[Resolved K] Kevin - this is the second machine infected

[willynilly]

Hi Kevin,

I thought I would make a second topic for the other machine infection that I mentioned earlier.  Ran DSS and pasted the 2 files.  Hope you can help me again.  

========================================
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.3.1
Run by Jay at 16:46:27 on 2012-05-12
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.1.1033.18.3065.1368 [GMT -4:00]
.
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\DTS.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\AtService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files\DDNI\DIBS\DDNIService.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Intel\WiMAX\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Intel\WiMAX\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\WizMouse\WizMouse.exe
C:\Program Files\MouseExtender Launcher Utility\MouseExtender.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\RotateImage\RCIMGDIR.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ClipMate7\ClipMate.exe
C:\Program Files\Weather Watcher Live\ww.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHSA.EXE
C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHSA.EXE
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TechSmith\Snagit 10\snagiteditor.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Intel\AMT\LMS.exe
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\DllHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - c:\program files\winzipbar\prxtbWinZ.dll
mURLSearchHooks: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - c:\program files\winzipbar\prxtbWinZ.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - c:\program files\winzipbar\prxtbWinZ.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.2.0.9\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.2.0.9\ips\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WinZip Courier BHO: {a8fb70fa-0fdf-4601-9dc4-bfa1b357204f} - c:\progra~1\winzip~1\wzwmcie.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - c:\program files\winzipbar\prxtbWinZ.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.2.0.9\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll"
EB: ClipMate ClipBar 7: {f60c63ce-52af-4915-aac9-f100fcde270f} - c:\progra~1\clipma~1\CLIPMA~1.DLL
uRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ClipMate7] c:\program files\clipmate7\ClipMate.exe
uRun: [WeatherWatcherLive] "c:\program files\weather watcher live\ww.exe"
uRun: [Google Update] "c:\users\jay\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [EPLTarget\P0000000000000000] c:\windows\system32\spool\drivers\w32x86\3\e_tatihsa.exe /ept "epltarget\P0000000000000000" /M "WorkForce 845"
uRun: [EPLTarget\P0000000000000001] c:\windows\system32\spool\drivers\w32x86\3\e_tatihsa.exe /ept "epltarget\P0000000000000001" /M "WorkForce 845"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [picon] "c:\program files\common files\intel\privacy icon\PIconStartup.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [TPFNF7] c:\progra~1\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TpShocks] TpShocks.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [CameraApplicationLauncher] c:\program files\lenovo\camera center\bin\CameraApplicationLaunchpadLauncher.exe
mRun: [RoxioDragToDisc] c:\program files\lenovo\drag-to-disc\DrgToDsc.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWlIcon] c:\program files\thinkpad\connectutilities\ACWlIcon.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [AMSG] c:\progra~1\thinkv~1\amsg\Amsg.exe /startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Enterra Icon Keeper] "c:\program files\enterra\icon keeper\IcnKeepr.exe" ssp /s
mRun: [RotateImage] c:\program files\rotateimage\RCIMGDIR.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [FingerPrintSoftwareSplashScreen] "c:\program files\lenovo fingerprint software\splashscreen.exe" \s
mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [<NO NAME>]
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [FUFAXRCV] "c:\program files\epson software\fax utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 10\Snagit32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
Trusted Zone: intuit.com\ttlc
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{14C2872F-B195-4BED-AE57-3213BAD89C0B} : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{3708F728-3D08-43CC-9071-44996DC3BB32} : DhcpNameServer = 75.75.76.76 75.75.75.75
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jay\appdata\roaming\mozilla\firefox\profiles\aymv771x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF4DF&PC=DCF4&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=DCF4DF&PC=DCF4&q=
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\winzip courier\npwzwmc.dll
FF - plugin: c:\users\jay\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-1-31 25416]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0602000.009\symds.sys [2012-4-28 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0602000.009\symefa.sys [2012-4-28 905336]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-3-29 20592]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.1.2\definitions\bashdefs\20120507.001\BHDrvx86.sys [2012-5-8 821880]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0602000.009\ccsetx86.sys [2012-4-28 132744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.1.2\definitions\ipsdefs\20120510.001\IDSvix86.sys [2012-5-10 368248]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-1-7 13680]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0602000.009\ironx86.sys [2012-4-28 149624]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0602000.009\symtdiv.sys [2012-4-28 345208]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2010-10-21 1824064]
R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
R2 DDNIService;DDNIService;c:\program files\ddni\dibs\DDNIService.exe [2011-8-17 166376]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\intel\wimax\wimax\bin\DMAgent.exe [2009-7-30 348160]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-1-31 280640]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2010-10-21 98304]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2008-1-20 21504]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2010-5-2 43584]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2010-9-10 127336]
R2 N360;Norton 360;c:\program files\norton 360\engine\6.2.0.9\ccsvchst.exe [2012-4-28 138232]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-10-4 1662528]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2011-5-13 165440]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-1-7 131432]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-5-19 142696]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-6-6 520192]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-10-4 2058776]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\intel\wimax\wimax\bin\AppSrv.exe [2009-7-30 815104]
R3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\RCUVCMNP.sys [2010-3-7 187776]
R3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2010-10-21 659968]
R3 bpenum;Intel(R) WiMAX Link Enumerator;c:\windows\system32\drivers\bpenum.sys [2009-7-30 56320]
R3 bpmp;Intel(R) WiMAX Link 5050 Series;c:\windows\system32\drivers\bpmp.sys [2009-7-30 142336]
R3 bpusb;Intel(R) WiMAX Link 5050 Series Function Driver;c:\windows\system32\drivers\bpusb.sys [2009-7-30 56320]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-3-7 29472]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2011-8-6 223432]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-3-4 106104]
R3 lnvobus;Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM);c:\windows\system32\drivers\lnvobus.sys [2009-10-4 282880]
R3 lnvocard;Ericsson F3507g Mobile Broadband Minicard Device Management;c:\windows\system32\drivers\lnvocard.sys [2009-10-4 356480]
R3 lnvogps;Ericsson F3507g Mobile Broadband Minicard GPS Port;c:\windows\system32\drivers\lnvogps.sys [2009-10-4 77864]
R3 lnvomdfl;Ericsson F3507g Mobile Broadband Minicard Modem Filter;c:\windows\system32\drivers\lnvomdfl.sys [2009-10-4 15104]
R3 lnvomdfl2;Ericsson F3507g Mobile Broadband Minicard Data Modem Filter;c:\windows\system32\drivers\lnvomdfl2.sys [2009-10-4 15104]
R3 lnvomdm;Ericsson F3507g Mobile Broadband Minicard Modem Driver;c:\windows\system32\drivers\lnvomdm.sys [2009-10-4 365056]
R3 lnvomdm2;Ericsson F3507g Mobile Broadband Minicard Data Modem;c:\windows\system32\drivers\lnvomdm2.sys [2009-10-4 430080]
R3 lnvond5;Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS);c:\windows\system32\drivers\lnvond5.sys [2009-10-4 25984]
R3 lnvounic;Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM);c:\windows\system32\drivers\lnvounic.sys [2009-10-4 375424]
R3 NETwLv32;    Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2010-10-7 6639616]
R3 Sony_EricssonWWSC;Ericsson F3507g Mobile Broadband Minicard PC SC Port;c:\windows\system32\drivers\lnvoscard.sys [2009-10-4 24232]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]
S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-24 48192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2012-2-6 101736]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-24 360448]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2010-10-21 106496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 257696]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2009-4-1 4172288]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2009-4-1 88576]
S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
S3 intelkmd;intelkmd;c:\windows\system32\drivers\igdpmd32.sys [2009-4-1 2473472]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-1 129976]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-3-17 6630912]
S3 PCDSRVC{3037D694-FD904ACA-06020200}_0;PCDSRVC{3037D694-FD904ACA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-3-31 22640]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2010-1-10 19968]
S4 SRDHAKMVTE;SRDHAKMVTE;c:\users\jay\appdata\local\temp\srdhakmvte.exe --> c:\users\jay\appdata\local\temp\SRDHAKMVTE.exe [?]
.
=============== Created Last 30 ================
.
2012-05-09 00:34:40   3604352   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2012-05-09 00:34:40   3552640   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-05-09 00:34:40   2044928   ----a-w-   c:\windows\system32\win32k.sys
2012-05-06 13:42:17   --------   d-----w-   c:\users\jay\appdata\local\Lenovo
2012-04-29 01:56:50   --------   d-----w-   c:\users\jay\appdata\roaming\Malwarebytes
2012-04-29 01:56:46   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-04-29 01:56:46   --------   d-----w-   c:\programdata\Malwarebytes
2012-04-29 01:56:46   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-04-28 23:05:55   905336   ----a-r-   c:\windows\system32\drivers\n360\0602000.009\symefa.sys
2012-04-28 23:05:55   574072   ----a-w-   c:\windows\system32\drivers\n360\0602000.009\srtsp.sys
2012-04-28 23:05:55   345208   ----a-r-   c:\windows\system32\drivers\n360\0602000.009\symtdiv.sys
2012-04-28 23:05:55   340088   ----a-r-   c:\windows\system32\drivers\n360\0602000.009\symds.sys
2012-04-28 23:05:55   32888   ----a-w-   c:\windows\system32\drivers\n360\0602000.009\srtspx.sys
2012-04-28 23:05:55   318584   ----a-r-   c:\windows\system32\drivers\n360\0602000.009\symnets.sys
2012-04-28 23:05:55   149624   ----a-r-   c:\windows\system32\drivers\n360\0602000.009\ironx86.sys
2012-04-28 23:05:55   132744   ----a-r-   c:\windows\system32\drivers\n360\0602000.009\ccsetx86.sys
2012-04-28 23:05:51   4782   ----a-w-   c:\windows\system32\drivers\n360\0602000.009\symvtcer.dat
2012-04-28 23:05:51   --------   d-----w-   c:\windows\system32\drivers\n360\0602000.009
.
==================== Find3M  ====================
.
2012-05-05 21:48:21   70304   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 21:48:21   419488   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-03-30 12:39:11   905600   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-03-24 00:38:00   141944   ------w-   c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-20 23:28:50   53120   ----a-w-   c:\windows\system32\drivers\partmgr.sys
2012-03-15 10:07:00   3743296   ------w-   c:\windows\system32\PWMCP32V.cpl
2012-03-15 10:07:00   2693696   ------w-   c:\windows\PWMBTHLV.EXE
2012-03-15 10:07:00   25416   ------w-   c:\windows\system32\drivers\DOZEHDD.SYS
2012-03-15 10:07:00   17736   ------w-   c:\windows\system32\drivers\TPPWR32V.SYS
2012-03-01 14:46:01   219648   ----a-w-   c:\windows\system32\d3d10_1core.dll
2012-03-01 14:46:01   160768   ----a-w-   c:\windows\system32\d3d10_1.dll
2012-02-29 19:15:06   37440   ----a-w-   c:\windows\system32\tpinspm.dll
2012-02-29 19:15:02   40512   ----a-w-   c:\windows\system32\ibmpmsvc.exe
2012-02-29 19:14:20   35272   ----a-w-   c:\windows\system32\drivers\ibmpmdrv.sys
2012-02-29 15:11:45   5120   ------w-   c:\windows\system32\wmi.dll
2012-02-29 15:11:42   172032   ------w-   c:\windows\system32\wintrust.dll
2012-02-29 15:09:53   157696   ------w-   c:\windows\system32\imagehlp.dll
2012-02-29 14:08:47   1172480   ----a-w-   c:\windows\system32\d3d10warp.dll
2012-02-29 13:44:50   683008   ----a-w-   c:\windows\system32\d2d1.dll
2012-02-29 13:41:40   1069056   ----a-w-   c:\windows\system32\DWrite.dll
2012-02-29 13:32:37   12800   ------w-   c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18:55   1799168   ------w-   c:\windows\system32\jscript9.dll
2012-02-28 01:11:21   1427456   ------w-   c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07   1127424   ------w-   c:\windows\system32\wininet.dll
2012-02-28 01:03:16   2382848   ------w-   c:\windows\system32\mshtml.tlb
2012-02-15 16:01:50   4547944   ------w-   c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01:50   43520   ------w-   c:\windows\system32\drivers\usbaapl.sys
.
============= FINISH: 16:46:56.33 ===============


