[masterisosceles]

Dear Community,

I was wondering if you could assist me in the removal of a trojan.

I have run scans with AVG, and repeatedly detected the trojan, but when prompted by AVG as to whether I want to remove it or not, I receive the message that the file is inaccessible.

I now have several viruses in the avg vault, but none of them can be removed. I receive repeated "virus detected" messages from the program (about once every active 30 minutes) but I cannot remove the infections, only move them to the vault (and the notifications still continue).

Can anyone assist me?

Thanks.

[Advertisements]

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems. I'd be grateful if you would note the following:

• Logs from malware removal programs (DDS is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
• Please make sure to carefully read any instruction that I give you.
  Reading too lightly will cause you to miss important steps, which could have destructive effects.
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
• These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
• Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
• In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
• I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
  Because of this, you must reply within three days failure to reply will result in the topic being closed!
• Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days) and you need an explanation. If that's the case, just send me a message on here.
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


OTL Custom Scan

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under Custom Scan paste this in
  

  
  netsvcs
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\drivers\*.sys /180
  

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
• You may need two posts to fit them both in.

NEXT:



Scanning with GMER

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
• Now click the Scan button. If you see a rootkit warning window, click OK.
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
• Click the Copy button and paste the results into your next reply.
• Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The logs that were produced after running the OTL scans. (OTL.txt & Extras.txt)
3. The log that was produced after running GMER
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

[SweetTech]

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems. I'd be grateful if you would note the following:

• Logs from malware removal programs (DDS is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
• Please make sure to carefully read any instruction that I give you.
  Reading too lightly will cause you to miss important steps, which could have destructive effects.
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
• These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
• Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
• In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
• I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
  Because of this, you must reply within three days failure to reply will result in the topic being closed!
• Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days) and you need an explanation. If that's the case, just send me a message on here.
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


OTL Custom Scan

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under Custom Scan paste this in
  

  
  netsvcs
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\drivers\*.sys /180
  

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
• You may need two posts to fit them both in.

NEXT:



Scanning with GMER

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
• Now click the Scan button. If you see a rootkit warning window, click OK.
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
• Click the Copy button and paste the results into your next reply.
• Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The logs that were produced after running the OTL scans. (OTL.txt & Extras.txt)
3. The log that was produced after running GMER
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

[masterisosceles]

SweetTech,

Thank you for your prompt reply.

The materials that you requested are as follows:

OTL Logfile:
OTL logfile created on: 2010/05/24 11:30:49 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Ryan N Kelley\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000411 | Country: 米国 | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.95 Gb Total Space | 86.78 Gb Free Space | 39.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 9.77 Gb Total Space | 5.05 Gb Free Space | 51.66% Space Free | Partition Type: NTFS

Computer Name: RYANNKELLEY
Current User Name: Ryan N Kelley
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Ryan N Kelley\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Ryan N Kelley\Downloads\4dhjsehq.exe ()
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files\Anki\Anki.exe (Damien Elmes)
PRC - C:\Windows\System32\TpShocks.exe (Lenovo.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Windows\System32\ibmpmsvc.exe (Lenovo.)
PRC - C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\cammute.exe (Lenovo Group Limited)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\Rainlendar2\Rainlendar2.exe ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Anki\mecab\bin\mecab.exe ()
PRC - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe ()
PRC - C:\Windows\System32\atibtmon.exe (Advanced Micro Devices, Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\Users\Ryan N Kelley\Documents\KIC Ver. 2.2.2\KanjiInContext.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Anki\kakasi\bin\kakasi.exe ()
PRC - C:\Program Files\Wakan\wakan.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Ryan N Kelley\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (AcSvc) -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (IBMPMSVC) -- C:\Windows\System32\ibmpmsvc.exe (Lenovo.)
SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.CAMMUTE) -- C:\Program Files\Lenovo\HOTKEY\cammute.exe (Lenovo Group Limited)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (TPHDEXLGSVC) -- C:\Windows\System32\TPHDEXLG.exe (Lenovo.)
SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)


========== Driver Services (SafeList) ==========

DRV - (PCDSRVC{3037D694-FD904ACA-06020000}_0) -- c:\Program Files\PC-Doctor\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (AvgRkx86) -- C:\Windows\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (IBMPMDRV) -- C:\Windows\System32\drivers\ibmpmdrv.sys (Lenovo.)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation )
DRV - (usbsmi) -- C:\Windows\System32\drivers\SMIksdrv.sys (SMI)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (Shockprf) -- C:\Windows\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\Windows\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek )
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (netw5v32) Intel® -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/jp/ja [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/jp/ja [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/19 12:54:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/19 12:54:01 | 000,000,000 | ---D | M]

