14/07/2009]
catroot2	d------	[02:37 14/07/2009]
CodeIntegrity	d------	[02:37 14/07/2009]
com	d------	[02:37 14/07/2009]
config	d------	[02:37 14/07/2009]
cs-CZ	d------	[02:37 14/07/2009]
da-DK	d------	[02:37 14/07/2009]
de-DE	d------	[02:37 14/07/2009]
directx	d------	[19:06 04/12/2010]
Dism	d------	[02:37 14/07/2009]
drivers	d------	[02:37 14/07/2009]
DriverStore	d------	[02:37 14/07/2009]
DRVSTORE	d----c-	[00:03 16/11/2010]
el-GR	d------	[02:37 14/07/2009]
en	d------	[04:56 14/07/2009]
en-US	d------	[02:37 14/07/2009]
es-ES	d------	[02:37 14/07/2009]
et-EE	d------	[02:37 14/07/2009]
EventProviders	d------	[15:46 08/07/2011]
fi-FI	d------	[02:37 14/07/2009]
fr-FR	d------	[02:37 14/07/2009]
FxsTmp	d------	[04:52 14/07/2009]
GroupPolicy	d------	[02:37 14/07/2009]
GroupPolicyUsers	d------	[02:37 14/07/2009]
he-IL	d------	[02:37 14/07/2009]
hr-HR	d------	[02:37 14/07/2009]
hu-HU	d------	[02:37 14/07/2009]
ias	d------	[02:37 14/07/2009]
icsxml	d------	[02:37 14/07/2009]
IME	d------	[02:37 14/07/2009]
inetsrv	d------	[02:37 14/07/2009]
it-IT	d------	[02:37 14/07/2009]
ja-JP	d------	[02:37 14/07/2009]
ko-KR	d------	[02:37 14/07/2009]
Lang	d------	[11:29 26/12/2009]
LogFiles	d------	[02:37 14/07/2009]
lt-LT	d------	[02:37 14/07/2009]
lv-LV	d------	[02:37 14/07/2009]
Macromed	d------	[11:37 26/12/2009]
manifeststore	d------	[02:37 14/07/2009]
Microsoft	d---s--	[04:34 14/07/2009]
migration	d------	[02:37 14/07/2009]
migwiz	d------	[02:37 14/07/2009]
Msdtc	d------	[02:37 14/07/2009]
MUI	d------	[02:37 14/07/2009]
nb-NO	d------	[02:37 14/07/2009]
NDF	d------	[02:37 14/07/2009]
NetworkList	d------	[02:37 14/07/2009]
nl-NL	d------	[02:37 14/07/2009]
oobe	d------	[02:37 14/07/2009]
pl-PL	d------	[02:37 14/07/2009]
Printing_Admin_Scripts	d------	[04:56 14/07/2009]
pt-BR	d------	[02:37 14/07/2009]
pt-PT	d------	[02:37 14/07/2009]
ras	d------	[02:37 14/07/2009]
Recovery	d------	[02:37 14/07/2009]
restore	d------	[04:52 14/07/2009]
ro-RO	d------	[02:37 14/07/2009]
ru-RU	d------	[02:37 14/07/2009]
Settings	d--h---	[19:19 02/04/2012]
Setup	d------	[02:37 14/07/2009]
sk-SK	d------	[02:37 14/07/2009]
sl-SI	d------	[02:37 14/07/2009]
slmgr	d------	[04:56 14/07/2009]
SMI	d------	[02:37 14/07/2009]
Speech	d------	[02:37 14/07/2009]
spool	d------	[02:37 14/07/2009]
spp	d------	[02:37 14/07/2009]
sppui	d------	[02:37 14/07/2009]
SPReview	d------	[15:47 08/07/2011]
sr-Latn-CS	d------	[02:37 14/07/2009]
sv-SE	d------	[02:37 14/07/2009]
sysprep	d------	[02:37 14/07/2009]
Tasks	d------	[02:37 14/07/2009]
tenarchlib	d------	[16:46 11/08/2010]
th-TH	d------	[02:37 14/07/2009]
tr-TR	d------	[02:37 14/07/2009]
uk-UA	d------	[02:37 14/07/2009]
URTTEMP	d------	[03:51 01/01/2010]
Wat	d------	[05:08 30/03/2010]
wbem	d------	[02:37 14/07/2009]
WCN	d------	[04:56 14/07/2009]
wdi	d------	[02:37 14/07/2009]
wfp	d------	[02:37 14/07/2009]
WinBioDatabase	d------	[04:52 14/07/2009]
WinBioPlugIns	d------	[04:52 14/07/2009]
WindowsPowerShell	d------	[04:52 14/07/2009]
winevt	d------	[02:37 14/07/2009]
winrm	d------	[04:56 14/07/2009]
zh-CN	d------	[02:37 14/07/2009]
zh-HK	d------	[02:37 14/07/2009]
zh-TW	d------	[02:37 14/07/2009]
*ƥ鶵Ĵ确瘓	d------	[18:37 22/03/2012]
ƨ⑽ķ确癙	d------	[19:19 02/04/2012]*

I'm very suspicious of the bolded ones but the characters will likely show differently because the board softward and tools can't interpret them properly. Please navigate to this folder:

C:\Windows\System32

and opten the System32 folder and look at the folders (only the folders, not the inidivual files) and let me know if you see anything that looks odd either at the bottom or at the very top of the list with the same creation dates (22/03/2012 and 02/04/2012.

I'm also still suspicious of this file because it seems new and may not be detected yet so I'm going to have you upload it to another site for a colleague to have a closer look at it:

Go to the forum *here* and upload this (these) file(s):

*C:\Windows\System32\mzdse.sys *

Here are the directions for uploading the file:

Just click "New Topic", fill in the needed details and post a link to your thread here. Click the "Browse" button. Navigate to the file on your computer. When the file is listed in the window click "Post" to upload the file.


----------



## Jodee (Apr 11, 2007)

Hi

So I navigated to the System32 file and those folders are there with the same creation date. They are not in bold though.
They appear to be empty.

I went to the spykiller forum but for the life of me I cannot find "New Topic" to open a new post.ugh I keep looking and looking and I know I'm missing it but still no luck! Can you guide me as to where to look?