===================================

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 10/4/2009 12:48:22 PM
System Uptime: 5/12/2012 4:37:59 PM (0 hours ago)
.
Motherboard: LENOVO |  | 4058CTO
Processor: Intel(R) Core(TM)2 Duo CPU     T9600  @ 2.80GHz | None | 2801/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 464 GiB total, 72.734 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 3.106 GiB free.
E: is Removable
S: is FIXED (NTFS) - 1 GiB total, 0.839 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0017
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0017
Service: tunnel
.
==== System Restore Points ===================
.
RP765: 4/28/2012 9:46:56 PM - Installed ThinkPad Power Management Driver
RP766: 4/28/2012 9:47:07 PM - Device Driver Package Install: Lenovo System devices
RP767: 4/29/2012 6:56:55 AM - Windows Update
RP768: 5/5/2012 7:36:29 PM - Scheduled Checkpoint
RP770: 5/5/2012 10:03:49 PM - Installed Power Manager
RP771: 5/6/2012 9:24:29 PM - Installed WinZip 16.5
RP772: 5/6/2012 9:25:45 PM - Windows Update
RP773: 5/6/2012 9:38:31 PM - Installed WinZip 16.5
RP774: 5/8/2012 10:59:48 PM - Windows Update
.
==== Installed Programs ======================
.
.
 Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
7-Zip 9.20
Access Help
Adobe Acrobat 8 Professional - English, Français, Deutsch
Adobe Acrobat 8.3.1 - CPSID_83708
Adobe Acrobat 8.3.1 Professional
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.3.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Aspell English Dictionary-0.50-2
ATI Catalyst Install Manager
ATI Uninstaller
Auslogics Disk Defrag
Beyond Compare Version 2.5.3
Bing Bar
Bonjour
Bullzip PDF Printer 7.2.0.1304
Business Contact Manager for Outlook 2007 SP2
Calendar Magic V18.0
Camera Center
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Dutch
CCC Help English
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Swedish
Client Security - Password Manager
ClipMate 7
Conexant 20561 SmartAudio HD
DIBS
DirectXInstallService
Drag-to-Disc
Duplicate Cleaner 2.1b
Enterra Icon Keeper 1.0.0.2
Epson Connect
Epson Customer Participation
Epson Download Navigator
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 845 Series Printer Uninstall
EpsonNet Print
Eraser 6.0.8.2273
Ericsson Wireless Module Core
FavOrg
FaxRedist
FileMenu Tools
FileSnoop 2
FreeCommander 2009.02b
GNU Aspell 0.50-3
Google Chrome
GPL Ghostscript Lite 8.70
Help Center
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Integrated Camera Driver Installer Package Ver.1.32.500.0
Integrated Camera TWAIN
Intel PROSet Wireless
Intel(R) Management Engine Interface
Intel(R) Network Connections Drivers
Intel(R) PROSet/Wireless WiFi Software
Intel® Active Management Technology
Intel® PROSet/Wireless WiMAX Software
InterVideo Register Manager
InterVideo WinDVD
IrfanView (remove only)
iSEEK AnswerWorks English Runtime
ISO Recorder
iTunes
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 7 Update 3
Java(TM) SE Development Kit 7 Update 3
JavaFX 2.0.3
JavaFX 2.0.3 SDK
Lenovo Auto Scroll Utility
Lenovo Fingerprint Software
Lenovo News-Shop
Lenovo Patch Utility
Lenovo Registration
Lenovo System Interface Driver
Lenovo ThinkVantage Toolbox
Lenovo Welcome v1.0.22.2
Malwarebytes Anti-Malware version 1.61.0.1400
Message Center
Message Center Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mobile Broadband Connect
MouseExtender Launcher Utility
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton 360
Notepad++
OGA Notifier 2.0.0048.0
On Screen Display
PCMagazine SurfSpeed 2
Power Manager
Presentation Director
Product Recovery Disc Burning Utility
Productivity Center Supplement for ThinkPad
PX Profile Update
QuickTime
Registry patch for Windows Vista USB S3 PM Enablement
Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
Registry patch to improve USB device detection on resume from sleep for Windows Vista
RenamerV5
Rescue and Recovery
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
Roxio Activation Module
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator Business Edition
Roxio Express Labeler 3
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Send To Toys v2.5
Skins
SlickEdit 11.0.0
Snagit 10.0.1
Snowbird
Sonic CinePlayer Decoder Pack
Sonic Icons for Lenovo
Speccy
SpeedCrunch 0.10
Spelling Dictionaries Support For Adobe Reader 8
System Migration Assistant
System Update
TextCrawler 2.2
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Integration Setup
ThinkPad Hotkey Features Setup
ThinkPad Keyboard Customizer Utility
ThinkPad Mobility Center Customization
ThinkPad Modem Adapter
ThinkPad Power Management Driver
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Communications Utility
ThinkVantage GPS
ThinkVantage Productivity Center
ThinkVantage Status Gadget
ThinkVantage Technologies Welcome Message
TrueCrypt
TurboTax 2009
TurboTax 2009 wctiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnyiper
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 wctiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wnyiper
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 wctiper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wmiiper
TurboTax 2011 wrapper
Unlocker 1.9.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Verizon Wireless BroadbandAccess Self Activation
Wallpapers
Weather Watcher Live
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric  (07/02/2010 8.6.0.29)
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
Windows Driver Package - Intel (e1yexpress) Net  (03/27/2008 9.50.14.0)
Windows Driver Package - Intel (iaStor) hdc  (05/07/2008 8.2.0.1001)
Windows Driver Package - Intel hdc  (02/20/2008 6.9.1.1001)
Windows Driver Package - Intel System  (01/30/2008 8.6.1.1001)
Windows Driver Package - Intel System  (02/20/2008 8.6.1.1002)
Windows Driver Package - Intel System  (02/20/2008 8.7.0.1007)
Windows Driver Package - Intel System  (09/15/2006 7.0.0.1011)
Windows Driver Package - Intel USB  (02/05/2007 8.3.0.1011)
Windows Driver Package - Lenovo 1.45 (02/18/2008 1.45)
Windows Driver Package - Ricoh Company MMC Host Controller (02/15/2008 6.00.03.05)
Windows Driver Package - Ricoh Company MS Host Controller (07/30/2007 6.00.01.11)
Windows Driver Package - Ricoh Company xD Host Controller (07/30/2007 6.00.01.13)
Windows Live ID Sign-in Assistant
Windows Live Toolbar
WinZip 16.5
WinZip Command Line Support Add-On 3.2
WinZip Courier
WinZipBar Toolbar
WizMouse v1.6.0.2
ZipInstaller
.
==== Event Viewer Messages From Past Week ========
.
5/9/2012 11:23:05 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.
5/6/2012 9:32:06 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  tvtumon
5/6/2012 9:19:27 PM, Error: PlugPlayManager [12]  - The device 'SD Memory Card' (SD\VID_03&OID_5344&PID_SU08G&REV_8.0\5&275c25c&0&0) disappeared from the system without first being prepared for removal.
5/6/2012 6:25:09 PM, Error: Service Control Manager [7016]  - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service has reported an invalid current state 0.
5/6/2012 4:30:42 PM, Error: PlugPlayManager [12]  - The device 'SD Memory Card' (SD\VID_02&OID_544d&PID_SD16G&REV_4.1\5&275c25c&0&0) disappeared from the system without first being prepared for removal.
5/6/2012 2:55:54 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer DNS-323 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3708F728-3D08-43CC-9071-44996DC3BB. The master browser is stopping or an election is being forced.
5/5/2012 9:59:51 PM, Error: Service Control Manager [7016]  - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service has reported an invalid current state 0.
5/5/2012 10:04:51 PM, Error: Service Control Manager [7030]  - The Lenovo Doze Mode Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
5/5/2012 10:03:06 PM, Error: Service Control Manager [7016]  - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service has reported an invalid current state 0.
5/12/2012 4:46:28 PM, Error: Service Control Manager [7016]  - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service has reported an invalid current state 0.
5/12/2012 4:45:13 PM, Error: Service Control Manager [7016]  - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service has reported an invalid current state 0.
5/12/2012 4:44:48 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
5/12/2012 4:44:03 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
5/12/2012 4:39:47 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/12/2012 4:39:44 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/12/2012 4:38:50 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom tvtumon
5/12/2012 4:38:50 PM, Error: Service Control Manager [7000]  - The Parallel port driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/11/2012 11:49:58 PM, Error: Service Control Manager [7016]  - The Data Transfer Service service has reported an invalid current state 0.
5/11/2012 11:46:05 PM, Error: Service Control Manager [7016]  - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service has reported an invalid current state 0.
5/11/2012 10:48:10 PM, Error: Service Control Manager [7016]  - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service has reported an invalid current state 0.
5/10/2012 10:31:04 PM, Error: Service Control Manager [7016]  - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service has reported an invalid current state 0.
.
==== End Of File ===========================

[kevinf80]

Can you refresh my memory, what is wrong with this system..

[willynilly]

Oops, my fault, this is the same problem I had before, when I attempted to run rootkit revealer, I get the message unable to install RootkitRevealer service, the service did not respond to the start or control request in a timely fashion.   I got into the habit of running RootkitRevealer or HijackThis every week or so, just because malware is so sneaky.  By the way, what do you  recommend I should run to do a health check on myself ?

[kevinf80]

OK, run the following:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2

• Ensure that Combofix is saved directly to the Desktop <--- Very important
  
  
• Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  
  
• Close any open browsers and any other programs you might have running
• Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  
  
• Instructions for running Combofix available Here if required.
  
  
• If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
• When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why  disabling autoruns is recommended.

*EXTRA NOTES*

• If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
• If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
     
• If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin

[willynilly]

ComboFix ran to completion, and didn't cause or need a re-boot, here is the output