[2010/05/19 12:54:20 | 000,000,000 | ---D | M] -- C:\Users\Ryan N Kelley\AppData\Roaming\mozilla\Extensions
[2010/05/19 12:54:20 | 000,000,000 | ---D | M] -- C:\Users\Ryan N Kelley\AppData\Roaming\mozilla\Firefox\Profiles\6f2ywr9q.default\extensions
[2010/05/19 12:54:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/02 02:17:08 | 000,001,842 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-jp.xml
[2010/04/02 02:17:08 | 000,002,630 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google-jp.xml
[2010/04/02 02:17:08 | 000,001,269 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\oshiete-goo.xml
[2010/04/02 02:17:08 | 000,000,814 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\rakuten.xml
[2010/04/02 02:17:08 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-ja.xml
[2010/04/02 02:17:08 | 000,000,889 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-jp-auctions.xml
[2010/04/02 02:17:08 | 000,000,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-jp.xml

O1 HOSTS File: ([2009/06/11 06:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [Launch Backup Service Once] C:\Program Files\Lenovo\Rescue and Recovery\rrstrigger.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\Windows\System32\TpShocks.exe (Lenovo.)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: イメージを Bluetooth デバイスに送信(&B)... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: ページを Bluetooth デバイスに送信(&B)... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: このコンテンツを引用 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Live Writer でこのコンテンツに関する記事を書く(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 06:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/11 01:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{1640d487-2094-11df-9f7d-00269ed98ce7}\Shell - "" = AutoRun
O33 - MountPoints2\{1640d487-2094-11df-9f7d-00269ed98ce7}\Shell\AutoRun\command - "" = E:\launcher.exe -- File not found
O33 - MountPoints2\{b2af0d46-050b-11df-b388-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b2af0d46-050b-11df-b388-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/11 06:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/14 11:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/23 23:36:57 | 000,000,000 | ---D | C] -- C:\Users\Ryan N Kelley\AppData\Roaming\Malwarebytes
[2010/05/23 23:35:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/23 23:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/23 23:35:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/23 23:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/20 13:32:11 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/05/19 17:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
[2010/05/19 17:18:55 | 000,000,000 | ---D | C] -- C:\Users\Ryan N Kelley\AppData\Roaming\Update
[2010/05/19 12:54:15 | 000,000,000 | ---D | C] -- C:\Users\Ryan N Kelley\AppData\Roaming\Mozilla
[2010/05/19 12:54:15 | 000,000,000 | ---D | C] -- C:\Users\Ryan N Kelley\AppData\Local\Mozilla
[2010/05/19 12:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/05/19 08:38:26 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/05/19 02:48:56 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/05/18 15:34:23 | 000,000,000 | ---D | C] -- C:\Users\Ryan N Kelley\Tracing
[2010/05/18 14:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/05/15 20:24:18 | 000,000,000 | ---D | C] -- C:\Games
[2010/05/04 00:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/04 00:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/02 13:11:20 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/05/02 13:11:19 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/05/02 13:11:14 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/05/02 13:11:05 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/05/02 13:10:55 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/05/02 13:10:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/05/02 13:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/04/28 14:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/28 14:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\River Software
[2010/04/26 21:32:06 | 000,000,000 | ---D | C] -- C:\Users\Ryan N Kelley\AppData\Roaming\cYo
[2010/04/26 21:32:06 | 000,000,000 | ---D | C] -- C:\Users\Ryan N Kelley\AppData\Local\cYo
[2010/04/26 21:30:43 | 000,000,000 | ---D | C] -- C:\Program Files\ComicRack