Thanks so much

J


----------



## Jodee (Apr 11, 2007)

OK! Whew! I found it and posted as per your instructions.


----------



## Cookiegal (Aug 27, 2003)

Jodee said:


> Hi
> 
> So I navigated to the System32 file and those folders are there with the same creation date. They are not in bold though.
> They appear to be empty.


They would not be in bold (that was only in reference to the ones in the list I was pointing to). If they are empty then please delete both folders by sending them to the Recycle Bin.


----------



## Cookiegal (Aug 27, 2003)

The file is uploaded. It looks to be very small so it's probably something insignificant but we just have to wait for a reply which shouldn't take too long.


----------



## Jodee (Apr 11, 2007)

Ok those 2 folders have been deleted.

Thanks.


----------



## Cookiegal (Aug 27, 2003)

I'm still waiting to hear about the file. Hopefully, we'll have some news today.


----------



## dvk01 (Dec 14, 2002)

sorry for delay in replying

all the file contains is 


> [COMMON]
> FontColor=220429
> FontColorBackground=94542


so it is harmless and all it can possibly do is be called by another file & used to display a specific fontcolor or font color background 
From that I would guess it belongs to one of the adobe programs


----------



## Cookiegal (Aug 27, 2003)

Thanks Derek. I appreciate you looking at the file for us.


----------



## Cookiegal (Aug 27, 2003)

Please run the following on-line scanner. Note that you must use Internet Explorer to perform the scan.

Note: If you're running a 64-bit system you have to choose the 32-bit option in IE. To do that, go to the Start Menu and right-click the Internet Explorer (32-bit) icon and then select 'Run as administrator' from the right-click menu.

http://www.eset.com/online-scanner

Accept the Terms of Use and then press the Start button

Allow the ActiveX control to be installed.

Put a check by Remove found threats and then run the scan.

When the scan is finished, you will see the results in a window.

A log.txt file is created here: C:\Program Files\EsetOnlineScanner\log.txt.

Open the log file with Notepad and copy and paste the contents here please.


----------



## Jodee (Apr 11, 2007)

Ok! Scan done. Here are the results:

[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=afaf722a0214484f831bab4434899c4c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-12 08:25:58
# local_time=2012-04-12 04:25:58 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 27817933 27817933 0 0
# compatibility_mode=5893 16776573 100 94 23182233 85795483 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=426157
# found=1
# cleaned=1
# scan_time=11666
C:\Qoobox\Quarantine\[4]-Submit_2012-04-02_14.19.12.zip	Win32/Adware.HDDRescue.AB application (deleted - quarantined)	00000000000000000000000000000000	C


----------



## Jodee (Apr 11, 2007)

So just as a follow-up, my computer is much better but there are still strange things going on:

1) I can't seem to install certain programs for example, Skype. I get an error message every time that says I don't have enough disk space but in fact I have over 100 gb left on that drive.

2) I'm getting the Windows Activation Technologies message that says:

This computer is not running genuine Windows
To use Windows without interruption, this computer needs to be running genuine Windows.

I followed the instructions but it still comes back.

3) There are folders missing or hidden from my start up menu such as all my microsoft office folders

4) All my taskbar items are gone or hidden

Thanks again for your help!


----------



## Cookiegal (Aug 27, 2003)

How are things with the system now?


----------



## Jodee (Apr 11, 2007)

See my post above

thx


----------



## Cookiegal (Aug 27, 2003)

Sorry. For some reason I didn't see that post.

Download *OTL* to your Desktop. 

Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Quick Scan button. Do not change any settings unless otherwise instructed. The scan won't take long. 
When the scan completes, it will open two Notepad windows called *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy and paste the contents of both of these files here in your next reply.


----------



## Jodee (Apr 11, 2007)

Oh! I didn't receive an email informing me that you posted! I'll do this now.

Thanks


----------



## Jodee (Apr 11, 2007)

*OTL Log:
*

OTL logfile created on: 16/04/2012 10:05:04 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\DSE\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.46 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 63.72% Memory free
2.65 Gb Paging File | 1.59 Gb Available in Paging File | 59.96% Paging File free
Paging file location(s): c:\pagefile.sys 200 3500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 166.06 Gb Total Space | 40.63 Gb Free Space | 24.47% Space Free | Partition Type: NTFS
Drive D: | 121.09 Gb Total Space | 48.35 Gb Free Space | 39.93% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.05 Gb Free Space | 31.21% Space Free | Partition Type: NTFS