==================================================

ComboFix 12-05-12.01 - Jay 05/12/2012  20:25:42.4.2 - x86
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.1.1033.18.3065.1465 [GMT -4:00]
Running from: c:\users\Jay\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5849\AddOnDownloaded\d4e8c71e-49d0-4726-a0a2-a8fb0cae81f9.dll
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\Jay\AppData\Local\assembly\tmp
c:\windows\system32\SET5AD0.tmp
c:\windows\system32\SETBBC3.tmp
c:\windows\system32\SETBC63.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2012-04-13 to 2012-05-13  )))))))))))))))))))))))))))))))
.
.
2012-05-13 00:32 . 2012-05-13 00:32   --------   d-----w-   c:\users\Public\AppData\Local\temp
2012-05-13 00:32 . 2012-05-13 00:32   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-05-09 00:35 . 2012-03-20 23:28   53120   ----a-w-   c:\windows\system32\drivers\partmgr.sys
2012-05-09 00:35 . 2012-03-30 12:39   905600   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-05-09 00:35 . 2012-02-01 15:11   1218048   ----a-w-   c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 00:35 . 2012-02-01 15:10   983040   ----a-w-   c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 00:35 . 2012-02-01 15:10   964608   ----a-w-   c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 00:35 . 2012-02-01 15:10   936960   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 00:35 . 2012-02-01 15:10   1404928   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-05-09 00:35 . 2012-02-01 13:58   47104   ----a-w-   c:\program files\Windows Journal\PDIALOG.exe
2012-05-09 00:35 . 2012-03-01 14:46   219648   ----a-w-   c:\windows\system32\d3d10_1core.dll
2012-05-09 00:35 . 2012-03-01 14:46   160768   ----a-w-   c:\windows\system32\d3d10_1.dll
2012-05-09 00:35 . 2012-02-29 14:08   1172480   ----a-w-   c:\windows\system32\d3d10warp.dll
2012-05-09 00:35 . 2012-02-29 13:44   683008   ----a-w-   c:\windows\system32\d2d1.dll
2012-05-09 00:35 . 2012-02-29 13:41   1069056   ----a-w-   c:\windows\system32\DWrite.dll
2012-05-09 00:34 . 2012-04-03 08:16   3604352   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2012-05-09 00:34 . 2012-04-03 08:16   3552640   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-05-09 00:34 . 2012-04-02 13:36   2044928   ----a-w-   c:\windows\system32\win32k.sys
2012-05-06 13:42 . 2012-05-06 13:42   --------   d-----w-   c:\users\Jay\AppData\Local\Lenovo
2012-04-29 01:56 . 2012-04-29 01:56   --------   d-----w-   c:\users\Jay\AppData\Roaming\Malwarebytes
2012-04-29 01:56 . 2012-04-29 01:56   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-04-29 01:56 . 2012-04-29 01:56   --------   d-----w-   c:\programdata\Malwarebytes
2012-04-29 01:56 . 2012-04-04 19:56   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-04-28 23:05 . 2012-04-29 10:52   --------   d-----w-   c:\windows\system32\drivers\N360\0602000.009
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 21:48 . 2012-04-04 22:19   419488   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-05-05 21:48 . 2011-05-20 00:57   70304   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-24 00:38 . 2012-03-04 16:57   141944   ------w-   c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-15 10:07 . 2010-01-31 15:19   25416   ------w-   c:\windows\system32\drivers\DOZEHDD.SYS
2012-03-15 10:07 . 2009-10-04 17:53   3743296   ------w-   c:\windows\system32\PWMCP32V.cpl
2012-03-15 10:07 . 2009-10-04 17:13   2693696   ------w-   c:\windows\PWMBTHLV.EXE
2012-03-15 10:07 . 2009-10-04 17:13   17736   ------w-   c:\windows\system32\drivers\TPPWR32V.SYS
2012-02-29 19:15 . 2009-10-04 16:39   37440   ----a-w-   c:\windows\system32\tpinspm.dll
2012-02-29 19:15 . 2009-10-04 16:39   40512   ----a-w-   c:\windows\system32\ibmpmsvc.exe
2012-02-29 19:14 . 2009-10-04 16:39   35272   ----a-w-   c:\windows\system32\drivers\ibmpmdrv.sys
2012-02-29 15:11 . 2012-04-11 00:37   5120   ------w-   c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-11 00:37   172032   ------w-   c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2012-04-11 00:37   157696   ------w-   c:\windows\system32\imagehlp.dll
2012-02-29 13:32 . 2012-04-11 00:37   12800   ------w-   c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18 . 2012-04-11 00:37   1799168   ------w-   c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-11 00:37   1427456   ------w-   c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 00:37   1127424   ------w-   c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-11 00:37   2382848   ------w-   c:\windows\system32\mshtml.tlb
2012-02-15 16:01 . 2012-02-15 16:01   4547944   ------w-   c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01 . 2012-02-15 16:01   43520   ------w-   c:\windows\system32\drivers\usbaapl.sys
2012-04-29 12:49 . 2011-03-23 21:24   97208   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"= "c:\program files\WinZipBar\prxtbWinZ.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
2011-05-09 09:49   176936   ------w-   c:\program files\WinZipBar\prxtbWinZ.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"= "c:\program files\WinZipBar\prxtbWinZ.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}"= "c:\program files\WinZipBar\prxtbWinZ.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ClipMate7"="c:\program files\ClipMate7\ClipMate.exe" [2009-01-31 3760424]
"WeatherWatcherLive"="c:\program files\Weather Watcher Live\ww.exe" [2009-07-08 1208320]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIHSA.EXE" [2011-04-24 219008]
"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIHSA.EXE" [2011-04-24 219008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"FingerPrintSoftwareSplashScreen"="c:\program files\Lenovo Fingerprint Software\SplashScreen.exe \s" [X]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PIconStartup.exe" [2010-02-04 111640]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-12-23 2321680]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-08-04 62240]
"TpShocks"="TpShocks.exe" [2011-03-29 337256]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
"CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2008-01-04 16384]
"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2012-03-15 4392512]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2012-03-15 214576]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2010-04-22 431464]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2010-04-22 181608]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-02-26 992816]
"AMSG"="c:\progra~1\THINKV~1\AMSG\Amsg.exe" [2009-09-03 436800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-01 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-04-01 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-01 154136]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Enterra Icon Keeper"="c:\program files\Enterra\Icon Keeper\IcnKeepr.exe" [2006-08-18 57344]
"RotateImage"="c:\program files\RotateImage\RCIMGDIR.exe" [2008-10-30 31744]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-05 980368]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-10-2 795936]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-2-10 50688]
Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2011-3-21 7067464]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-4-4 603536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2010-10-21 106496]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
S3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\RCUVCMNP.sys [2009-10-23 187776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   REG_MULTI_SZ      BthServ
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
HsfXAudioService   REG_MULTI_SZ      HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:48]
.
2012-05-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 19:54]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1805500204-410949257-1906730299-1000Core.job
- c:\users\Jay\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-25 01:57]
.
2012-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1805500204-410949257-1906730299-1000UA.job
- c:\users\Jay\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-25 01:57]
.
2012-04-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2012-05-12 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\aymv771x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF4DF&PC=DCF4&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=DCF4DF&PC=DCF4&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-12 20:32
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
.
c:\users\Jay\AppData\Local\Temp\WWLB6.tmp 0 bytes
c:\users\Jay\AppData\Local\Temp\WWLB7.tmp 0 bytes
.
scan completed successfully
hidden files: 2
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.2.0.9\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{3037D694-FD904ACA-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-05-12  20:34:11
ComboFix-quarantined-files.txt  2012-05-13 00:34
.
Pre-Run: 76,806,885,376 bytes free
Post-Run: 78,168,580,096 bytes free
.
- - End Of File - - 13393FFCAC7352E6A565B25CA01B3DBE

[kevinf80]

Thanks for the log, ok do the following:

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code: [Select]

KillAll::
ClearJavaCache::
File::

Folder::
c:\program files\WinZipBar
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"=-
[-HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"=-
[-HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}"=-

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Download TFC  to your desktop, from either of the following links
 Link 1
 Link 2

• Save any open work. TFC will close all open application windows.
• Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select “Run as Administartor”
• If prompted, click "Yes" to reboot.

TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds.  TFC may re-boot your system, if not Re-boot it yourself to  complete cleaning process <---- Very Important

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc.  Always remember to re-boot after a run, even if not prompted

Step 3

Run ESET Online Scan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

• Check
  
• Click the button.
  
• Accept any security warnings from your browser.
• Check
  
• Leave the tick out of remove found threats
  
• Push the Start button.
  
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
  
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  
• Push the button.
  
• Push
  

You can refer to this animation by neomage if needed.
Frequently asked questions available Here  Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

Let me see the logs from Combofix and ESET in your reply, also give update on current issues/concerns...

Kevin

[willynilly]

Hi Kevin,

Below is the ComboFix run with the input your provided, it appeared to work, it didn't require a re-boot.  I ran the TFC and it completed and did a re-boot.  I began to clean out my D drive and while I was at it ran another DDS.  Please take a look at it, I think there are 2 services with odd names running out of my appdata\temp folder.
Thanks for everything (again).

=== from DDS run ===
PPHSZFV;PPHSZFV;c:\users\jay\appdata\local\temp\pphszfv.exe --> c:\users\jay\appdata\local\temp\PPHSZFV.exe [?]
SRDHAKMVTE;SRDHAKMVTE;c:\users\jay\appdata\local\temp\srdhakmvte.exe --> c:\users\jay\appdata\local\temp\SRDHAKMVTE.exe [?]

appending the DDS file here exceeded the 50K char limit, so I will add the DDS in a second reply


=====================================================
ComboFix 12-05-13.02 - Jay 05/13/2012   8:53.5.2 - x86
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.1.1033.18.3065.1587 [GMT -4:00]
Running from: c:\users\Jay\Desktop\ComboFix.exe
Command switches used :: c:\users\Jay\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\WinZipBar
c:\program files\WinZipBar\GottenAppsContextMenu.xml
c:\program files\WinZipBar\ldrtbWinZ.dll
c:\program files\WinZipBar\OtherAppsContextMenu.xml
c:\program files\WinZipBar\prxtbWinZ.dll
c:\program files\WinZipBar\SharedAppsContextMenu.xml
c:\program files\WinZipBar\tbWinZ.dll
c:\program files\WinZipBar\toolbar.cfg
c:\program files\WinZipBar\ToolbarContextMenu.xml
c:\program files\WinZipBar\uninstall.exe
c:\program files\WinZipBar\WinZipBarToolbarHelper.exe
c:\programdata\PCDr\5849\AddOnDownloaded\d4e8c71e-49d0-4726-a0a2-a8fb0cae81f9.dll
.
.
(((((((((((((((((((((((((   Files Created from 2012-04-13 to 2012-05-13  )))))))))))))))))))))))))))))))
.
.
2012-05-13 12:59 . 2012-05-13 13:02   --------   d-----w-   c:\users\Jay\AppData\Local\temp
2012-05-13 12:59 . 2012-05-13 12:59   --------   d-----w-   c:\users\Public\AppData\Local\temp
2012-05-13 12:59 . 2012-05-13 12:59   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-05-13 03:20 . 2012-05-13 03:20   --------   d-----w-   c:\program files\Eraser
2012-05-13 03:19 . 2012-05-13 03:19   --------   d-----w-   c:\program files\Auslogics
2012-05-09 00:34 . 2012-04-03 08:16   3604352   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2012-05-09 00:34 . 2012-04-03 08:16   3552640   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-05-09 00:34 . 2012-04-02 13:36   2044928   ----a-w-   c:\windows\system32\win32k.sys
2012-05-06 13:42 . 2012-05-06 13:42   --------   d-----w-   c:\users\Jay\AppData\Local\Lenovo
2012-04-29 01:56 . 2012-04-29 01:56   --------   d-----w-   c:\users\Jay\AppData\Roaming\Malwarebytes
2012-04-29 01:56 . 2012-04-29 01:56   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-04-29 01:56 . 2012-04-29 01:56   --------   d-----w-   c:\programdata\Malwarebytes
2012-04-29 01:56 . 2012-04-04 19:56   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-04-28 23:05 . 2012-04-29 10:52   --------   d-----w-   c:\windows\system32\drivers\N360\0602000.009
2012-04-28 21:18 . 2012-04-28 21:18   --------   d-----r-   C:\RRbackups
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 21:48 . 2012-04-04 22:19   419488   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-05-05 21:48 . 2011-05-20 00:57   70304   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-24 00:38 . 2012-03-04 16:57   141944   ------w-   c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-15 10:07 . 2010-01-31 15:19   25416   ------w-   c:\windows\system32\drivers\DOZEHDD.SYS
2012-03-15 10:07 . 2009-10-04 17:53   3743296   ------w-   c:\windows\system32\PWMCP32V.cpl
2012-03-15 10:07 . 2009-10-04 17:13   2693696   ------w-   c:\windows\PWMBTHLV.EXE
2012-03-15 10:07 . 2009-10-04 17:13   17736   ------w-   c:\windows\system32\drivers\TPPWR32V.SYS
2012-02-29 19:15 . 2009-10-04 16:39   37440   ----a-w-   c:\windows\system32\tpinspm.dll
2012-02-29 19:15 . 2009-10-04 16:39   40512   ----a-w-   c:\windows\system32\ibmpmsvc.exe
2012-02-29 19:14 . 2009-10-04 16:39   35272   ----a-w-   c:\windows\system32\drivers\ibmpmdrv.sys
2012-02-29 15:11 . 2012-04-11 00:37   5120   ------w-   c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-11 00:37   172032   ------w-   c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2012-04-11 00:37   157696   ------w-   c:\windows\system32\imagehlp.dll
2012-02-29 13:32 . 2012-04-11 00:37   12800   ------w-   c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18 . 2012-04-11 00:37   1799168   ------w-   c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-11 00:37   1427456   ------w-   c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 00:37   1127424   ------w-   c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-11 00:37   2382848   ------w-   c:\windows\system32\mshtml.tlb
2012-02-15 16:01 . 2012-02-15 16:01   4547944   ------w-   c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01 . 2012-02-15 16:01   43520   ------w-   c:\windows\system32\drivers\usbaapl.sys
2012-04-29 12:49 . 2011-03-23 21:24   97208   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ClipMate7"="c:\program files\ClipMate7\ClipMate.exe" [2009-01-31 3760424]
"WeatherWatcherLive"="c:\program files\Weather Watcher Live\ww.exe" [2009-07-08 1208320]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIHSA.EXE" [2011-04-24 219008]
"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIHSA.EXE" [2011-04-24 219008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"FingerPrintSoftwareSplashScreen"="c:\program files\Lenovo Fingerprint Software\SplashScreen.exe \s" [X]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PIconStartup.exe" [2010-02-04 111640]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-12-23 2321680]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-08-04 62240]
"TpShocks"="TpShocks.exe" [2011-03-29 337256]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
"CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2008-01-04 16384]
"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2012-03-15 4392512]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2012-03-15 214576]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2010-04-22 431464]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2010-04-22 181608]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-02-26 992816]
"AMSG"="c:\progra~1\THINKV~1\AMSG\Amsg.exe" [2009-09-03 436800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-01 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-04-01 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-01 154136]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Enterra Icon Keeper"="c:\program files\Enterra\Icon Keeper\IcnKeepr.exe" [2006-08-18 57344]
"RotateImage"="c:\program files\RotateImage\RCIMGDIR.exe" [2008-10-30 31744]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2011-11-05 980368]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-10-2 795936]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-2-10 50688]
Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2011-3-21 7067464]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-4-4 603536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2010-10-21 106496]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
S3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\RCUVCMNP.sys [2009-10-23 187776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   REG_MULTI_SZ      BthServ
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
HsfXAudioService   REG_MULTI_SZ      HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:48]
.
2012-05-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 19:54]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1805500204-410949257-1906730299-1000Core.job
- c:\users\Jay\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-25 01:57]
.
2012-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1805500204-410949257-1906730299-1000UA.job
- c:\users\Jay\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-25 01:57]
.
2012-04-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2012-05-13 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\aymv771x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF4DF&PC=DCF4&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=DCF4DF&PC=DCF4&q=
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-WinZipBar Toolbar - c:\program files\WinZipBar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-13 09:02
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.2.0.9\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{3037D694-FD904ACA-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5804)
c:\program files\PC-Doctor\PcdToolbar584923.dll
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\DTS.exe
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\AtService.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe
c:\program files\LENOVO\HOTKEY\TPHKSVC.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\program files\DDNI\DIBS\DDNIService.exe
c:\program files\ThinkPad\Utilities\DOZESVC.EXE
c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Lenovo\Communications Utility\CAMMUTE.exe
c:\program files\LENOVO\VIRTSCRL\lvvsst.exe
c:\windows\system32\msiexec.exe
c:\program files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe
c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Intel\WiMAX\WiMAX\Bin\AppSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Intel\WiMAX\WiMAX\Bin\DMAgent.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\MouseExtender Launcher Utility\MouseExtender.exe
c:\program files\WizMouse\WizMouse.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\progra~1\ThinkPad\UTILIT~1\PWMUIAux.exe
c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
.
**************************************************************************
.
Completion time: 2012-05-13  09:04:40 - machine was rebooted
ComboFix-quarantined-files.txt  2012-05-13 13:04
ComboFix2.txt  2012-05-13 00:34
.
Pre-Run: 76,059,828,224 bytes free
Post-Run: 75,872,661,504 bytes free
.
- - End Of File - - D15A703E8805BDD999699A6DF1C2DAFF

[willynilly]

Here is the DDS run with the 2 suspicious services.