[2010/04/26 10:37:29 | 000,000,000 | ---D | C] -- C:\Users\Ryan N Kelley\Documents\Theories of War and Peace copy
[2010/04/25 09:51:37 | 000,000,000 | ---D | C] -- C:\Users\Ryan N Kelley\Documents\GP Tabs
[2010/04/25 09:47:56 | 000,000,000 | ---D | C] -- C:\Program Files\Guitar Pro 5
[2010/04/25 08:51:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2010/05/24 11:33:57 | 002,359,296 | -HS- | M] () -- C:\Users\Ryan N Kelley\ntuser.dat
[2010/05/24 10:49:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/24 09:43:40 | 060,315,615 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/24 09:02:36 | 000,003,249 | ---- | M] () -- C:\Users\Ryan N Kelley\Documents\Kaspersky Report.html
[2010/05/24 06:27:52 | 000,019,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/24 06:27:52 | 000,019,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/24 06:18:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/24 06:18:16 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/24 06:16:38 | 001,801,192 | -H-- | M] () -- C:\Users\Ryan N Kelley\AppData\Local\IconCache.db
[2010/05/20 21:19:44 | 001,572,085 | ---- | M] () -- C:\Users\Ryan N Kelley\Desktop\1274357740129.jpg
[2010/05/20 21:09:28 | 000,993,399 | ---- | M] () -- C:\Users\Ryan N Kelley\Desktop\020.JPG
[2010/05/20 13:32:22 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2010/05/20 13:32:22 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2010/05/20 13:31:48 | 180,732,072 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/19 15:10:10 | 172,785,396 | ---- | M] () -- C:\Users\Ryan N Kelley\Desktop\t_reddeadr_vr_mvf4_gt_hd.wmv
[2010/05/19 14:28:27 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/19 14:28:27 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/19 14:25:51 | 000,008,487 | ---- | M] () -- C:\Users\Ryan N Kelley\Documents\VirtuaNES.ini
[2010/05/19 11:42:22 | 000,524,288 | -HS- | M] () -- C:\Users\Ryan N Kelley\ntuser.dat{0f210e93-62ed-11df-9faf-00269ed98ce7}.TMContainer00000000000000000002.regtrans-ms
[2010/05/19 11:42:22 | 000,524,288 | -HS- | M] () -- C:\Users\Ryan N Kelley\ntuser.dat{0f210e93-62ed-11df-9faf-00269ed98ce7}.TMContainer00000000000000000001.regtrans-ms
[2010/05/19 11:42:22 | 000,065,536 | -HS- | M] () -- C:\Users\Ryan N Kelley\ntuser.dat{0f210e93-62ed-11df-9faf-00269ed98ce7}.TM.blf
[2010/05/14 06:18:37 | 001,199,652 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/14 06:18:37 | 000,609,756 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/14 06:18:37 | 000,386,112 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2010/05/14 06:18:37 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2010/05/14 06:18:37 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/13 14:01:02 | 000,011,621 | ---- | M] () -- C:\Users\Ryan N Kelley\Documents\Square Numbers.docx
[2010/05/13 13:04:11 | 000,011,536 | ---- | M] () -- C:\Users\Ryan N Kelley\Documents\square explanation.docx
[2010/05/13 12:43:01 | 000,013,212 | ---- | M] () -- C:\Users\Ryan N Kelley\Documents\glint.ini
[2010/05/13 12:40:36 | 000,012,596 | ---- | M] () -- C:\Users\Ryan N Kelley\Documents\Lawless Questions.docx
[2010/05/13 00:58:09 | 000,155,221 | ---- | M] () -- C:\Users\Ryan N Kelley\Documents\Square-enix Financial Analysis.pptx
[2010/05/11 17:23:23 | 000,010,646 | ---- | M] () -- C:\Users\Ryan N Kelley\Documents\MBA Management.docx
[2010/05/08 10:11:33 | 000,012,160 | ---- | M] () -- C:\Users\Ryan N Kelley\Documents\Outline.docx
[2010/05/07 14:27:42 | 000,014,894 | ---- | M] () -- C:\Users\Ryan N Kelley\Documents\I promised myself that I would write every day.docx
[2010/05/07 13:52:29 | 000,014,103 | ---- | M] () -- C:\Users\Ryan N Kelley\Documents\SquareEnix Report.docx
[2010/05/07 13:22:30 | 000,015,236 | ---- | M] () -- C:\Users\Ryan N Kelley\Documents\Ryan Nathaniel Kelley Resume 10.5.6.docx
[2010/05/02 13:11:20 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/05/02 13:11:19 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/05/02 13:11:14 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/05/02 13:11:05 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/05/02 13:10:55 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/05/02 13:10:55 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/26 06:01:01 | 000,434,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/25 09:48:23 | 000,114,616 | ---- | M] () -- C:\Users\Ryan N Kelley\AppData\Local\GDIPFONTCACHEV1.DAT