Computer Name: DTHINK | User Name: DSE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/16 10:04:27 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\DSE\Desktop\OTL.exe
PRC - [2012/03/13 05:37:52 | 003,331,872 | -H-- | M] (Akamai Technologies, Inc) -- C:\Users\DSE\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/06 21:45:28 | 000,660,296 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2012/01/06 14:36:14 | 000,331,608 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2012/01/04 19:02:02 | 000,329,544 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2012/01/04 19:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2011/08/10 12:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/06/24 00:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/05/26 19:43:12 | 000,328,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/04/20 10:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2011/04/18 14:01:04 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2011/04/07 16:41:32 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/03/29 13:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/05 14:28:42 | 009,212,720 | ---- | M] () -- C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe
PRC - [2010/11/29 16:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 08:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Users\DSE\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
PRC - [2010/04/07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2009/12/22 15:06:10 | 000,086,528 | ---- | M] (IvoSoft) -- C:\Program Files\Classic Shell\ClassicStartMenu.exe
PRC - [2009/10/11 05:17:36 | 000,055,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\jureg.exe
PRC - [2009/09/30 19:47:28 | 000,242,976 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe
PRC - [2009/09/30 19:47:26 | 000,124,192 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2009/09/30 19:14:46 | 000,335,872 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2009/09/21 19:55:12 | 000,858,384 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/09/21 19:31:36 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/09/01 03:32:20 | 000,098,304 | ---- | M] () -- C:\Windows\System32\DTS.exe
PRC - [2009/09/01 03:28:04 | 001,692,920 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\AtService.exe
PRC - [2009/08/26 19:32:16 | 000,816,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
PRC - [2009/08/26 19:02:26 | 001,021,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/08/24 00:00:30 | 000,352,256 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/24 00:00:02 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/13 21:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/06 21:45:28 | 000,660,296 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
MOD - [2012/01/06 14:38:08 | 000,009,544 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\lang\gui-eng.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/22 13:21:36 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/01/05 14:28:42 | 009,212,720 | ---- | M] () -- C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe
MOD - [2009/08/23 14:04:00 | 000,030,720 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
MOD - [2008/09/16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/03/26 13:54:50 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2012/01/31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/06 14:39:12 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2012/01/06 14:36:14 | 000,331,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012/01/04 19:02:02 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012/01/04 19:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2011/08/29 16:11:36 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/10 12:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/04/20 10:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011/04/18 14:01:04 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/04/04 10:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011/03/29 13:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Users\DSE\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2010/04/07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2010/03/30 01:08:16 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/25 11:18:06 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2009/09/30 19:47:28 | 000,242,976 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2009/09/30 19:47:26 | 000,124,192 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/09/21 19:55:12 | 000,858,384 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009/09/21 19:31:36 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009/09/01 03:32:20 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Windows\System32\DTS.exe -- (dtsvc)
SRV - [2009/09/01 03:32:16 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\ADMonitor.exe -- (ADMonitor)
SRV - [2009/09/01 03:28:04 | 001,692,920 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\System32\AtService.exe -- (ATService)
SRV - [2009/08/26 19:02:26 | 001,021,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/08/24 00:00:02 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/08/23 14:04:00 | 000,075,040 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/08/05 01:32:42 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/01 22:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/04/28 22:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/09/19 01:00:00 | 000,016,680 | ---- | M] (Sage Software) [Disabled | Stopped] -- C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe -- (Simply Accounting Database Connection Manager)
SRV - [2007/01/04 23:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\DSE\AppData\Local\Temp\GPU-Z.sys -- (GPU-Z)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\DSE\AppData\Local\Temp\CFcatchme.sys -- (CFcatchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\DSE\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011/12/28 19:57:28 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2011/06/27 11:54:30 | 000,022,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{3037D694-FD904ACA-06020200}_0)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010/07/07 19:18:56 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/06/16 16:33:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/12/26 07:50:24 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009/11/11 17:23:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2009/10/16 10:22:58 | 000,045,608 | ---- | M] (Tether) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qrkis.sys -- (qrkis)
DRV - [2009/09/21 22:47:10 | 005,946,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdpmd32.sys -- (intelkmd)
DRV - [2009/09/15 16:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009/09/15 00:30:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/09/14 23:36:00 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/09/07 05:00:00 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/09/01 05:44:16 | 000,485,376 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/08/24 00:32:48 | 005,073,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/08/24 00:32:48 | 005,073,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2009/08/23 23:09:56 | 000,106,496 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009/08/23 14:04:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2009/07/22 01:56:22 | 000,459,264 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/07/08 02:12:52 | 000,072,320 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\5U875.sys -- (5U875UVC)
DRV - [2009/07/02 14:16:22 | 000,038,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2009/06/29 17:51:04 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2009/06/29 17:51:02 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/06/22 23:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/05/10 22:33:48 | 000,088,832 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LenovoRd.sys -- (LenovoRd)
DRV - [2009/04/28 22:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008/08/22 23:10:32 | 000,225,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel(R)
DRV - [2007/04/18 00:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {8D730A3D-1442-4D8F-BE12-354D80ED0968}
IE - HKLM\..\SearchScopes\{8D730A3D-1442-4D8F-BE12-354D80ED0968}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 13 DF 91 1B F0 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {8D730A3D-1442-4D8F-BE12-354D80ED0968}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\DSE\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/01/04 20:16:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/14 14:07:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 22:12:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2009/12/26 07:55:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/14 14:07:44 | 000,000,000 | ---D | M]

[2010/02/15 01:26:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DSE\AppData\Roaming\Mozilla\Extensions
[2010/02/15 01:26:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DSE\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/04/13 12:03:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DSE\AppData\Roaming\Mozilla\Firefox\Profiles\efv5jupl.default\extensions
[2011/05/09 16:02:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DSE\AppData\Roaming\Mozilla\Firefox\Profiles\efv5jupl.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2012/01/04 21:00:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/04 21:00:13 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2012/01/04 20:16:26 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
() (No name found) -- C:\USERS\DSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EFV5JUPL.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\USERS\DSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EFV5JUPL.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
[2012/03/18 22:12:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/16 21:20:10 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/16 21:20:10 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/02 15:20:45 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\DSE\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [TK8 StickyNotes] C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Visio\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab (IASRunner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.200.241.37 24.201.245.77 96.22.246.145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B13E466-41C8-4710-A85E-6786D4AEBA43}: DhcpNameServer = 24.200.241.37 24.201.245.77 96.22.246.145
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/16 10:04:29 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\DSE\Desktop\OTL.exe
[2012/04/13 12:15:52 | 000,000,000 | ---D | C] -- C:\Users\DSE\Desktop\Ingrid Michaelson - Human Again
[2012/04/13 11:28:37 | 000,000,000 | ---D | C] -- C:\Users\DSE\Desktop\lawl
[2012/04/12 13:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/05 11:18:04 | 000,000,000 | ---D | C] -- C:\Users\DSE\Desktop\Telaide assignment
[2012/04/03 12:24:00 | 000,000,000 | ---D | C] -- C:\Users\DSE\Documents\New folder
[2012/04/02 15:20:48 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/04/02 15:19:56 | 000,000,000 | -H-D | C] -- C:\Windows\System32\Settings
[2012/04/02 15:19:03 | 000,000,000 | ---D | C] -- C:\microsoft
[2012/04/02 14:12:01 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/02 10:35:54 | 000,000,000 | ---D | C] -- C:\Users\DSE\Desktop\invoices
[2012/03/28 16:21:46 | 000,000,000 | ---D | C] -- C:\Users\DSE\AppData\Local\temp
[2012/03/28 16:08:44 | 000,000,000 | ---D | C] -- C:\poool
[2012/03/28 15:09:04 | 000,000,000 | ---D | C] -- C:\Users\DSE\Desktop\VIRUU
[2012/03/21 15:16:01 | 000,000,000 | ---D | C] -- C:\Users\DSE\Desktop\MM-00527-12_KickStartBooklet_ENG
[2012/03/21 13:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/21 13:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/20 10:39:13 | 000,000,000 | ---D | C] -- C:\Users\DSE\Desktop\April Newsletter