==================================================
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.3.1
Run by Jay at 21:29:14 on 2012-05-13
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.1.1033.18.3065.1186 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\DTS.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\AtService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files\DDNI\DIBS\DDNIService.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Intel\WiMAX\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\Intel\WiMAX\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\MouseExtender Launcher Utility\MouseExtender.exe
C:\Program Files\WizMouse\WizMouse.exe
C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\RotateImage\RCIMGDIR.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Eraser\Eraser.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ClipMate7\ClipMate.exe
C:\Program Files\Weather Watcher Live\ww.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHSA.EXE
C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHSA.EXE
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\TechSmith\Snagit 10\snagiteditor.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Intel\AMT\LMS.exe
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.2.0.9\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.2.0.9\ips\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WinZip Courier BHO: {a8fb70fa-0fdf-4601-9dc4-bfa1b357204f} - c:\progra~1\winzip~1\wzwmcie.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.2.0.9\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll"
EB: ClipMate ClipBar 7: {f60c63ce-52af-4915-aac9-f100fcde270f} - c:\progra~1\clipma~1\CLIPMA~1.DLL
uRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ClipMate7] c:\program files\clipmate7\ClipMate.exe
uRun: [WeatherWatcherLive] "c:\program files\weather watcher live\ww.exe"
uRun: [EPLTarget\P0000000000000000] c:\windows\system32\spool\drivers\w32x86\3\e_tatihsa.exe /ept "epltarget\P0000000000000000" /M "WorkForce 845"
uRun: [EPLTarget\P0000000000000001] c:\windows\system32\spool\drivers\w32x86\3\e_tatihsa.exe /ept "epltarget\P0000000000000001" /M "WorkForce 845"
mRun: [picon] "c:\program files\common files\intel\privacy icon\PIconStartup.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [TPFNF7] c:\progra~1\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TpShocks] TpShocks.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [CameraApplicationLauncher] c:\program files\lenovo\camera center\bin\CameraApplicationLaunchpadLauncher.exe
mRun: [RoxioDragToDisc] c:\program files\lenovo\drag-to-disc\DrgToDsc.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWlIcon] c:\program files\thinkpad\connectutilities\ACWlIcon.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [AMSG] c:\progra~1\thinkv~1\amsg\Amsg.exe /startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Enterra Icon Keeper] "c:\program files\enterra\icon keeper\IcnKeepr.exe" ssp /s
mRun: [RotateImage] c:\program files\rotateimage\RCIMGDIR.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [FingerPrintSoftwareSplashScreen] "c:\program files\lenovo fingerprint software\splashscreen.exe" \s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [FUFAXRCV] "c:\program files\epson software\fax utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 10\Snagit32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
Trusted Zone: intuit.com\ttlc
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{14C2872F-B195-4BED-AE57-3213BAD89C0B} : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{3708F728-3D08-43CC-9071-44996DC3BB32} : DhcpNameServer = 75.75.76.76 75.75.75.75
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jay\appdata\roaming\mozilla\firefox\profiles\aymv771x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF4DF&PC=DCF4&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=DCF4DF&PC=DCF4&q=
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\winzip courier\npwzwmc.dll
FF - plugin: c:\users\jay\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-1-31 25416]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0602000.009\symds.sys [2012-4-28 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0602000.009\symefa.sys [2012-4-28 905336]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-3-29 20592]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.1.2\definitions\bashdefs\20120507.001\BHDrvx86.sys [2012-5-8 821880]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0602000.009\ccsetx86.sys [2012-4-28 132744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.1.2\definitions\ipsdefs\20120511.001\IDSvix86.sys [2012-5-12 368248]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-1-7 13680]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0602000.009\ironx86.sys [2012-4-28 149624]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0602000.009\symtdiv.sys [2012-4-28 345208]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2010-10-21 1824064]
R2 DDNIService;DDNIService;c:\program files\ddni\dibs\DDNIService.exe [2011-8-17 166376]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\intel\wimax\wimax\bin\DMAgent.exe [2009-7-30 348160]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-1-31 280640]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2010-10-21 98304]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2008-1-20 21504]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2010-5-2 43584]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2010-9-10 127336]
R2 N360;Norton 360;c:\program files\norton 360\engine\6.2.0.9\ccsvchst.exe [2012-4-28 138232]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-10-4 1662528]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2011-5-13 165440]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-1-7 131432]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-5-19 142696]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-6-6 520192]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-10-4 2058776]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\intel\wimax\wimax\bin\AppSrv.exe [2009-7-30 815104]
R3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\RCUVCMNP.sys [2010-3-7 187776]
R3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2010-10-21 659968]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 bpenum;Intel(R) WiMAX Link Enumerator;c:\windows\system32\drivers\bpenum.sys [2009-7-30 56320]
R3 bpmp;Intel(R) WiMAX Link 5050 Series;c:\windows\system32\drivers\bpmp.sys [2009-7-30 142336]
R3 bpusb;Intel(R) WiMAX Link 5050 Series Function Driver;c:\windows\system32\drivers\bpusb.sys [2009-7-30 56320]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-3-7 29472]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2011-8-6 223432]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-3-4 106104]
R3 lnvobus;Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM);c:\windows\system32\drivers\lnvobus.sys [2009-10-4 282880]
R3 lnvocard;Ericsson F3507g Mobile Broadband Minicard Device Management;c:\windows\system32\drivers\lnvocard.sys [2009-10-4 356480]
R3 lnvogps;Ericsson F3507g Mobile Broadband Minicard GPS Port;c:\windows\system32\drivers\lnvogps.sys [2009-10-4 77864]
R3 lnvomdfl;Ericsson F3507g Mobile Broadband Minicard Modem Filter;c:\windows\system32\drivers\lnvomdfl.sys [2009-10-4 15104]
R3 lnvomdfl2;Ericsson F3507g Mobile Broadband Minicard Data Modem Filter;c:\windows\system32\drivers\lnvomdfl2.sys [2009-10-4 15104]
R3 lnvomdm;Ericsson F3507g Mobile Broadband Minicard Modem Driver;c:\windows\system32\drivers\lnvomdm.sys [2009-10-4 365056]
R3 lnvomdm2;Ericsson F3507g Mobile Broadband Minicard Data Modem;c:\windows\system32\drivers\lnvomdm2.sys [2009-10-4 430080]
R3 lnvond5;Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS);c:\windows\system32\drivers\lnvond5.sys [2009-10-4 25984]
R3 lnvounic;Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM);c:\windows\system32\drivers\lnvounic.sys [2009-10-4 375424]
R3 NETwLv32;    Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2010-10-7 6639616]
R3 Sony_EricssonWWSC;Ericsson F3507g Mobile Broadband Minicard PC SC Port;c:\windows\system32\drivers\lnvoscard.sys [2009-10-4 24232]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]
S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-24 48192]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2012-2-6 101736]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-24 360448]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2010-10-21 106496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 257696]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2009-4-1 4172288]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2009-4-1 88576]
S3 intelkmd;intelkmd;c:\windows\system32\drivers\igdpmd32.sys [2009-4-1 2473472]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-1 129976]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-3-17 6630912]
S3 PCDSRVC{3037D694-FD904ACA-06020200}_0;PCDSRVC{3037D694-FD904ACA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-3-31 22640]
S3 PPHSZFV;PPHSZFV;c:\users\jay\appdata\local\temp\pphszfv.exe --> c:\users\jay\appdata\local\temp\PPHSZFV.exe [?]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2010-1-10 19968]
S4 SRDHAKMVTE;SRDHAKMVTE;c:\users\jay\appdata\local\temp\srdhakmvte.exe --> c:\users\jay\appdata\local\temp\SRDHAKMVTE.exe [?]
.
=============== Created Last 30 ================
.
2012-05-13 13:03:51   --------   d-sh--w-   C:\$RECYCLE.BIN
2012-05-13 12:59:54   --------   d-----w-   c:\users\jay\appdata\local\temp
2012-05-13 03:20:22   --------   d-----w-   c:\program files\Eraser
2012-05-13 03:19:19   --------   d-----w-   c:\program files\Auslogics
2012-05-13 00:24:00   98816   ----a-w-   c:\windows\sed.exe
2012-05-13 00:24:00   518144   ----a-w-   c:\windows\SWREG.exe
2012-05-13 00:24:00   256000   ----a-w-   c:\windows\PEV.exe
2012-05-13 00:24:00   208896   ----a-w-   c:\windows\MBR.exe
2012-05-09 00:34:40   3604352   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2012-05-09 00:34:40   3552640   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-05-09 00:34:40   2044928   ----a-w-   c:\windows\system32\win32k.sys
2012-05-06 13:42:17   --------   d-----w-   c:\users\jay\appdata\local\Lenovo
2012-04-29 01:56:50   --------   d-----w-   c:\users\jay\appdata\roaming\Malwarebytes
2012-04-29 01:56:46   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-04-29 01:56:46   --------   d-----w-   c:\programdata\Malwarebytes
2012-04-29 01:56:46   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-04-28 23:05:55   905336   ----a-r-   c:\windows\system32\drivers\n360\0602000.009\symefa.sys
2012-04-28 23:05:55   574072   ----a-w-   c:\windows\system32\drivers\n360\0602000.009\srtsp.sys
2012-04-28 23:05:55   345208   ----a-r-   c:\windows\system32\drivers\n360\0602000.009\symtdiv.sys
2012-04-28 23:05:55   340088   ----a-r-   c:\windows\system32\drivers\n360\0602000.009\symds.sys
2012-04-28 23:05:55   32888   ----a-w-   c:\windows\system32\drivers\n360\0602000.009\srtspx.sys
2012-04-28 23:05:55   318584   ----a-r-   c:\windows\system32\drivers\n360\0602000.009\symnets.sys
2012-04-28 23:05:55   149624   ----a-r-   c:\windows\system32\drivers\n360\0602000.009\ironx86.sys
2012-04-28 23:05:55   132744   ----a-r-   c:\windows\system32\drivers\n360\0602000.009\ccsetx86.sys
2012-04-28 23:05:51   4782   ----a-w-   c:\windows\system32\drivers\n360\0602000.009\symvtcer.dat
2012-04-28 23:05:51   --------   d-----w-   c:\windows\system32\drivers\n360\0602000.009
.
==================== Find3M  ====================
.
2012-05-05 21:48:21   70304   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 21:48:21   419488   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-03-30 12:39:11   905600   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-03-24 00:38:00   141944   ------w-   c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-20 23:28:50   53120   ----a-w-   c:\windows\system32\drivers\partmgr.sys
2012-03-15 10:07:00   3743296   ------w-   c:\windows\system32\PWMCP32V.cpl
2012-03-15 10:07:00   2693696   ------w-   c:\windows\PWMBTHLV.EXE
2012-03-15 10:07:00   25416   ------w-   c:\windows\system32\drivers\DOZEHDD.SYS
2012-03-15 10:07:00   17736   ------w-   c:\windows\system32\drivers\TPPWR32V.SYS
2012-03-01 14:46:01   219648   ----a-w-   c:\windows\system32\d3d10_1core.dll
2012-03-01 14:46:01   160768   ----a-w-   c:\windows\system32\d3d10_1.dll
2012-02-29 19:15:06   37440   ----a-w-   c:\windows\system32\tpinspm.dll
2012-02-29 19:15:02   40512   ----a-w-   c:\windows\system32\ibmpmsvc.exe
2012-02-29 19:14:20   35272   ----a-w-   c:\windows\system32\drivers\ibmpmdrv.sys
2012-02-29 15:11:45   5120   ------w-   c:\windows\system32\wmi.dll
2012-02-29 15:11:42   172032   ------w-   c:\windows\system32\wintrust.dll
2012-02-29 15:09:53   157696   ------w-   c:\windows\system32\imagehlp.dll
2012-02-29 14:08:47   1172480   ----a-w-   c:\windows\system32\d3d10warp.dll
2012-02-29 13:44:50   683008   ----a-w-   c:\windows\system32\d2d1.dll
2012-02-29 13:41:40   1069056   ----a-w-   c:\windows\system32\DWrite.dll
2012-02-29 13:32:37   12800   ------w-   c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18:55   1799168   ------w-   c:\windows\system32\jscript9.dll
2012-02-28 01:11:21   1427456   ------w-   c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07   1127424   ------w-   c:\windows\system32\wininet.dll
2012-02-28 01:03:16   2382848   ------w-   c:\windows\system32\mshtml.tlb
2012-02-15 16:01:50   4547944   ------w-   c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01:50   43520   ------w-   c:\windows\system32\drivers\usbaapl.sys
.
============= FINISH: 21:29:32.61 ===============

[kevinf80]

Yes I note those entries, no hits on Google makes them very suspicious. Did you run ESET?