========== Files Created - No Company Name ==========

[2010/05/24 09:02:36 | 000,003,249 | ---- | C] () -- C:\Users\Ryan N Kelley\Documents\Kaspersky Report.html
[2010/05/20 21:19:44 | 001,572,085 | ---- | C] () -- C:\Users\Ryan N Kelley\Desktop\1274357740129.jpg
[2010/05/20 21:09:25 | 000,993,399 | ---- | C] () -- C:\Users\Ryan N Kelley\Desktop\020.JPG
[2010/05/20 13:31:48 | 180,732,072 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/05/19 17:30:29 | 000,000,528 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2010/05/19 17:30:14 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2010/05/19 15:06:25 | 172,785,396 | ---- | C] () -- C:\Users\Ryan N Kelley\Desktop\t_reddeadr_vr_mvf4_gt_hd.wmv
[2010/05/19 14:28:27 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/05/19 14:28:27 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/05/19 11:34:04 | 000,524,288 | -HS- | C] () -- C:\Users\Ryan N Kelley\ntuser.dat{0f210e93-62ed-11df-9faf-00269ed98ce7}.TMContainer00000000000000000002.regtrans-ms
[2010/05/19 11:34:03 | 000,524,288 | -HS- | C] () -- C:\Users\Ryan N Kelley\ntuser.dat{0f210e93-62ed-11df-9faf-00269ed98ce7}.TMContainer00000000000000000001.regtrans-ms
[2010/05/19 11:34:02 | 000,065,536 | -HS- | C] () -- C:\Users\Ryan N Kelley\ntuser.dat{0f210e93-62ed-11df-9faf-00269ed98ce7}.TM.blf
[2010/05/13 13:04:10 | 000,011,536 | ---- | C] () -- C:\Users\Ryan N Kelley\Documents\square explanation.docx
[2010/05/13 00:58:33 | 000,011,621 | ---- | C] () -- C:\Users\Ryan N Kelley\Documents\Square Numbers.docx
[2010/05/13 00:35:28 | 000,155,221 | ---- | C] () -- C:\Users\Ryan N Kelley\Documents\Square-enix Financial Analysis.pptx
[2010/05/12 22:48:48 | 000,012,596 | ---- | C] () -- C:\Users\Ryan N Kelley\Documents\Lawless Questions.docx
[2010/05/11 17:23:22 | 000,010,646 | ---- | C] () -- C:\Users\Ryan N Kelley\Documents\MBA Management.docx
[2010/05/08 10:11:32 | 000,012,160 | ---- | C] () -- C:\Users\Ryan N Kelley\Documents\Outline.docx
[2010/05/07 13:52:28 | 000,014,103 | ---- | C] () -- C:\Users\Ryan N Kelley\Documents\SquareEnix Report.docx
[2010/05/07 13:22:29 | 000,015,236 | ---- | C] () -- C:\Users\Ryan N Kelley\Documents\Ryan Nathaniel Kelley Resume 10.5.6.docx
[2010/05/02 13:10:55 | 060,315,615 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/02 13:10:55 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/04/27 22:40:01 | 000,014,894 | ---- | C] () -- C:\Users\Ryan N Kelley\Documents\I promised myself that I would write every day.docx
[2010/01/20 00:16:22 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/01/20 00:11:58 | 000,163,840 | ---- | C] () -- C:\Windows\System32\SM37XCoInst.dll
[2009/07/14 08:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 08:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/11 06:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/14 10:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/07/21 15:20:38 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/11 06:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/05/24 06:18:16 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/19 14:28:27 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/19 14:28:27 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/24 06:18:18 | 1877,393,408 | -HS- | M] () -- C:\pagefile.sys
[2010/03/27 17:30:47 | 000,000,006 | ---- | M] () -- C:\SISHashTodo
[2010/03/27 17:30:47 | 000,000,610 | ---- | M] () -- C:\SISTodo

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /180 >
[2009/12/02 02:50:03 | 000,274,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2010/05/02 13:11:05 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/05/02 13:10:55 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/05/02 13:11:19 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/05/02 13:11:14 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/02/19 12:07:42 | 000,516,152 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\System32\drivers\CHDRT32.sys
[2009/12/11 16:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/27 16:32:05 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/27 16:32:26 | 000,221,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/27 16:32:12 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2010/01/20 00:32:32 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) -- C:\Windows\System32\drivers\psadd.sys
[2009/12/08 17:05:40 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/12/08 17:05:09 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2009/11/25 16:37:18 | 000,230,576 | ---- | M] (Synaptics Incorporated) -- C:\Windows\System32\drivers\SynTP.sys
[2010/03/03 03:20:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\drivers\TPPWR32V.SYS
[2009/12/04 15:51:10 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbehci.sys
[2009/12/04 15:51:54 | 000,258,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbhub.sys