========== Files - Modified Within 30 Days ==========

[2012/04/16 10:05:04 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/16 10:04:27 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\DSE\Desktop\OTL.exe
[2012/04/16 10:04:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/16 09:44:52 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/16 09:44:52 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/16 09:40:59 | 000,640,754 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/16 09:40:59 | 000,115,756 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/16 09:36:44 | 000,221,564 | ---- | M] () -- C:\Users\DSE\Documents\TK8 SkickyNotes Database.data
[2012/04/16 09:36:42 | 000,001,024 | ---- | M] () -- C:\Users\DSE\.rnd
[2012/04/16 09:36:39 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/16 09:36:13 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/04/16 09:36:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/16 09:35:51 | 1981,833,216 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/05 11:22:12 | 000,001,203 | ---- | M] () -- C:\Users\DSE\Application Data\Microsoft\Internet Explorer\Quick Launch\PractiCount & Invoice (Standard).lnk
[2012/04/02 15:20:45 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/03/29 12:57:43 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/28 14:31:27 | 000,000,690 | ---- | M] () -- C:\Users\DSE\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk

========== Files Created - No Company Name ==========

[2012/04/16 09:36:41 | 000,001,024 | ---- | C] () -- C:\Users\DSE\.rnd
[2012/03/29 12:57:43 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/28 14:31:27 | 000,000,690 | ---- | C] () -- C:\Users\DSE\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/03/14 14:13:47 | 000,002,850 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp
[2012/03/14 13:58:50 | 000,232,871 | ---- | C] () -- C:\Windows\hpwins22.dat
[2012/03/14 13:58:50 | 000,002,850 | ---- | C] () -- C:\Windows\hpwmdl22.dat
[2011/12/28 18:50:36 | 000,007,609 | ---- | C] () -- C:\Users\DSE\AppData\Local\Resmon.ResmonCfg
[2011/12/21 00:36:56 | 000,225,848 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/12/16 19:02:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/16 19:02:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/16 19:02:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/16 19:02:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/16 19:02:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/15 04:11:00 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/11/11 11:31:01 | 000,000,000 | ---- | C] () -- C:\Users\DSE\AppData\Roaming\io0.vxd
[2011/11/11 11:30:58 | 000,000,055 | -H-- | C] () -- C:\Windows\System32\mzdse.sys
[2011/09/06 08:29:46 | 000,000,000 | ---- | C] () -- C:\Users\DSE\AppData\Local\{56AC2248-34AE-4BFE-8829-C9DFED56C94D}
[2011/07/25 12:13:09 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/07/25 12:13:09 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/07/04 01:19:14 | 000,000,000 | ---- | C] () -- C:\Users\DSE\AppData\Local\rx_image32.Cache
[2011/06/20 18:58:43 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/07 17:53:57 | 000,005,120 | ---- | C] () -- C:\Users\DSE\AppData\Local\Databases.db
[2011/05/28 18:39:32 | 000,157,696 | ---- | C] () -- C:\Windows\System32\OggEnc.exe
[2011/05/28 18:39:32 | 000,145,408 | ---- | C] () -- C:\Windows\System32\Lame.exe
[2011/05/28 18:39:32 | 000,076,800 | ---- | C] () -- C:\Windows\System32\Faac.exe
[2010/12/01 00:42:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2010/09/25 13:30:19 | 000,000,173 | -H-- | C] () -- C:\ProgramData\LockFilePath.ini
[2010/08/12 13:39:33 | 000,000,056 | ---- | C] () -- C:\Windows\uilib.INI
[2010/05/06 16:10:02 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin

========== LOP Check ==========

[2012/03/12 00:58:55 | 000,000,000 | ---D | M] -- C:\Users\DSE\AppData\Roaming\Dropbox
[2010/05/15 14:43:13 | 000,000,000 | ---D | M] -- C:\Users\DSE\AppData\Roaming\Facebook
[2011/12/14 16:42:09 | 000,000,000 | ---D | M] -- C:\Users\DSE\AppData\Roaming\FileZilla
[2012/01/21 17:45:01 | 000,000,000 | ---D | M] -- C:\Users\DSE\AppData\Roaming\Firestorm
[2010/05/18 12:14:06 | 000,000,000 | ---D | M] -- C:\Users\DSE\AppData\Roaming\InterVideo
[2009/12/31 13:06:37 | 000,000,000 | ---D | M] -- C:\Users\DSE\AppData\Roaming\Lenovo
[2010/11/30 11:03:32 | 000,000,000 | ---D | M] -- C:\Users\DSE\AppData\Roaming\LimeWire
[2010/01/07 13:01:39 | 000,000,000 | ---D | M] -- C:\Users\DSE\AppData\Roaming\MindGenius
[2011/08/08 15:37:30 | 000,000,000 | ---D | M] -- C:\Users\DSE\AppData\Roaming\PCDr
[2010/01/15 13:52:03 | 000,000,000 | ---D | M] -- C:\Users\DSE\AppData\Roaming\Printer's Apprentice
[2010/01/17 13:00:18 | 000,000,000 | ---D | M] -- C:\Users\DSE\AppData\Roaming\Proxima Software
[2011/12/16 18:52:53 | 000,000,000 | ---D | M] -- C:\Users\DSE\AppData\Roaming\Research In Motion
[2010/02/05 19:17:15 | 000,000,000 | ---D | M] -- C:\Users\DSE\AppData\Roaming\SDL
[2012/03/14 00:44:58 | 000,000,000 | ---D | M] -- C:\Users\DSE\AppData\Roaming\SecondLife
[2010/02/07 18:09:08 | 000,000,000 | ---D | M] -- C:\Users\DSE\AppData\Roaming\Stereoscopic Player
[2010/08/11 12:46:08 | 000,000,000 | ---D | M] -- C:\Users\DSE\AppData\Roaming\Tenebril
[2011/02/18 12:37:40 | 000,000,000 | ---D | M] -- C:\Users\DSE\AppData\Roaming\TK8 Software
[2010/12/02 11:24:40 | 000,000,000 | ---D | M] -- C:\Users\DSE\AppData\Roaming\Trados
[2011/08/08 15:35:05 | 000,000,000 | ---D | M] -- C:\Users\DSE\AppData\Roaming\Update
[2012/04/13 12:40:21 | 000,000,000 | ---D | M] -- C:\Users\DSE\AppData\Roaming\uTorrent
[2010/12/07 11:07:25 | 000,000,000 | ---D | M] -- C:\Users\DSE\AppData\Roaming\webex
[2011/12/21 16:10:19 | 000,000,000 | ---D | M] -- C:\Users\DSE\AppData\Roaming\Windows Live Writer
[2012/04/16 10:05:04 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/02 15:41:15 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/16 09:36:13 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========