[willynilly]

This machine's C drive is 500GB, so I have been cleaning out my accumpulation of old files.  My plan is to complete my data clean-up and kick off ESET to run overnight.  Please be patient with me, cleaning up stuff I have been collecting for too long, is time consuming, especially since the day job takes so much time.  I'll post the ESET run in the next or so.  Thanks again Kevin.

[kevinf80]

Yep that sounds good to me, run ESET and post its log when you`re ready....

Kevin

[willynilly]

Hey Kevin,

ESET completed.  Scaned 304.890 files, elapsed time 12:48:40, 123 infected files.

I have been collecting useful freeware from reputable sites (or at least believed I was) over a very long time.  Guess the odds are some malware sneaks in or ESET doesn't care for programs that do things they claim to do, like the more powerful system utitlites or network scanners, password helpers, etc.  Things that if a program did secretly would be malware, but if they state that they have those capabilites and I would use them for that purpose, would just be them doing their job.  Not attempting to get into a philosophical debate, just that none of the discovered questionable programs are ever executed, they are all in my software archives and haven't been run, so they couldn't be the source of my problem.  I just wanted you to have a straight answer.
 
Ok, what would be my next step sir?  Those 2 funny services aren't because of my trying out any archived code, honest.

[kevinf80]

I need to see the log from ESET, should be here C:\Program Files\ESET\EsetOnlineScanner\log.txt

Also need an update on current issues concerns...

Next run the following:

Please download OTM by OldTimer.
Alternative Mirror 1
Alternative Mirror 2 
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator. Be aware all processes will stopped during run, also Desktop will disappear, this will be put back on completion....

• Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

Code: [Select]

:Services
SRDHAKMVTE
PPHSZFV
:Files
ipconfig /flushdns /c
:Commands
[EmptyTemp]


• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTM
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Next,

Re-run DDS and post fresh DDS.txt....

In your reply i`d like the following....

• Log from ESET
• Log from OTM
• Update on current issues

Kevin

[willynilly]

Hi Kevin,

Here are the ESET log, the OTM log and another DDS.txt.  No symptoms now.  By the way there were only very slight things, like intermittent delays, very intermittent program failures, very slight things that seemed like a slow network or intermittent delay or random program failure. Almost like a normal day in most ways.  These guys are really trickly.  DDS shows the services gone, think you have saved me again.  thank you.