========== Files - Unicode (All) ==========
[2010/05/13 07:56:19 | 002,011,240 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\?????.pptx) -- C:\Users\Ryan N Kelley\Documents\普天間発表.pptx
[2010/05/11 16:29:26 | 000,011,212 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\???????????????????.docx) -- C:\Users\Ryan N Kelley\Documents\見せかけの同盟はもう維持出来ない副文献.docx
[2010/05/11 16:29:24 | 000,011,212 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\???????????????????.docx) -- C:\Users\Ryan N Kelley\Documents\見せかけの同盟はもう維持出来ない副文献.docx
[2010/05/11 16:10:12 | 000,013,104 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\????????????????·?????·????·???.docx) -- C:\Users\Ryan N Kelley\Documents\見せかけの同盟はもう維持できない・単語シート・ライアン・ケリー.docx
[2010/05/11 16:10:10 | 000,013,104 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\????????????????·?????·????·???.docx) -- C:\Users\Ryan N Kelley\Documents\見せかけの同盟はもう維持できない・単語シート・ライアン・ケリー.docx
[2010/05/10 10:34:07 | 002,011,240 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\?????.pptx) -- C:\Users\Ryan N Kelley\Documents\普天間発表.pptx
[2010/05/08 10:11:39 | 000,025,305 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\???????????????2????.docx) -- C:\Users\Ryan N Kelley\Documents\米軍は日本から引き揚げると見る２つの根拠.docx
[2010/05/07 17:01:16 | 000,025,305 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\???????????????2????.docx) -- C:\Users\Ryan N Kelley\Documents\米軍は日本から引き揚げると見る２つの根拠.docx
[2010/04/28 09:43:14 | 000,012,131 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\?????????.docx) -- C:\Users\Ryan N Kelley\Documents\原発バブルと民主党.docx
[2010/04/27 12:46:09 | 000,012,131 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\?????????.docx) -- C:\Users\Ryan N Kelley\Documents\原発バブルと民主党.docx
[2010/04/26 21:26:41 | 000,032,731 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\?????????????.docx) -- C:\Users\Ryan N Kelley\Documents\『財務諸表の読み方』の概要.docx
[2010/04/19 14:34:03 | 000,013,374 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\??????·????????.docx) -- C:\Users\Ryan N Kelley\Documents\パナソニック・損益計算書の分析.docx
[2010/04/19 12:57:49 | 000,119,924 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\????????????.pptx) -- C:\Users\Ryan N Kelley\Documents\パナソニック株式会社分析.pptx
[2010/04/19 10:40:53 | 000,119,924 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\????????????.pptx) -- C:\Users\Ryan N Kelley\Documents\パナソニック株式会社分析.pptx
[2010/04/19 10:33:19 | 000,011,112 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\??????·???????.docx) -- C:\Users\Ryan N Kelley\Documents\パナソニック・損益計算書比較.docx
[2010/04/19 10:33:18 | 000,011,112 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\??????·???????.docx) -- C:\Users\Ryan N Kelley\Documents\パナソニック・損益計算書比較.docx
[2010/04/19 07:20:17 | 000,013,374 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\??????·????????.docx) -- C:\Users\Ryan N Kelley\Documents\パナソニック・損益計算書の分析.docx
[2010/04/19 06:38:40 | 000,187,412 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\??????.pdf) -- C:\Users\Ryan N Kelley\Documents\パナソニック.pdf
[2010/04/19 06:38:40 | 000,187,412 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\??????.pdf) -- C:\Users\Ryan N Kelley\Documents\パナソニック.pdf
[2010/04/15 10:02:17 | 000,011,413 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\??????????·????.docx) -- C:\Users\Ryan N Kelley\Documents\「学生の声」ライアン・ケリー編.docx