< End of report >

*Extras log*

OTL Extras logfile created on: 16/04/2012 10:05:04 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\DSE\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.46 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 63.72% Memory free
2.65 Gb Paging File | 1.59 Gb Available in Paging File | 59.96% Paging File free
Paging file location(s): c:\pagefile.sys 200 3500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 166.06 Gb Total Space | 40.63 Gb Free Space | 24.47% Space Free | Partition Type: NTFS
Drive D: | 121.09 Gb Total Space | 48.35 Gb Free Space | 39.93% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.05 Gb Free Space | 31.21% Space Free | Partition Type: NTFS

Computer Name: DTHINK | User Name: DSE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{00C6F231-1B18-C448-323A-56D1A0DB9C46}" = Catalyst Control Center Graphics Full New
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0E6ED660-498C-42F7-9EF4-FB0C96DFC01A}" = Snagit 9.1
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{142E0726-73B2-4CD5-95BE-8B018801886C}" = Simply Accounting by Sage 2009
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{15F83A23-1C45-4914-BF72-F3B9D444744D}_is1" = PractiCount and Invoice 3.2 (Standard)
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{17FB7811-87DD-53C4-3A56-7F7F37DCD802}" = Catalyst Control Center Graphics Previews Vista
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18554B3F-46EA-40A9-B4EA-7EEE83C0559D}" = Client Security - Password Manager
"{192359F3-D455-0C89-3161-766008BD6D10}" = CCC Help French
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1DF0C90D-0705-32EA-B4DB-341C311EBB93}" = ATI Catalyst Install Manager
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{26DB09BC-6EB5-4CE0-A05D-D4DECE60E189}_is1" = Phoenix Viewer 1.6.0.1600
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2D440AF4-7330-43F0-A085-35DE1A90E703}" = Lenovo Fingerprint Software
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{37C11957-8228-4119-888D-3EA6B742BD9C}" = Simply Accounting by Sage 2009
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D73DC7A-2D1D-45CF-8A67-24873925C716}" = bpd_scan
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{446B2807-CF65-6D50-2BC8-141E235CD1CD}" = ccc-core-static
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{4FB649CF-3B19-44C2-AE13-3978BA10E3C0}" = Classic Shell
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57FA0525-01F9-4051-8DE9-CBF43CAC68D9}" = Catalyst Control Center - Branding
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5C111F14-D9BE-459D-B0B6-B4D082F03749}" = Mobile Broadband Connect
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69A7A3D0-AE00-4C7E-83AC-61804FA9B7ED}_is1" = BlackWidow version 6.10
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D5D6697-FD6A-4E32-B471-DCD1B6A15D59}" = Font Fitting Room Deluxe
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{73ED3EA3-F96F-D098-7EE4-146FBD30113E}" = PX Profile Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7C6DD158-A31F-5F0B-82A0-C28258CBB31F}" = CCC Help Japanese
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82770D6C-2015-3FF4-B033-A8F6911EBD8E}" = MyFonts Order M2709896
"{82EB6CEA-749A-410F-8AD2-372A286BA3BE}" = Integrated Camera Driver Installer Package Ver.1.27.500.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{872D8B75-1B00-E5AD-22DD-DA74CA237C7C}" = CCC Help Chinese Standard
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AEA6737-8AF3-47BB-95CE-AAB62BE68985}" = MPM
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9966A5DB-8BB0-4D89-A701-386ED84E79B8}" = Adobe Creative Suite 4 Master Collection
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B0B15A5-DDCB-BD52-DF23-0FB44A59B903}" = ccc-utility
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{A34D0CB7-38BC-2C6D-270E-84BF07DB7CCB}" = Catalyst Control Center Graphics Light
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A7A02E23-805C-4AAC-B408-D59A1D53AEA6}" = BPDSoftware
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 8.0 Professional Edition
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC4E477E-BBD4-4C68-8D6C-D10C3BB658F3}" = BPD_DSWizards
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_950" = Adobe Acrobat 9.5.0 - CPSID_83708
"{AD0AA962-111E-41D5-A705-0E3D9178A661}" = BPDSoftware_Ini
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition
"{B18D166F-6E14-45EA-A909-07DBFE15089D}" = SDL TRADOS 7 Freelance
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B26AEDA3-B044-4FC0-B243-871FDAA6D2B6}" = Hex Color Finder
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B318D3D1-3421-4E2A-9C63-5D8FC2457B9C}" = 8500A909_eDocs
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{B99D0112-5508-59BD-B80E-4049E907845C}" = CCC Help Chinese Traditional
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BCEEDC10-441F-4E4E-8590-0955C4C6B3F6}" = Adobe Setup
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BFE4A2B6-4894-436C-8847-70FF3F18D892}" = NVIDIA PhysX Plug-in for Autodesk Maya 2012 32 bit
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C54856BC-3549-4ADE-AD4B-BC48C336DF5A}" = Simply Accounting by Sage 2009
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB5B4945-AA4C-5A32-D6EC-0365F6DC0C41}" = Catalyst Control Center Core Implementation
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi Software
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D00A26B4-CFAD-373C-8A62-4408AA382451}" = CCC Help Dutch
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D4001570-E33E-5B45-7BB6-B0AD9E08788C}" = CCC Help German
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4CFC5F3-481C-40AA-9944-E7E4E732136C}" = Microsoft IntelliType Pro 8.0
"{D984A74E-DFB9-B6A2-C863-732A551F8FB2}" = Catalyst Control Center Localization All
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DAA3DC12-2A82-0866-B3E1-8BCFF6EC5715}" = CCC Help Korean
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1EA855E-9187-4AFB-E7A9-FE655B48386B}" = CCC Help English
"{E276D6EE-9FB5-8456-633A-603893C8F539}" = CCC Help Portuguese
"{E2773E0C-BD2A-D110-F209-0C3E1118009E}" = CCC Help Spanish
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1B03D1F-29B4-86D7-DCF5-8C2DCE13B05E}" = CCC Help Italian
"{F65525AB-4B63-AC34-BE4A-08CA24FC1414}" = Catalyst Control Center Graphics Full Existing
"{F67714D1-6842-EACA-C159-D25B947FA380}" = Catalyst Control Center InstallProxy
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F86D9734-D358-4C5B-BC2B-6D90557FF05B}" = HP Officejet Pro 8500 A909 Series
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F929096B-54A0-4C5C-B125-1E7EB1917412}" = MySQL Connector/ODBC 3.51
"{F932659E-6B83-1BF6-C10D-5F722F33C175}" = CCC Help Swedish
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"112AA64E0C8CC704E307FE914F7DEC1C0035598E" = Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55)
"1FBDB507F002A372EB195A0ACF6E2A2F9D34689E" = Windows Driver Package - Ricoh Company (rismxdp) hdc (09/03/2009 6.10.01.05)
"5F72B7FA1792CB768F6A46E18A9DAD0E1FE1C863" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (09/03/2009 6.10.01.05)
"7-Zip" = 7-Zip 9.10 beta
"8E6CE26AD682E6D46DCCDD39CD93277A2EAF2449" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (07/07/2009 8.1.2.56)
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_7e74552a59eaf9fafd13f90894ac9bd" = Adobe Creative Suite 4 Master Collection
"Akamai" = Akamai NetSession Interface Service
"ATI Uninstaller" = ATI Uninstaller
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"D50474ACAF488895A3CE5D30373288EA6AD46EAA" = Windows Driver Package - Ricoh Company MMC Host Controller (09/03/2009 6.10.01.05)
"Digital Editions" = Adobe Digital Editions
"E59560E2F5B162D40255FCD327ACA5E989D995D2" = Windows Driver Package - Ricoh (5U875UVC) Image (07/08/2009 1.27.500.0)
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.5.0
"Firestorm-Release" = Firestorm-Release (remove only)
"HECI" = Intel(R) Management Engine Interface
"HotspotShield" = Hotspot Shield 2.24
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"IsoBuster_is1" = IsoBuster 2.7
"Lenovo Welcome_is1" = Lenovo Welcome
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROR" = Microsoft Office Professional 2007
"PROSet" = Intel(R) Network Connections Drivers
"Revo Uninstaller" = Revo Uninstaller 1.85
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TK8 StickyNotes_is1" = TK8 StickyNotes 3.4
"uTorrent" = µTorrent
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.1.11
"W7DevOR" = Registry Patch to arrange icons in Device and Printers folder of Windows 7
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid Video Codec 1.3.2" = Xvid Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"GoToMeeting" = GoToMeeting 4.5.0.457
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"WeatherEye" = WeatherEye