======================================================
ESET log

C:\Users\Jay\Documents\Uty\Archiver\WinZipV10\Helper\WinZipV10.0-6667-keygen.zip   probably a variant of Win32/Hupigon.CUYPVYE trojan
C:\Users\Jay\Documents\Uty\Archiver\WinZipV10\Helper\WinZipV10.x-keygen-chosen.zip   probably a variant of Win32/Spy.Agent.JAADAUX trojan
C:\Users\Jay\Documents\Uty\Archiver\WinZipV10\Helper\WinZipV10.x-keygen.zip   a variant of Win32/Packed.CrackPack.A application
C:\Users\Jay\Documents\Uty\Audio\Converters\FoxTabAudioConverterV2.3.02-setup.exe   a variant of Win32/SweetIM.A application
C:\Users\Jay\Documents\Uty\Audio\Converters\FreeMP3WMAConverterV1.72.exe   Win32/Toolbar.Widgi application
C:\Users\Jay\Documents\Uty\Audio\Converters\FreeMP3WMAConverterV1.81.exe   Win32/Toolbar.Widgi application
C:\Users\Jay\Documents\Uty\Audio\Converters\JodixFreeWMAtoMP3ConverterV1.08.exe   probably a variant of Win32/PSW.Agent.BUPXGWL trojan
C:\Users\Jay\Documents\Uty\Audio\Converters\Video2mp3.exe   a variant of Win32/Agent.RNG trojan
C:\Users\Jay\Documents\Uty\Audio\Converters\Wav2mp3converter.exe   a variant of Win32/Agent.RNG trojan
C:\Users\Jay\Documents\Uty\Audio\Recorder\SonarcaFreeRecorderV3.3.5-setup.exe   Win32/DeFile.Gen application
C:\Users\Jay\Documents\Uty\Audio\Ripper\ExactAudioCopyV0.99-prebeta4.exe   a variant of Win32/Adware.ADON application
C:\Users\Jay\Documents\Uty\Browser\InternetExplorer\Modifications\InternetOKv2.2-setup.zip   probably unknown NewHeur_PE virus
C:\Users\Jay\Documents\Uty\BrowserAuction\AScrapeV1.23.exe   probably a variant of Win32/Adware.Agent.IVDFERL application
C:\Users\Jay\Documents\Uty\BrowserPopUp\SafeGuardPopUpProFreeV7.71d.exe   a variant of Win32/Adware.PopupDefence.AA application
C:\Users\Jay\Documents\Uty\BrowserToolbar\ExactSeekToolbarV2.3.exe   Win32/Adware.SearchIt application
C:\Users\Jay\Documents\Uty\Calculator\FalcoCalculatorV3.7.1-setup.exe   multiple threats
C:\Users\Jay\Documents\Uty\CD-tools\Burner\BurnAwareV1.2.6-free.exe   probably a variant of Win32/Spy.Banker.NQAXJWQ trojan
C:\Users\Jay\Documents\Uty\CD-tools\Burner\FreeBurnerV3.8-withadware.exe   Win32/Toolbar.Widgi application
C:\Users\Jay\Documents\Uty\Clock\Alarm\AlarmclockV2.0.zip   multiple threats
C:\Users\Jay\Documents\Uty\Clock\Scheduler\dMaintenanceV1.2.zip   probably unknown NewHeur_PE virus
C:\Users\Jay\Documents\Uty\Command-line\NirCommandLineV1.20.zip   Win32/Dialer.X application
C:\Users\Jay\Documents\Uty\Desktop\AlternateDesktops\DesktopSwitcher-setup-install-Yahoo.exe   Win32/Adware.OneStep application
C:\Users\Jay\Documents\Uty\Desktop\Animate\LebndigV1.0_byDevrexster.exe   probably a variant of Win32/Adware.Agent.GPUJIBZ application
C:\Users\Jay\Documents\Uty\Desktop\Minimizer\4tTrayMinimizerFreeV4.27.exe   probably a variant of Win32/Agent.LBTEFME trojan
C:\Users\Jay\Documents\Uty\Desktop\VirtualDesktops\RealDesktopV1.28-free-setup.exe   a variant of Win32/Adware.ADON application
C:\Users\Jay\Documents\Uty\Diagnostic\Enqueued\UnlockerV1.8.8.exe   Win32/Adware.ADON application
C:\Users\Jay\Documents\Uty\Diagnostic\Enqueued\UnlockerV1.8.9.exe   Win32/Adware.ADON application
C:\Users\Jay\Documents\Uty\Diagnostic\Enqueued\UnlockerV1.9.0-a.exe   Win32/Adware.ADON application
C:\Users\Jay\Documents\Uty\Diagnostic\Enqueued\UnlockerV1.9.0-b.exe   Win32/Adware.ADON application
C:\Users\Jay\Documents\Uty\Diagnostic\Enqueued\UnlockerV1.9.1.exe   Win32/Adware.ADON application
C:\Users\Jay\Documents\Uty\Diagnostic\TaskManager\AuslogicsTaskManagerV2.0.6.exe   a variant of Win32/SoftonicDownloader.A application
C:\Users\Jay\Documents\Uty\Diagnostic\TaskManager\ProcessFreezer.exe   a variant of Win32/Agent.RNG trojan
C:\Users\Jay\Documents\Uty\Diskdrive\Partition\PowerQuest\DeployCenter\DeployCenterV5.50.zip   probably unknown NewHeur_PE virus
C:\Users\Jay\Documents\Uty\Diskdrive\Partition\PowerQuest\DeployCenter\DeployCenterV5.51.zip   probably unknown NewHeur_PE virus
C:\Users\Jay\Documents\Uty\Diskdrive\Virtual\Gmail\RoamDriveV1.0.18-files-to-from-Gmail-beta2.exe   a variant of Win32/InstallCore.D application
C:\Users\Jay\Documents\Uty\Email\SmileyCentralV2.1.50.3--setup.exe   a variant of Win32/Toolbar.MyWebSearch.O application
C:\Users\Jay\Documents\Uty\Email\GMail\Notifer\GmailGrowlV1.4.1.msi   Win32/Packed.Autoit.C.Gen application
C:\Users\Jay\Documents\Uty\Email\Spam\SpamdelV1.0.4beta.exe   probably unknown NewHeur_PE virus
C:\Users\Jay\Documents\Uty\FileChanger\TestFindV2.1-setup.exe   multiple threats
C:\Users\Jay\Documents\Uty\FileManagers\FreeCommander\FreeCommanderV2009.02-setup.zip   a variant of Win32/Adware.ADON application
C:\Users\Jay\Documents\Uty\FileSplit\SplittingV4.30-install.exe   probably a variant of Win32/TrojanDownloader.Agent.BDUTPCE trojan
C:\Users\Jay\Documents\Uty\FileViewer\QVP6\quickviewplus6.0.1cracktnt.zip   probably a variant of Win32/Agent.DALDNBS trojan
C:\Users\Jay\Documents\Uty\Firewall\SystemSafetyMonitorV1.9.6-beta2.zip   probably a variant of Win32/Agent.MTDZSRT trojan
C:\Users\Jay\Documents\Uty\Games\FalcoCrushesSetup.exe   multiple threats
C:\Users\Jay\Documents\Uty\Games\Bigger\AsciiDoom.exe   probably a variant of Win32/TrojanDownloader.ConHook.NAJ trojan
C:\Users\Jay\Documents\Uty\Games\Bigger\Camel.exe   probably a variant of Win32/TrojanDownloader.ConHook.NAJ trojan
C:\Users\Jay\Documents\Uty\Games\Bigger\HighwayPursuit.exe   probably a variant of Win32/TrojanDownloader.ConHook.NAJ trojan
C:\Users\Jay\Documents\Uty\Games\Speedup\GameBoosterV2.2.exe   a variant of Win32/Toolbar.Widgi application
C:\Users\Jay\Documents\Uty\Graphs\FalcoGraphBuilderSetup.exe   multiple threats
C:\Users\Jay\Documents\Uty\Humor\Software_Pranks\IFallingIcons.exe   probably a variant of Win32/Agent.MBHEZQV trojan
C:\Users\Jay\Documents\Uty\Humor\Software_Pranks\IllegalOperationMsg.zip   probably a variant of Win32/Agent.GCEEXXZ trojan
C:\Users\Jay\Documents\Uty\Humor\Software_Pranks\MouseFinger.zip   probably a variant of Win32/Agent.CXFEPBE trojan
C:\Users\Jay\Documents\Uty\Humor\Software_Pranks\MultiErrorPro.exe   probably unknown NewHeur_PE virus
C:\Users\Jay\Documents\Uty\Humor\Software_Pranks\PurpleScreen.exe   probably a variant of Win32/Agent.CQFRRFE trojan
C:\Users\Jay\Documents\Uty\Humor\Software_Pranks\Windows_Failures.exe   probably a variant of Win32/Agent.EDDLOCB trojan
C:\Users\Jay\Documents\Uty\InstallPgms\ExeBundleV2.82.exe   Win32/TrojanDropper.Exebundle.27 trojan
C:\Users\Jay\Documents\Uty\Karaoke\AVVideoKaraokeMakerV1.0.exe   Win32/Toolbar.Widgi application
C:\Users\Jay\Documents\Uty\Karaoke\MP3KaraokeV6.16-setup.exe   Win32/DeFile.Gen application
C:\Users\Jay\Documents\Uty\Languages\AmlMapleV2.65-build498-zip.exe   a variant of Win32/InstallCore.D application
C:\Users\Jay\Documents\Uty\Messaging\Funny-MSN-Display-Pictures.zip   Win32/Adware.180Solutions application
C:\Users\Jay\Documents\Uty\Monitor\Cpu\CoretempV1.2.36.exe   a variant of Win32/InstallIQ application
C:\Users\Jay\Documents\Uty\Monitor\Cpu\CpuSpeedProV3.0.4.4-setup.exe   a variant of Win32/InstallCore.D application
C:\Users\Jay\Documents\Uty\Monitor\Cpu\CpuSpeedProV3.0.4.5-setup.exe   a variant of Win32/InstallCore.D application
C:\Users\Jay\Documents\Uty\Monitor\Memory\MemoryMonitor-setup-install-Yahoo.exe   Win32/Adware.OneStep application
C:\Users\Jay\Documents\Uty\Monitor\Network\CyberBandwidthMonitor-setup-install-Yahoo.exe   Win32/Adware.OneStep application
C:\Users\Jay\Documents\Uty\Music\ScreamerMenuV1.2.exe   probably a variant of Win32/Agent.MSWCKMX trojan
C:\Users\Jay\Documents\Uty\Music\Search\2findmp3V808-free.exe   multiple threats
C:\Users\Jay\Documents\Uty\Network\ProxyServer\UnblockWebsitesProxyV1.0-setup.exe   probably a variant of Win32/TrojanDropper.Agent.MHWSBGZ trojan
C:\Users\Jay\Documents\Uty\Network\ProxyServer\WebProxyCheckerV1.5.6.exe   probably a variant of Win32/TrojanDownloader.Adload.FUPVJMJ trojan
C:\Users\Jay\Documents\Uty\Network\Sniffer\NetworkDigger-setup-install-Yahoo.exe   Win32/Adware.OneStep application
C:\Users\Jay\Documents\Uty\Network\VPN\HotSpotSheildV1.03-install.exe   multiple threats
C:\Users\Jay\Documents\Uty\Network\VPN\HotSpotShieldV1.03b-install.exe   a variant of Win32/HotSpotShield application
C:\Users\Jay\Documents\Uty\PB software\Spyware applications\spysweeper\SpySweeperSetup.msi   probably unknown NewHeur_PE virus
C:\Users\Jay\Documents\Uty\PCMag\Purchased\HDHeartBeatV1.0.0.zip   probably a variant of Win32/TrojanDownloader.Agent.LNHOYFO trojan
C:\Users\Jay\Documents\Uty\PCMag-FallFreeware\Sky_Fire_Demo.exe   multiple threats
C:\Users\Jay\Documents\Uty\PictureTools\SlideShow\SimplySlideshowV1.1.22-setup.exe   a variant of Win32/InstallCore.D application
C:\Users\Jay\Documents\Uty\Programs\Pgm-Tools\PEexplorer\Keys\PE_Explorer_v1.81.zip   probably a variant of Win32/Agent.FREGFSB trojan
C:\Users\Jay\Documents\Uty\Registry\Cleaner\FalcoRegistryDoctorSetup.exe   multiple threats
C:\Users\Jay\Documents\Uty\Registry\Repair\GlaryRegistryRepairV3.1.0.800-setup.exe   Win32/Induc virus
C:\Users\Jay\Documents\Uty\Registry\Scanner\RegScannerV1.70-setup.exe   probably a variant of Win32/Adware.Agent.IPWSNJP application
C:\Users\Jay\Documents\Uty\RemoteAccess\RemoteManager-setup-install-Yahoo.exe   Win32/Adware.OneStep application
C:\Users\Jay\Documents\Uty\ScreenCapture\DeskScanV1.34.zip   probably a variant of Win32/Agent.FRMNQSG trojan
C:\Users\Jay\Documents\Uty\ScreenCapture\DesktopScreenshotWhiz-setup-install-Yahoo.exe   Win32/Adware.OneStep application
C:\Users\Jay\Documents\Uty\ScreenSaver\ChangeOfSeasonsScreensaver.zip   Win32/StartPage.NIB trojan
C:\Users\Jay\Documents\Uty\ScreenSaver\dolphinfree.exe   multiple threats
C:\Users\Jay\Documents\Uty\ScreenSaver\HauntedHouseScreenSaver-free.exe   multiple threats
C:\Users\Jay\Documents\Uty\ScreenSaver\HauntedHouseScreensaverV1.4.exe   Win32/Toolbar.Widgi application
C:\Users\Jay\Documents\Uty\ScreenSaver\Screensaver-Ford-f150v2.zip   Win32/StartPage.NIB trojan
C:\Users\Jay\Documents\Uty\Security\Encryption\Folder\FolderLockV5.16-trial.exe   probably a variant of Win32/Agent.JNUGWF trojan
C:\Users\Jay\Documents\Uty\Security\FoundStone\blastV2.0.zip   probably a variant of Win32/Agent.NRPWKFH trojan
C:\Users\Jay\Documents\Uty\Security\FoundStone\MS05051ScanV1.0.zip   probably a variant of Win32/Agent.GKNMNFE trojan
C:\Users\Jay\Documents\Uty\Security\Hide\AndrewsAntiSnoopingToolV1.0-install.exe   Win32/Packed.Autoit.A.Gen application
C:\Users\Jay\Documents\Uty\Security\PasswordReset\ProtectedPasswordsV160.zip   Win32/PassDump.160 application
C:\Users\Jay\Documents\Uty\Security\PasswordReset\ProtectedStoragePasswordViewerV160.zip   Win32/PassDump.160 application
C:\Users\Jay\Documents\Uty\Security\SampleCode\AnnaKornikova.txt   probably a variant of VBS/Lee.Based worm
C:\Users\Jay\Documents\Uty\Security\SampleCode\MarkerC.txt   W97M/Marker.C trojan
C:\Users\Jay\Documents\Uty\Security\Surveillance\HookerV2.55.zip   multiple threats
C:\Users\Jay\Documents\Uty\Security\Surveillance\KeyloggerV1.6-trial.zip   multiple threats
C:\Users\Jay\Documents\Uty\Shared\SharedSystems\DietK-V3.0build8.exe   multiple threats
C:\Users\Jay\Documents\Uty\Spyware\StealthWebPageRecorderV1.0.exe   Win32/Spy.WebPageRecorder.A trojan
C:\Users\Jay\Documents\Uty\Television\MiroV3.5.1-installer.exe   Win32/Toolbar.Zugo application
C:\Users\Jay\Documents\Uty\Television\MiroV4.0.3-installer.exe   Win32/Toolbar.Zugo application
C:\Users\Jay\Documents\Uty\VideoCodecs\Windows7CodecPackV3.0.0-setup.exe   a variant of Win32/Toolbar.Widgi application
C:\Users\Jay\Documents\Uty\VideoDVD\DVD-Covers\eCoverV1.06-setup.exe   probably a variant of Win32/TrojanDownloader.Agent.DCWNHBD trojan
C:\Users\Jay\Documents\Uty\VideoTools\VideoInspectorV2.1.1.117.exe   multiple threats
C:\Users\Jay\Documents\Uty\VideoTools\VideoInspectorV2.2.7.125.exe   multiple threats
C:\Users\Jay\Documents\Uty\VideoTools\Converter\FormatFactoryV2.1-withSoftonicToobar-setup.exe   Win32/Adware.ADON application
C:\Users\Jay\Documents\Uty\VideoTools\Converter\FreeVideoConverterV1.1-setup.exe   Win32/Toolbar.Widgi application
C:\Users\Jay\Documents\Uty\VideoTools\Converter\FreeVideosToDVDv2.1.exe   Win32/Toolbar.Widgi application
C:\Users\Jay\Documents\Uty\VideoTools\Converter\ion-software-AVM-converter.zip   Win32/KillFiles.NEM trojan
C:\Users\Jay\Documents\Uty\VideoTools\Desktop Recorder\DesktopActivityRecorderV2.6--setup-install-Yahoo.exe   Win32/Adware.OneStep application
C:\Users\Jay\Documents\Uty\VideoTools\Editor\DvdKnifeV3.0.exe   multiple threats
C:\Users\Jay\Documents\Uty\VideoTools\Flash\YouTubeDownloaderV2.6.3-setup.exe   a variant of Win32/Toolbar.Widgi application
C:\Users\Jay\Documents\Uty\VideoTools\Flash\YouTubeDownloaderV3.0.0-setup.exe   a variant of Win32/Toolbar.Widgi application
C:\Users\Jay\Documents\Uty\VideoTools\NetFlix\MyFlixerV1.0.0.2-setup.exe   probably unknown NewHeur_PE virus
C:\Users\Jay\Documents\Uty\Wallpaper\BioniX WallpaperV5.5.0-beta.exe   probably unknown NewHeur_PE virus
C:\Users\Jay\Documents\Uty\Wallpaper\PKLogoV1.2.exe   probably a variant of Win32/Agent.LDJNVIK trojan
C:\Users\Jay\Documents\Uty\Weather\WeatherPulse\WeatherPulseV2.10.11-setup.exe   Win32/Induc virus
C:\Users\Jay\Documents\Uty\Weather\WeatherPulse\WeatherPulseV2.10.8-beta2-setup.exe   Win32/Induc virus
C:\Users\Jay\Documents\Uty\WebSearch\FilesCrawler-setup-install-Yahoo.exe   Win32/Adware.OneStep application
C:\Users\Jay\Documents\Uty\WinOS-XP\Shortcuts\BadShortcutKillerv1.0.exe   Win32/Toolbar.Zugo application
C:\Users\Jay\Documents\Uty\WinOS-XP\Shortcuts\RemovalbleMedia\MyDrive.zip   INF/Autorun.gen trojan
C:\Users\Jay\Documents\Uty\WinOS-XP\Tools\CommandsInDemandV9.6.zip   a variant of Win32/Induc.A virus
 =====================================================
OTM log

All processes killed
========== SERVICES/DRIVERS ==========
Service SRDHAKMVTE stopped successfully!
Service SRDHAKMVTE deleted successfully!
Service PPHSZFV stopped successfully!
Service PPHSZFV deleted successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jay\Desktop\cmd.bat deleted successfully.
C:\Users\Jay\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Jay
->Temp folder emptied: 131980 bytes
->Temporary Internet Files folder emptied: 28689344 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 181089876 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 587 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1024 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33239 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
RecycleBin emptied: 54887 bytes
 
Total Files Cleaned = 200.00 mb
 
 
OTM by OldTimer - Version 3.1.19.0 log created on 05162012_210851

Files moved on Reboot...

Registry entries deleted on Reboot...