[2010/04/15 10:02:16 | 000,011,413 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\??????????·????.docx) -- C:\Users\Ryan N Kelley\Documents\「学生の声」ライアン・ケリー編.docx
[2010/04/09 07:58:00 | 000,011,973 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\????·???·???????.docx) -- C:\Users\Ryan N Kelley\Documents\ライアン・ケリー・研究目的の提示.docx
[2010/04/09 07:57:58 | 000,011,973 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\????·???·???????.docx) -- C:\Users\Ryan N Kelley\Documents\ライアン・ケリー・研究目的の提示.docx
[2010/04/06 08:53:38 | 000,000,162 | -H-- | M] ()(C:\Users\Ryan N Kelley\Documents\~$????.docx) -- C:\Users\Ryan N Kelley\Documents\~$中根知恵.docx
[2010/04/06 08:53:38 | 000,000,162 | -H-- | C] ()(C:\Users\Ryan N Kelley\Documents\~$????.docx) -- C:\Users\Ryan N Kelley\Documents\~$中根知恵.docx
[2010/04/06 08:53:37 | 000,012,013 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\????.docx) -- C:\Users\Ryan N Kelley\Documents\中根知恵.docx
[2010/04/06 08:53:33 | 000,012,013 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\????.docx) -- C:\Users\Ryan N Kelley\Documents\中根知恵.docx
[2010/04/05 13:13:18 | 000,032,731 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\?????????????.docx) -- C:\Users\Ryan N Kelley\Documents\『財務諸表の読み方』の概要.docx
[2010/04/02 16:08:09 | 000,011,199 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\????.docx) -- C:\Users\Ryan N Kelley\Documents\財務諸表.docx
[2010/04/02 16:08:09 | 000,000,162 | -H-- | M] ()(C:\Users\Ryan N Kelley\Documents\~$????.docx) -- C:\Users\Ryan N Kelley\Documents\~$財務諸表.docx
[2010/04/02 16:08:09 | 000,000,162 | -H-- | C] ()(C:\Users\Ryan N Kelley\Documents\~$????.docx) -- C:\Users\Ryan N Kelley\Documents\~$財務諸表.docx
[2010/04/02 16:08:08 | 000,011,199 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\????.docx) -- C:\Users\Ryan N Kelley\Documents\財務諸表.docx
[2010/04/02 11:31:53 | 000,011,398 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\????????????????????????.docx) -- C:\Users\Ryan N Kelley\Documents\証券発行を希望している会社はまず投資機関に相談し.docx
[2010/04/02 11:31:51 | 000,011,398 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\????????????????????????.docx) -- C:\Users\Ryan N Kelley\Documents\証券発行を希望している会社はまず投資機関に相談し.docx
[2010/04/02 10:06:18 | 000,011,826 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\????·??1.docx) -- C:\Users\Ryan N Kelley\Documents\ライアン・ケリ1.docx
[2010/04/02 10:06:16 | 000,011,826 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\????·??1.docx) -- C:\Users\Ryan N Kelley\Documents\ライアン・ケリ1.docx
[2010/04/02 09:54:21 | 000,012,066 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\????·???????????.docx) -- C:\Users\Ryan N Kelley\Documents\ライアン・ケリー「お勧めの場所」.docx
[2010/04/02 09:54:17 | 000,012,066 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\????·???????????.docx) -- C:\Users\Ryan N Kelley\Documents\ライアン・ケリー「お勧めの場所」.docx
[2010/04/02 09:51:34 | 000,012,066 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\????·???.docx) -- C:\Users\Ryan N Kelley\Documents\ライアン・ケリー.docx
[2010/04/02 08:19:23 | 000,012,066 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\????·???.docx) -- C:\Users\Ryan N Kelley\Documents\ライアン・ケリー.docx
[2010/03/31 09:47:21 | 000,012,929 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\????·???????·????152???.docx) -- C:\Users\Ryan N Kelley\Documents\ライアン・ケリー待遇表現・応用練習１５２ページ.docx
[2010/03/31 09:47:19 | 000,012,929 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\????·???????·????152???.docx) -- C:\Users\Ryan N Kelley\Documents\ライアン・ケリー待遇表現・応用練習１５２ページ.docx