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29/03/2012 4:29:58 PM | Computer Name = DTHINK | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 31/03/2012 11:28:05 AM | Computer Name = DTHINK | Source = Windows Activation Technologies | ID = 3
Description = Health check failure: hr = 0x8004FE21, HealthStatus: 0x000000000003EFFF

Error - 01/04/2012 4:14:37 PM | Computer Name = DTHINK | Source = Application Hang | ID = 1002
Description = The program AcFnF5.exe version 5.4.2.23 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1204 Start Time:
01cd1043e9f83bba Termination Time: 93 Application Path: C:\Program Files\Lenovo\Access
Connections\AcFnF5.exe Report Id: 378b37b0-7c37-11e1-bf74-904ce5db69f8

Error - 02/04/2012 2:27:12 PM | Computer Name = DTHINK | Source = Application Error | ID = 1000
Description = Faulting application name: pcdrcui.exe, version: 6.0.5849.23, time
stamp: 0x4e08a551 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
time stamp: 0x4e2111c0 Exception code: 0xe0434f4d Fault offset: 0x0000d36f Faulting
process id: 0x1344 Faulting application start time: 0x01cd10fe328a85b7 Faulting application
path: C:\Program Files\PC-Doctor\pcdrcui.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 7659710c-7cf1-11e1-933b-0022681a5ee9

Error - 02/04/2012 3:39:13 PM | Computer Name = DTHINK | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.

Error - 02/04/2012 3:43:40 PM | Computer Name = DTHINK | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.

Error - 03/04/2012 5:54:51 PM | Computer Name = DTHINK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 03/04/2012 5:54:51 PM | Computer Name = DTHINK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15724

Error - 03/04/2012 5:54:51 PM | Computer Name = DTHINK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15724

Error - 10/04/2012 9:03:41 AM | Computer Name = DTHINK | Source = Windows Activation Technologies | ID = 3
Description = Health check failure: hr = 0x8004FE21, HealthStatus: 0x000000000003EFFF

[ Lenovo-Message Center Plus/Admin Events ]
Error - 25/09/2011 4:02:19 AM | Computer Name = DTHINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 13/12/2011 3:06:32 AM | Computer Name = DTHINK | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = Relevancy program timed out for message 'MCPToLTT_ROW': LTTCheck.exe

Error - 13/12/2011 7:08:36 AM | Computer Name = DTHINK | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = Relevancy program timed out for message 'MCPToLTT_ROW': LTTCheck.exe

[ OSession Events ]
Error - 18/06/2010 5:01:15 PM | Computer Name = DTHINK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 268
seconds with 60 seconds of active time. This session ended with a crash.