======================================================
DDS text

 .
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.4.1
Run by Jay at 21:14:26 on 2012-05-16
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.1.1033.18.3065.1594 [GMT -4:00]
.
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\DTS.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\AtService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files\DDNI\DIBS\DDNIService.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Intel\WiMAX\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Intel\WiMAX\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\MouseExtender Launcher Utility\MouseExtender.exe
C:\Program Files\WizMouse\WizMouse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\RotateImage\RCIMGDIR.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ClipMate7\ClipMate.exe
C:\Program Files\Weather Watcher Live\ww.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHSA.EXE
C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHSA.EXE
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\TechSmith\Snagit 10\snagiteditor.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Intel\AMT\LMS.exe
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.2.0.9\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.2.0.9\ips\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WinZip Courier BHO: {a8fb70fa-0fdf-4601-9dc4-bfa1b357204f} - c:\progra~1\winzip~1\wzwmcie.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.2.0.9\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll"
EB: ClipMate ClipBar 7: {f60c63ce-52af-4915-aac9-f100fcde270f} - c:\progra~1\clipma~1\CLIPMA~1.DLL
uRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ClipMate7] c:\program files\clipmate7\ClipMate.exe
uRun: [WeatherWatcherLive] "c:\program files\weather watcher live\ww.exe"
uRun: [EPLTarget\P0000000000000000] c:\windows\system32\spool\drivers\w32x86\3\e_tatihsa.exe /ept "epltarget\P0000000000000000" /M "WorkForce 845"
uRun: [EPLTarget\P0000000000000001] c:\windows\system32\spool\drivers\w32x86\3\e_tatihsa.exe /ept "epltarget\P0000000000000001" /M "WorkForce 845"
mRun: [picon] "c:\program files\common files\intel\privacy icon\PIconStartup.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [TPFNF7] c:\progra~1\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TpShocks] TpShocks.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [CameraApplicationLauncher] c:\program files\lenovo\camera center\bin\CameraApplicationLaunchpadLauncher.exe
mRun: [RoxioDragToDisc] c:\program files\lenovo\drag-to-disc\DrgToDsc.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWlIcon] c:\program files\thinkpad\connectutilities\ACWlIcon.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [AMSG] c:\progra~1\thinkv~1\amsg\Amsg.exe /startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Enterra Icon Keeper] "c:\program files\enterra\icon keeper\IcnKeepr.exe" ssp /s
mRun: [RotateImage] c:\program files\rotateimage\RCIMGDIR.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [FingerPrintSoftwareSplashScreen] "c:\program files\lenovo fingerprint software\splashscreen.exe" \s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [FUFAXRCV] "c:\program files\epson software\fax utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 10\Snagit32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
Trusted Zone: intuit.com\ttlc
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{14C2872F-B195-4BED-AE57-3213BAD89C0B} : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{3708F728-3D08-43CC-9071-44996DC3BB32} : DhcpNameServer = 75.75.76.76 75.75.75.75
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jay\appdata\roaming\mozilla\firefox\profiles\aymv771x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF4DF&PC=DCF4&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=DCF4DF&PC=DCF4&q=
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\winzip courier\npwzwmc.dll
FF - plugin: c:\users\jay\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-1-31 25416]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0602000.009\symds.sys [2012-4-28 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0602000.009\symefa.sys [2012-4-28 905336]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-3-29 20592]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.1.2\definitions\bashdefs\20120507.001\BHDrvx86.sys [2012-5-8 821880]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0602000.009\ccsetx86.sys [2012-4-28 132744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.1.2\definitions\ipsdefs\20120515.001\IDSvix86.sys [2012-5-15 368248]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-1-7 13680]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0602000.009\ironx86.sys [2012-4-28 149624]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0602000.009\symtdiv.sys [2012-4-28 345208]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2010-10-21 1824064]
R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
R2 DDNIService;DDNIService;c:\program files\ddni\dibs\DDNIService.exe [2011-8-17 166376]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\intel\wimax\wimax\bin\DMAgent.exe [2009-7-30 348160]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-1-31 280640]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2010-10-21 98304]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2008-1-20 21504]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2010-5-2 43584]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2010-9-10 127336]
R2 N360;Norton 360;c:\program files\norton 360\engine\6.2.0.9\ccsvchst.exe [2012-4-28 138232]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-10-4 1662528]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2011-5-13 165440]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-1-7 131432]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-5-19 142696]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-6-6 520192]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-10-4 2058776]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\intel\wimax\wimax\bin\AppSrv.exe [2009-7-30 815104]
R3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\RCUVCMNP.sys [2010-3-7 187776]
R3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2010-10-21 659968]
R3 bpenum;Intel(R) WiMAX Link Enumerator;c:\windows\system32\drivers\bpenum.sys [2009-7-30 56320]
R3 bpmp;Intel(R) WiMAX Link 5050 Series;c:\windows\system32\drivers\bpmp.sys [2009-7-30 142336]
R3 bpusb;Intel(R) WiMAX Link 5050 Series Function Driver;c:\windows\system32\drivers\bpusb.sys [2009-7-30 56320]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-3-7 29472]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2011-8-6 223432]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-3-4 106104]
R3 lnvobus;Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM);c:\windows\system32\drivers\lnvobus.sys [2009-10-4 282880]
R3 lnvocard;Ericsson F3507g Mobile Broadband Minicard Device Management;c:\windows\system32\drivers\lnvocard.sys [2009-10-4 356480]
R3 lnvogps;Ericsson F3507g Mobile Broadband Minicard GPS Port;c:\windows\system32\drivers\lnvogps.sys [2009-10-4 77864]
R3 lnvomdfl;Ericsson F3507g Mobile Broadband Minicard Modem Filter;c:\windows\system32\drivers\lnvomdfl.sys [2009-10-4 15104]
R3 lnvomdfl2;Ericsson F3507g Mobile Broadband Minicard Data Modem Filter;c:\windows\system32\drivers\lnvomdfl2.sys [2009-10-4 15104]
R3 lnvomdm;Ericsson F3507g Mobile Broadband Minicard Modem Driver;c:\windows\system32\drivers\lnvomdm.sys [2009-10-4 365056]
R3 lnvomdm2;Ericsson F3507g Mobile Broadband Minicard Data Modem;c:\windows\system32\drivers\lnvomdm2.sys [2009-10-4 430080]
R3 lnvond5;Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS);c:\windows\system32\drivers\lnvond5.sys [2009-10-4 25984]
R3 lnvounic;Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM);c:\windows\system32\drivers\lnvounic.sys [2009-10-4 375424]
R3 NETwLv32;    Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2010-10-7 6639616]
R3 Sony_EricssonWWSC;Ericsson F3507g Mobile Broadband Minicard PC SC Port;c:\windows\system32\drivers\lnvoscard.sys [2009-10-4 24232]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]
S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-24 48192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2012-2-6 101736]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-24 360448]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2010-10-21 106496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 257696]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2009-4-1 4172288]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2009-4-1 88576]
S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
S3 intelkmd;intelkmd;c:\windows\system32\drivers\igdpmd32.sys [2009-4-1 2473472]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-1 129976]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-3-17 6630912]
S3 PCDSRVC{3037D694-FD904ACA-06020200}_0;PCDSRVC{3037D694-FD904ACA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-3-31 22640]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2010-1-10 19968]
.
=============== Created Last 30 ================
.
2012-05-17 01:08:51   --------   d-----w-   C:\_OTM
2012-05-13 13:03:51   --------   d-sh--w-   C:\$RECYCLE.BIN
2012-05-13 12:59:54   --------   d-----w-   c:\users\jay\appdata\local\temp
2012-05-13 03:20:22   --------   d-----w-   c:\program files\Eraser
2012-05-13 03:19:19   --------   d-----w-   c:\program files\Auslogics
2012-05-13 00:24:00   98816   ----a-w-   c:\windows\sed.exe
2012-05-13 00:24:00   518144   ----a-w-   c:\windows\SWREG.exe
2012-05-13 00:24:00   256000   ----a-w-   c:\windows\PEV.exe
2012-05-13 00:24:00   208896   ----a-w-   c:\windows\MBR.exe
2012-05-09 00:34:40   3604352   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2012-05-09 00:34:40   3552640   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-05-09 00:34:40   2044928   ----a-w-   c:\windows\system32\win32k.sys
2012-05-06 13:42:17   --------   d-----w-   c:\users\jay\appdata\local\Lenovo
2012-04-29 01:56:50   --------   d-----w-   c:\users\jay\appdata\roaming\Malwarebytes
2012-04-29 01:56:46   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-04-29 01:56:46   --------   d-----w-   c:\programdata\Malwarebytes
2012-04-29 01:56:46   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-04-28 23:05:55   905336   ----a-r-   c:\windows\system32\drivers\n360\0602000.009\symefa.sys
2012-04-28 23:05:55   574072   ----a-w-   c:\windows\system32\drivers\n360\0602000.009\srtsp.sys
2012-04-28 23:05:55   345208   ----a-r-   c:\windows\system32\drivers\n360\0602000.009\symtdiv.sys
2012-04-28 23:05:55   340088   ----a-r-   c:\windows\system32\drivers\n360\0602000.009\symds.sys
2012-04-28 23:05:55   32888   ----a-w-   c:\windows\system32\drivers\n360\0602000.009\srtspx.sys
2012-04-28 23:05:55   318584   ----a-r-   c:\windows\system32\drivers\n360\0602000.009\symnets.sys
2012-04-28 23:05:55   149624   ----a-r-   c:\windows\system32\drivers\n360\0602000.009\ironx86.sys
2012-04-28 23:05:55   132744   ----a-r-   c:\windows\system32\drivers\n360\0602000.009\ccsetx86.sys
2012-04-28 23:05:51   4782   ----a-w-   c:\windows\system32\drivers\n360\0602000.009\symvtcer.dat
2012-04-28 23:05:51   --------   d-----w-   c:\windows\system32\drivers\n360\0602000.009
.
==================== Find3M  ====================
.
2012-05-05 21:48:21   70304   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 21:48:21   419488   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-04-04 22:47:08   772504   ----a-w-   c:\windows\system32\npdeployJava1.dll
2012-04-04 22:47:02   687504   ----a-w-   c:\windows\system32\deployJava1.dll
2012-03-30 12:39:11   905600   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-03-24 00:38:00   141944   ------w-   c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-20 23:28:50   53120   ----a-w-   c:\windows\system32\drivers\partmgr.sys
2012-03-15 10:07:00   3743296   ------w-   c:\windows\system32\PWMCP32V.cpl
2012-03-15 10:07:00   2693696   ------w-   c:\windows\PWMBTHLV.EXE
2012-03-15 10:07:00   25416   ------w-   c:\windows\system32\drivers\DOZEHDD.SYS
2012-03-15 10:07:00   17736   ------w-   c:\windows\system32\drivers\TPPWR32V.SYS
2012-03-01 14:46:01   219648   ----a-w-   c:\windows\system32\d3d10_1core.dll
2012-03-01 14:46:01   160768   ----a-w-   c:\windows\system32\d3d10_1.dll
2012-02-29 19:15:06   37440   ----a-w-   c:\windows\system32\tpinspm.dll
2012-02-29 19:15:02   40512   ----a-w-   c:\windows\system32\ibmpmsvc.exe
2012-02-29 19:14:20   35272   ----a-w-   c:\windows\system32\drivers\ibmpmdrv.sys
2012-02-29 15:11:45   5120   ------w-   c:\windows\system32\wmi.dll
2012-02-29 15:11:42   172032   ------w-   c:\windows\system32\wintrust.dll
2012-02-29 15:09:53   157696   ------w-   c:\windows\system32\imagehlp.dll
2012-02-29 14:08:47   1172480   ----a-w-   c:\windows\system32\d3d10warp.dll
2012-02-29 13:44:50   683008   ----a-w-   c:\windows\system32\d2d1.dll
2012-02-29 13:41:40   1069056   ----a-w-   c:\windows\system32\DWrite.dll
2012-02-29 13:32:37   12800   ------w-   c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18:55   1799168   ------w-   c:\windows\system32\jscript9.dll
2012-02-28 01:11:21   1427456   ------w-   c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07   1127424   ------w-   c:\windows\system32\wininet.dll
2012-02-28 01:03:16   2382848   ------w-   c:\windows\system32\mshtml.tlb
.
============= FINISH: 21:14:58.51 ===============

[kevinf80]

ESET has identified a lot of malicious files that must go, do the following:

Re-run OTM.....

Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator. Be aware all processes will stopped during run, also Desktop will disappear, this will be put back on completion....

• Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

Code: [Select]

:Files
C:\Users\Jay\Documents\Uty\Archiver\WinZipV10\Helper\WinZipV10.0-6667-keygen.zip
C:\Users\Jay\Documents\Uty\Archiver\WinZipV10\Helper\WinZipV10.x-keygen-chosen.zip
C:\Users\Jay\Documents\Uty\Archiver\WinZipV10\Helper\WinZipV10.x-keygen.zip
C:\Users\Jay\Documents\Uty\Audio\Converters\FoxTabAudioConverterV2.3.02-setup.exe
C:\Users\Jay\Documents\Uty\Audio\Converters\FreeMP3WMAConverterV1.72.exe
C:\Users\Jay\Documents\Uty\Audio\Converters\FreeMP3WMAConverterV1.81.exe
C:\Users\Jay\Documents\Uty\Audio\Converters\JodixFreeWMAtoMP3ConverterV1.08.exe
C:\Users\Jay\Documents\Uty\Audio\Converters\Video2mp3.exe
C:\Users\Jay\Documents\Uty\Audio\Converters\Wav2mp3converter.exe
C:\Users\Jay\Documents\Uty\Audio\Recorder\SonarcaFreeRecorderV3.3.5-setup.exe
C:\Users\Jay\Documents\Uty\Audio\Ripper\ExactAudioCopyV0.99-prebeta4.exe
C:\Users\Jay\Documents\Uty\Browser\InternetExplorer\Modifications\InternetOKv2.2-setup.zip
C:\Users\Jay\Documents\Uty\BrowserAuction\AScrapeV1.23.exe
C:\Users\Jay\Documents\Uty\BrowserPopUp\SafeGuardPopUpProFreeV7.71d.exe
C:\Users\Jay\Documents\Uty\BrowserToolbar\ExactSeekToolbarV2.3.exe
C:\Users\Jay\Documents\Uty\Calculator\FalcoCalculatorV3.7.1-setup.exe
C:\Users\Jay\Documents\Uty\CD-tools\Burner\BurnAwareV1.2.6-free.exe
C:\Users\Jay\Documents\Uty\CD-tools\Burner\FreeBurnerV3.8-withadware.exe
C:\Users\Jay\Documents\Uty\Clock\Alarm\AlarmclockV2.0.zip
C:\Users\Jay\Documents\Uty\Clock\Scheduler\dMaintenanceV1.2.zip
C:\Users\Jay\Documents\Uty\Command-line\NirCommandLineV1.20.zip
C:\Users\Jay\Documents\Uty\Desktop\AlternateDesktops\DesktopSwitcher-setup-install-Yahoo.exe
C:\Users\Jay\Documents\Uty\Desktop\Animate\LebndigV1.0_byDevrexster.exe
C:\Users\Jay\Documents\Uty\Desktop\Minimizer\4tTrayMinimizerFreeV4.27.exe
C:\Users\Jay\Documents\Uty\Desktop\VirtualDesktops\RealDesktopV1.28-free-setup.exe
C:\Users\Jay\Documents\Uty\Diagnostic\Enqueued\UnlockerV1.8.8.exe
C:\Users\Jay\Documents\Uty\Diagnostic\Enqueued\UnlockerV1.8.9.exe
C:\Users\Jay\Documents\Uty\Diagnostic\Enqueued\UnlockerV1.9.0-a.exe
C:\Users\Jay\Documents\Uty\Diagnostic\Enqueued\UnlockerV1.9.0-b.exe
C:\Users\Jay\Documents\Uty\Diagnostic\Enqueued\UnlockerV1.9.1.exe
C:\Users\Jay\Documents\Uty\Diagnostic\TaskManager\AuslogicsTaskManagerV2.0.6.exe
C:\Users\Jay\Documents\Uty\Diagnostic\TaskManager\ProcessFreezer.exe
C:\Users\Jay\Documents\Uty\Diskdrive\Partition\PowerQuest\DeployCenter\DeployCenterV5.50.zip
C:\Users\Jay\Documents\Uty\Diskdrive\Partition\PowerQuest\DeployCenter\DeployCenterV5.51.zip
C:\Users\Jay\Documents\Uty\Diskdrive\Virtual\Gmail\RoamDriveV1.0.18-files-to-from-Gmail-beta2.exe
C:\Users\Jay\Documents\Uty\Email\SmileyCentralV2.1.50.3--setup.exe
C:\Users\Jay\Documents\Uty\Email\GMail\Notifer\GmailGrowlV1.4.1.msi
C:\Users\Jay\Documents\Uty\Email\Spam\SpamdelV1.0.4beta.exe
C:\Users\Jay\Documents\Uty\FileChanger\TestFindV2.1-setup.exe
C:\Users\Jay\Documents\Uty\FileManagers\FreeCommander\FreeCommanderV2009.02-setup.zip
C:\Users\Jay\Documents\Uty\FileSplit\SplittingV4.30-install.exe
C:\Users\Jay\Documents\Uty\FileViewer\QVP6\quickviewplus6.0.1cracktnt.zip
C:\Users\Jay\Documents\Uty\Firewall\SystemSafetyMonitorV1.9.6-beta2.zip
C:\Users\Jay\Documents\Uty\Games\FalcoCrushesSetup.exe
C:\Users\Jay\Documents\Uty\Games\Bigger\AsciiDoom.exe
C:\Users\Jay\Documents\Uty\Games\Bigger\Camel.exe
C:\Users\Jay\Documents\Uty\Games\Bigger\HighwayPursuit.exe
C:\Users\Jay\Documents\Uty\Games\Speedup\GameBoosterV2.2.exe
C:\Users\Jay\Documents\Uty\Graphs\FalcoGraphBuilderSetup.exe
C:\Users\Jay\Documents\Uty\Humor\Software_Pranks\IFallingIcons.exe
C:\Users\Jay\Documents\Uty\Humor\Software_Pranks\IllegalOperationMsg.zip
C:\Users\Jay\Documents\Uty\Humor\Software_Pranks\MouseFinger.zip
C:\Users\Jay\Documents\Uty\Humor\Software_Pranks\MultiErrorPro.exe
C:\Users\Jay\Documents\Uty\Humor\Software_Pranks\PurpleScreen.exe
C:\Users\Jay\Documents\Uty\Humor\Software_Pranks\Windows_Failures.exe
C:\Users\Jay\Documents\Uty\InstallPgms\ExeBundleV2.82.exe
C:\Users\Jay\Documents\Uty\Karaoke\AVVideoKaraokeMakerV1.0.exe
C:\Users\Jay\Documents\Uty\Karaoke\MP3KaraokeV6.16-setup.exe
C:\Users\Jay\Documents\Uty\Languages\AmlMapleV2.65-build498-zip.exe
C:\Users\Jay\Documents\Uty\Messaging\Funny-MSN-Display-Pictures.zip
C:\Users\Jay\Documents\Uty\Monitor\Cpu\CoretempV1.2.36.exe
C:\Users\Jay\Documents\Uty\Monitor\Cpu\CpuSpeedProV3.0.4.4-setup.exe
C:\Users\Jay\Documents\Uty\Monitor\Cpu\CpuSpeedProV3.0.4.5-setup.exe
C:\Users\Jay\Documents\Uty\Monitor\Memory\MemoryMonitor-setup-install-Yahoo.exe
C:\Users\Jay\Documents\Uty\Monitor\Network\CyberBandwidthMonitor-setup-install-Yahoo.exe
C:\Users\Jay\Documents\Uty\Music\ScreamerMenuV1.2.exe
C:\Users\Jay\Documents\Uty\Music\Search\2findmp3V808-free.exe   multiple threats
C:\Users\Jay\Documents\Uty\Network\ProxyServer\UnblockWebsitesProxyV1.0-setup.exe
C:\Users\Jay\Documents\Uty\Network\ProxyServer\WebProxyCheckerV1.5.6.exe
C:\Users\Jay\Documents\Uty\Network\Sniffer\NetworkDigger-setup-install-Yahoo.exe
C:\Users\Jay\Documents\Uty\Network\VPN\HotSpotSheildV1.03-install.exe 
C:\Users\Jay\Documents\Uty\Network\VPN\HotSpotShieldV1.03b-install.exe   
C:\Users\Jay\Documents\Uty\PB software\Spyware applications\spysweeper\SpySweeperSetup.msi
C:\Users\Jay\Documents\Uty\PCMag\Purchased\HDHeartBeatV1.0.0.zip
C:\Users\Jay\Documents\Uty\PCMag-FallFreeware\Sky_Fire_Demo.exe
C:\Users\Jay\Documents\Uty\PictureTools\SlideShow\SimplySlideshowV1.1.22-setup.exe
C:\Users\Jay\Documents\Uty\Programs\Pgm-Tools\PEexplorer\Keys\PE_Explorer_v1.81.zip
C:\Users\Jay\Documents\Uty\Registry\Cleaner\FalcoRegistryDoctorSetup.exe
C:\Users\Jay\Documents\Uty\Registry\Repair\GlaryRegistryRepairV3.1.0.800-setup.exe
C:\Users\Jay\Documents\Uty\Registry\Scanner\RegScannerV1.70-setup.exe   
C:\Users\Jay\Documents\Uty\RemoteAccess\RemoteManager-setup-install-Yahoo.exe
C:\Users\Jay\Documents\Uty\ScreenCapture\DeskScanV1.34.zip
C:\Users\Jay\Documents\Uty\ScreenCapture\DesktopScreenshotWhiz-setup-install-Yahoo.exe
C:\Users\Jay\Documents\Uty\ScreenSaver\ChangeOfSeasonsScreensaver.zip
C:\Users\Jay\Documents\Uty\ScreenSaver\dolphinfree.exe
C:\Users\Jay\Documents\Uty\ScreenSaver\HauntedHouseScreenSaver-free.exe
C:\Users\Jay\Documents\Uty\ScreenSaver\HauntedHouseScreensaverV1.4.exe
C:\Users\Jay\Documents\Uty\ScreenSaver\Screensaver-Ford-f150v2.zip
C:\Users\Jay\Documents\Uty\Security\Encryption\Folder\FolderLockV5.16-trial.exe
C:\Users\Jay\Documents\Uty\Security\FoundStone\blastV2.0.zip
C:\Users\Jay\Documents\Uty\Security\FoundStone\MS05051ScanV1.0.zip   
C:\Users\Jay\Documents\Uty\Security\Hide\AndrewsAntiSnoopingToolV1.0-install.exe
C:\Users\Jay\Documents\Uty\Security\PasswordReset\ProtectedPasswordsV160.zip
C:\Users\Jay\Documents\Uty\Security\PasswordReset\ProtectedStoragePasswordViewerV160.zip
C:\Users\Jay\Documents\Uty\Security\SampleCode\AnnaKornikova.txt
C:\Users\Jay\Documents\Uty\Security\SampleCode\MarkerC.txt
C:\Users\Jay\Documents\Uty\Security\Surveillance\HookerV2.55.zip
C:\Users\Jay\Documents\Uty\Security\Surveillance\KeyloggerV1.6-trial.zip
C:\Users\Jay\Documents\Uty\Shared\SharedSystems\DietK-V3.0build8.exe
C:\Users\Jay\Documents\Uty\Spyware\StealthWebPageRecorderV1.0.exe
C:\Users\Jay\Documents\Uty\Television\MiroV3.5.1-installer.exe
C:\Users\Jay\Documents\Uty\Television\MiroV4.0.3-installer.exe
C:\Users\Jay\Documents\Uty\VideoCodecs\Windows7CodecPackV3.0.0-setup.exe
C:\Users\Jay\Documents\Uty\VideoDVD\DVD-Covers\eCoverV1.06-setup.exe
C:\Users\Jay\Documents\Uty\VideoTools\VideoInspectorV2.1.1.117.exe
C:\Users\Jay\Documents\Uty\VideoTools\VideoInspectorV2.2.7.125.exe
C:\Users\Jay\Documents\Uty\VideoTools\Converter\FormatFactoryV2.1-withSoftonicToobar-setup.exe
C:\Users\Jay\Documents\Uty\VideoTools\Converter\FreeVideoConverterV1.1-setup.exe
C:\Users\Jay\Documents\Uty\VideoTools\Converter\FreeVideosToDVDv2.1.exe 
C:\Users\Jay\Documents\Uty\VideoTools\Converter\ion-software-AVM-converter.zip
C:\Users\Jay\Documents\Uty\VideoTools\Desktop Recorder\DesktopActivityRecorderV2.6--setup-install-Yahoo.exe
C:\Users\Jay\Documents\Uty\VideoTools\Editor\DvdKnifeV3.0.exe
C:\Users\Jay\Documents\Uty\VideoTools\Flash\YouTubeDownloaderV2.6.3-setup.exe
C:\Users\Jay\Documents\Uty\VideoTools\Flash\YouTubeDownloaderV3.0.0-setup.exe
C:\Users\Jay\Documents\Uty\VideoTools\NetFlix\MyFlixerV1.0.0.2-setup.exe
C:\Users\Jay\Documents\Uty\Wallpaper\BioniX WallpaperV5.5.0-beta.exe
C:\Users\Jay\Documents\Uty\Wallpaper\PKLogoV1.2.exe
C:\Users\Jay\Documents\Uty\Weather\WeatherPulse\WeatherPulseV2.10.11-setup.exe
C:\Users\Jay\Documents\Uty\Weather\WeatherPulse\WeatherPulseV2.10.8-beta2-setup.exe
C:\Users\Jay\Documents\Uty\WebSearch\FilesCrawler-setup-install-Yahoo.exe
C:\Users\Jay\Documents\Uty\WinOS-XP\Shortcuts\BadShortcutKillerv1.0.exe
C:\Users\Jay\Documents\Uty\WinOS-XP\Shortcuts\RemovalbleMedia\MyDrive.zip
C:\Users\Jay\Documents\Uty\WinOS-XP\Tools\CommandsInDemandV9.6.zip
:Commands
[EmptyTemp]


• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTM
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Post that log and give an update on any remaining issues or concerns...

Kevin