[2010/03/31 09:47:08 | 000,012,929 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\????·????152???.docx) -- C:\Users\Ryan N Kelley\Documents\待遇表現・応用練習１５２ページ.docx
[2010/03/31 08:00:45 | 000,012,929 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\????·????152???.docx) -- C:\Users\Ryan N Kelley\Documents\待遇表現・応用練習１５２ページ.docx
[2010/03/29 16:43:21 | 000,084,750 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\????·??????10?3?.pdf) -- C:\Users\Ryan N Kelley\Documents\ライアン・ケリー履歴書１０年３月.pdf
[2010/03/29 16:43:21 | 000,084,750 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\????·??????10?3?.pdf) -- C:\Users\Ryan N Kelley\Documents\ライアン・ケリー履歴書１０年３月.pdf
[2010/03/29 16:23:45 | 000,084,693 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\???????.pdf) -- C:\Users\Ryan N Kelley\Documents\履歴書一般模範.pdf
[2010/03/29 16:23:45 | 000,084,693 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\???????.pdf) -- C:\Users\Ryan N Kelley\Documents\履歴書一般模範.pdf
[2010/03/29 15:56:55 | 000,011,199 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\??????.docx) -- C:\Users\Ryan N Kelley\Documents\会計学の授業.docx
[2010/03/29 15:56:53 | 000,011,199 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\??????.docx) -- C:\Users\Ryan N Kelley\Documents\会計学の授業.docx
[2010/03/09 10:50:54 | 000,000,000 | ---D | M](C:\Users\Ryan N Kelley\Documents\??) -- C:\Users\Ryan N Kelley\Documents\写真
[2010/03/09 10:39:55 | 000,000,000 | ---D | C](C:\Users\Ryan N Kelley\Documents\??) -- C:\Users\Ryan N Kelley\Documents\写真
[2010/03/09 10:15:15 | 000,000,000 | ---D | M](C:\Users\Ryan N Kelley\Documents\????·??3??) -- C:\Users\Ryan N Kelley\Documents\政治経済・教材３学期
[2010/03/09 10:08:11 | 000,000,000 | ---D | C](C:\Users\Ryan N Kelley\Documents\????·??3??) -- C:\Users\Ryan N Kelley\Documents\政治経済・教材３学期
[2010/03/08 14:22:58 | 000,027,169 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\????????????·?????.odt) -- C:\Users\Ryan N Kelley\Documents\デフレ地獄脱出への処方箋・予習シート.odt
[2010/03/04 10:12:44 | 000,027,169 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\????????????·?????.odt) -- C:\Users\Ryan N Kelley\Documents\デフレ地獄脱出への処方箋・予習シート.odt
[2010/03/02 12:39:25 | 126,318,468 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\???????.wmv) -- C:\Users\Ryan N Kelley\Documents\マネーゲーム②.wmv
[2010/02/26 12:58:42 | 076,170,946 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\???????.wmv) -- C:\Users\Ryan N Kelley\Documents\マネーゲーム①.wmv
[2010/02/23 23:29:41 | 000,000,000 | -HSD | M](C:\Users\Ryan N Kelley\???? ????) -- C:\Users\Ryan N Kelley\スタート メニュー
[2010/02/23 23:27:39 | 000,000,000 | -HSD | M](C:\ProgramData\??????) -- C:\ProgramData\デスクトップ
[2010/02/23 23:27:39 | 000,000,000 | -HSD | M](C:\ProgramData\???? ????) -- C:\ProgramData\スタート メニュー
[2010/01/20 00:50:10 | 000,000,020 | ---- | M] ()(C:\Windows\??) -- C:\Windows\ｨ
[2010/01/20 00:50:10 | 000,000,020 | ---- | C] ()(C:\Windows\??) -- C:\Windows\ｨ
[2007/12/17 15:47:42 | 126,318,468 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\???????.wmv) -- C:\Users\Ryan N Kelley\Documents\マネーゲーム②.wmv
[2007/12/17 14:55:03 | 076,170,946 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\???????.wmv) -- C:\Users\Ryan N Kelley\Documents\マネーゲーム①.wmv
(C:\Users\Ryan N Kelley\???? ????) -- C:\Users\Ryan N Kelley\スタート メニュー
(C:\ProgramData\??????) -- C:\ProgramData\デスクトップ
(C:\ProgramData\???? ????) -- C:\ProgramData\スタート メニュー