Error - 23/08/2010 1:34:02 PM | Computer Name = DTHINK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/11/2010 8:25:39 PM | Computer Name = DTHINK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 22/11/2010 6:19:18 PM | Computer Name = DTHINK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 14/03/2011 11:29:54 AM | Computer Name = DTHINK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 151
seconds with 120 seconds of active time. This session ended with a crash.

Error - 05/05/2011 12:50:37 PM | Computer Name = DTHINK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1178
seconds with 300 seconds of active time. This session ended with a crash.

Error - 02/11/2011 5:31:08 PM | Computer Name = DTHINK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.

Error - 03/11/2011 12:33:00 PM | Computer Name = DTHINK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 79
seconds with 60 seconds of active time. This session ended with a crash.

Error - 03/11/2011 12:33:20 PM | Computer Name = DTHINK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 20/02/2012 11:42:21 AM | Computer Name = DTHINK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2591
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 13/04/2012 3:18:53 PM | Computer Name = DTHINK | Source = Service Control Manager | ID = 7016
Description = The Data Transfer Service service has reported an invalid current 
state 0.

Error - 13/04/2012 6:49:40 PM | Computer Name = DTHINK | Source = amdkmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 13/04/2012 6:49:40 PM | Computer Name = DTHINK | Source = amdkmdag | ID = 43029
Description = Display is not active

Error - 13/04/2012 6:51:10 PM | Computer Name = DTHINK | Source = Service Control Manager | ID = 7022
Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service hung
on starting.

Error - 13/04/2012 6:53:16 PM | Computer Name = DTHINK | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).

Error - 16/04/2012 3:13:54 AM | Computer Name = DTHINK | Source = Service Control Manager | ID = 7016
Description = The Data Transfer Service service has reported an invalid current 
state 0.

Error - 16/04/2012 9:36:04 AM | Computer Name = DTHINK | Source = amdkmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 16/04/2012 9:36:04 AM | Computer Name = DTHINK | Source = amdkmdag | ID = 43029
Description = Display is not active

Error - 16/04/2012 9:37:45 AM | Computer Name = DTHINK | Source = Service Control Manager | ID = 7022
Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service hung
on starting.

Error - 16/04/2012 9:39:49 AM | Computer Name = DTHINK | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).

< End of report >


----------



## Cookiegal (Aug 27, 2003)

Please download * Unhide* and save it to your desktop. Double-click the *Unhide.exe* icon on your desktop and allow the program to run. This program will remove the hidden attribute from all the files on your hard drives, some of which were set by malware. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

This may take some time so please be patient and wait for it to finish.

Open Notepad and copy and paste the text in the code box below into it:


```
File::
C:\Users\DSE\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

*Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.*


----------



## Jodee (Apr 11, 2007)

Combofix Log as requested:

ComboFix 12-04-16.03 - DSE 17/04/2012 13:21:39.8.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.2520.1452 [GMT -4:00]
Running from: c:\users\DSE\Desktop\ComboFix.exe
Command switches used :: c:\users\DSE\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\DSE\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Microsoft
c:\windows\system32\Settings
c:\windows\system32\Settings\Settings.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))
.
.
2012-04-17 17:36 . 2012-04-17 17:36	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-04-17 17:36 . 2012-04-17 17:36	--------	d-----w-	c:\users\molly\AppData\Local\temp
2012-04-17 17:36 . 2012-04-17 17:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-16 14:40 . 2009-08-20 04:50	22872	----a-r-	c:\windows\system32\AdobePDFUI.dll
2012-04-12 17:08 . 2012-04-12 17:08	--------	d-----w-	c:\program files\ESET
2012-03-28 20:21 . 2012-04-17 17:36	--------	d-----w-	c:\users\DSE\AppData\Local\temp
2012-03-28 20:08 . 2012-03-28 20:45	--------	d-----w-	C:\poool
2012-03-21 17:34 . 2012-03-21 17:35	--------	d-----w-	c:\program files\iTunes
2012-03-21 17:34 . 2012-03-21 17:34	--------	d-----w-	c:\program files\iPod
2012-03-19 02:12 . 2012-03-19 02:12	592824	----a-w-	c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-19 02:12 . 2012-03-19 02:12	44472	----a-w-	c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-22 15:01 . 2011-06-16 13:49	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 15:01 . 2012-02-15 15:01	4547944	----a-w-	c:\windows\system32\usbaaplrc.dll
2012-02-15 15:01 . 2012-02-15 15:01	43520	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2012-01-25 00:00 . 2012-01-25 00:00	187904	----a-w-	c:\windows\system32\drivers\netbt.sys
2012-03-19 02:12 . 2011-05-15 16:34	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\DSE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\DSE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\DSE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\DSE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\DSE\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"TK8 StickyNotes"="c:\program files\TK8 StickyNotes\TK8StickyNotes.exe" [2011-01-05 9212720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2009-10-11 55072]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]
"TpShocks"="TpShocks.exe" [2009-07-09 337184]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-08-23 709920]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-08-26 3089720]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2009-12-22 86528]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-22 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-22 174104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^DSE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Utilities^Startup^Bluetooth.lnk]
path=c:\users\DSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^DSE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Utilities^Startup^Digital Line Detect.lnk]
path=c:\users\DSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^DSE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Utilities^Startup^HP SimpleSave Monitor.lnk]
path=c:\users\DSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities\Startup\HP SimpleSave Monitor.lnk
backup=c:\windows\pss\HP SimpleSave Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^DSE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Utilities^Startup^RCIMGDIR.exe.lnk]
path=c:\users\DSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities\Startup\RCIMGDIR.exe.lnk
backup=c:\windows\pss\RCIMGDIR.exe.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2012-03-26 13:00	640440	----a-w-	c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcWin7Hlpr]
2009-10-14 01:33	36864	------w-	c:\program files\Lenovo\Access Connections\AcTBenabler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2012-03-27 09:40	40376	----a-w-	c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37	843712	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2010-01-25 14:31	611712	----a-w-	c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionManager]
2008-09-19 05:00	87336	----a-w-	c:\program files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16	357696	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 23:05	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Message Center Plus]
2009-05-28 06:09	49976	------w-	c:\program files\Lenovo\Message Center Plus\MCPLaunch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\QTTask.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-01-31 20:14	17147528	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-04-23 04:16	1725736	----a-w-	c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TK8 StickyNotes]
2011-01-05 18:28	9212720	----a-w-	c:\program files\TK8 StickyNotes\TK8StickyNotes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherEye]
2009-10-27 01:42	718232	------w-	c:\program files\WeatherNetwork\WeatherEye.exe
.
R2 BackupService;BackupService;c:\users\DSE\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [2010-07-01 83512]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 135664]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-04-04 45496]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2011-08-10 94880]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-09-01 106496]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 CFcatchme;CFcatchme;c:\users\DSE\AppData\Local\Temp\CFcatchme.sys [x]
R3 GPU-Z;GPU-Z;c:\users\DSE\AppData\Local\Temp\GPU-Z.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 135664]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PCDSRVC{3037D694-FD904ACA-06020200}_0;PCDSRVC{3037D694-FD904ACA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-06-27 22640]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-08-23 75040]
R3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys [2009-10-16 45608]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-05 1124848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-30 1343400]
R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2010-01-25 288112]
R4 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\Winsim\ConnectionManager\SimplyConnectionManager.exe [2008-09-19 16680]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-06-29 20520]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-24 172032]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-09-01 1692920]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-09-01 98304]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [2012-01-06 331608]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2012-01-04 329544]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-04-20 130920]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-03-29 64952]
S3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\5U875.sys [2009-07-08 72320]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-08-24 5073920]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-08-24 106496]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-09-01 485376]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 44432]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-08-23 225408]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2009-09-22 5946368]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2009-05-11 88832]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService	REG_MULTI_SZ HsfXAudioService
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Akamai	REG_MULTI_SZ Akamai
HPService	REG_MULTI_SZ HPSLPSVC
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 02:04]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 02:04]
.
2012-04-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
.
2012-04-17 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 24.200.241.37 24.201.245.77 96.22.246.145
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\DSE\AppData\Roaming\Mozilla\Firefox\Profiles\efv5jupl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\DSE\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1648386945-1692156067-1516593421-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Æ:ßNìî*€,+(.+ø.+X-+ˆ,+¸++*Û)ÐÚ)*Ú)0Ù)`Ø)×)ÀÖ)ðÕ)H6+]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1648386945-1692156067-1516593421-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Æ:ßNìî*€,+(.+ø.+X-+ˆ,+¸++*Û)ÐÚ)*Ú)0Ù)`Ø)×)ÀÖ)ðÕ)H6+\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
Completion time: 2012-04-17 13:40:31
ComboFix-quarantined-files.txt 2012-04-17 17:40
ComboFix2.txt 2012-04-02 19:29
ComboFix3.txt 2012-03-28 20:45
ComboFix4.txt 2011-12-21 18:41
ComboFix5.txt 2012-04-17 17:19
.
Pre-Run: 46,549,278,720 bytes free
Post-Run: 48,850,083,840 bytes free
.
- - End Of File - - 765203571BADFE26D33CFBE3A3CED573


----------



## Cookiegal (Aug 27, 2003)

Go to *Start *- *Run *and copy and paste the following then click OK:

*regedit /e C:\look.txt "HKEY_USERS\S-1-5-21-1648386945-1692156067-1516593421-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExt"*

You won't see anything happen and it will only take a second. You will find the report it creates at C:\look.txt. Please open it in Notepad and then copy and paste the report here.


----------



## Jodee (Apr 11, 2007)

Hello


So I followed your instructions but no log is generated. I did it several times and verified in Search but there is no document called look.txt.

Am I missing something?


----------



## Cookiegal (Aug 27, 2003)

Copy and paste the command in Start Search and then right-click on it and choose "Run As Administrator". This should create the report.


----------



## Jodee (Apr 11, 2007)

This doesn't work. I asked a colleague for her help and she was unable as well. I don't know what I'm doing wrong...!


----------



## Cookiegal (Aug 27, 2003)

Let's try a different method:

Open *Notepad* and copy and paste next present *in* the code box:


```
@echo off
regedit /e C:\look.txt "HKEY_USERS\S-1-5-21-1648386945-1692156067-1516593421-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts"
notepad c:\look.txt
del c:\look.txt
del %0
```
Save this as *look.bat*, being sure to choose to save as "All Files" and place it on your Desktop. It should look like this:








Right-click the look.bat file and choose: _Run as administrator_. A Notepad log should open automatically. Copy and paste the contents of it in your next reply.


----------



## Jodee (Apr 11, 2007)

Hi
Sorry for the delay. I was traveling.

I just followed your instructions and I got a Notepad error saying:

Cannot find the c:\look.txt file
Do you want to create a new file?

So I said yes and it did but it is blank.

Thanks
J


----------



## Cookiegal (Aug 27, 2003)

Sorry, I made an error in the batch. I've edited the post above to fix it so please do that again and see if it works now.


----------



## Jodee (Apr 11, 2007)

Success! 

I was unable to post the contents in this space so I have uploaded the notepad file.


----------



## Cookiegal (Aug 27, 2003)

Thanks. There are four entries that look weird because they're not regular letters (could be another language or symbols) that don't convert over to a text document so I need you to take a look in the registry yourself please.

Please open the registry editor and navigate to this key:

[HKEY_USERS\S-1-5-21-1648386945-1692156067-1516593421-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts

To do that, just click on the + that you see to the left of each of these branches:

[HKEY_USERS
S-1-5-21-1648386945-1692156067-1516593421-1003
Software
Microsoft
Windows
CurrentVersion
Explorer
FileExts

Under FileExts, scroll down to this entry:

[HKEY_USERS\S-1-5-21-1648386945-1692156067-1516593421-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\*.zipx*

which should be the last of the file extensions showing with a (dot) in front of them.

The four odd looking entries come between the one above and this one below:

HKEY_USERS\S-1-5-21-1648386945-1692156067-1516593421-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache

Can you tell me what they say and if you recognize them? I think it's something releated to Window Media Player but want to be sure it's not something malicious that's been inserted there.


----------