< End of report >

OTL Extras:

OTL Extras logfile created on: 2010/05/24 11:30:49 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Ryan N Kelley\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000411 | Country: 米国 | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.95 Gb Total Space | 86.78 Gb Free Space | 39.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 9.77 Gb Total Space | 5.05 Gb Free Space | 51.66% Space Free | Partition Type: NTFS

Computer Name: RYANNKELLEY
Current User Name: Ryan N Kelley
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{}" = ThinkPad Wireless LAN Adapter Software
"{03307ADB-5DCC-44B2-4A6E-DEF5FBDEBF8F}" = Catalyst Control Center Graphics Full New
"{09D12A04-7868-7E7A-FBEE-2D8B84A0CEC1}" = ccc-core-static
"{13EDE453-1B5D-C894-399C-6F97B8F5AABD}" = CCC Help English
"{174E7E6E-EE32-E978-1775-7354B4BB708E}" = CCC Help Portuguese
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav ???????
"{18554B3F-46EA-40A9-B4EA-7EEE83C0559D}" = Client Security - Password Manager
"{1E0BAB0C-62D6-050E-0F03-300D49C4367A}" = Catalyst Control Center Localization All
"{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live アップロード ツール
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 20
"{283276C7-67EF-4EE4-8663-E46013148330}" = Windows Live サインイン アシスタント
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2B3FC7F2-B03D-5317-BC39-28E424D560DE}" = CCC Help Italian
"{35EF2C07-76FE-4CD6-9648-07001437ED3D}" = iTuner
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{449F6C53-3BDE-7CFA-442B-86FEEC99BE40}" = Catalyst Control Center Graphics Full Existing
"{457C231F-853D-4FB6-8E8D-72B73A113637}" = Windows Live Messenger
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage ハードディスク・アクティブプロテクション・システム
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57FA0525-01F9-4051-8DE9-CBF43CAC68D9}" = Catalyst Control Center - Branding
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6672CCD8-3F97-C941-316D-2ADD845C2806}" = CCC Help German
"{67CC1309-4B7B-8E02-05F4-24893D7E2695}" = Catalyst Control Center Graphics Light
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AD782EA-43B4-0FE7-0D66-BED8FA74B4D7}" = CCC Help Russian
"{76CAAA8A-8DFB-608B-ADB5-0BF970F51816}" = CCC Help Chinese Standard
"{78FD9D18-8EF1-5B9D-04D4-4B3AA0EF91EF}" = CCC Help Thai
"{7A6DF1F2-CD27-7B7D-5D38-3EF996C4BA09}" = CCC Help Norwegian
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8644F312-3393-423A-89CB-250C0FE58C09}" = Windows Live メール
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89E3D86B-F03E-4956-20BB-FC63C57EE600}" = Catalyst Control Center Core Implementation
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C050D9C-3C82-EB28-3E42-DB750646ED58}" = CCC Help Swedish
"{8CDAA241-56BA-2753-159E-D94A331C857B}" = CCC Help Polish
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90FD3224-976C-42AE-AFD1-69F91D4915DF}" = Windows Live ムービー メーカー
"{9202762E-4B4C-48C9-A6CC-C27F9F85190A}" = Mobile Broadband Connect
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96514462-396E-58AB-E7D8-40E68DF0540E}" = CCC Help Danish
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{974321BB-4C1B-E2DD-8681-9299A0612220}" = CCC Help Turkish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{A0288703-7C15-BB9C-67F4-87BD77254B5B}" = CCC Help Hungarian
"{AA4BB734-4ECD-ED8E-CDF6-9B46A7EA4723}" = CCC Help Dutch
"{AA771B73-87FD-176A-080D-CB7B565B9D02}" = CCC Help Japanese
"{AC76BA86-7AD7-1041-7B44-A93000000001}" = Adobe Reader 9.3.2 - Japanese
"{AEDA8B17-9571-4839-9240-F93E41198E19}" = Windows Live Sync
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B8ED7934-A409-485D-8A9B-B6E13FD70649}" = Windows Live おすすめパック
"{B9CF1C2E-6B3C-409C-A12B-836DAFC18059}" = Windows Live フォト ギャラリー
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4C6D61E-812A-7D27-1253-8DC94BC2949C}" = ATI Catalyst Install Manager
"{C64A877E-DF8D-4017-AA82-000A77C6D809}" = Verizon Wireless Mobile Broadband Self Activation
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CF45FA39-F1DF-68F3-8D58-376FAA730B82}" = Catalyst Control Center InstallProxy
"{D0CFEF60-D6C3-6B73-3942-39F1996C2590}" = CCC Help French
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D54B026D-BBEC-F673-F6AF-01E70DCA8AC7}" = CCC Help Czech
"{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation
"{DA30454E-6F71-352B-E9D8-587D27A29167}" = CCC Help Chinese Traditional
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad �È“d—̓}ƒl�[ƒWƒƒ�[
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EC40CFB8-D427-2369-035B-3C687136189D}" = CCC Help Finnish
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE0693CF-56A7-F290-C26C-908CA6CB1852}" = CCC Help Greek
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2091915-62C0-8B8C-CDAE-E25DCC2671CF}" = ccc-utility
"{F7237FF7-DEF7-E05A-9695-404D02D48739}" = Catalyst Control Center Graphics Previews Vista
"{F744737E-97E7-4C9E-AC96-C986B189E410}" = Windows Live Toolbar
"{F964875D-648A-E867-9158-C2EFA46DCF67}" = CCC Help Korean
"{FC05D86B-2D16-477D-A3D2-7D12970583D0}" = Windows Live Writer
"{FD0F6896-7BAF-7D9C-A6A9-A50B8854F8E4}" = CCC Help Spanish
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = Integrated Camera
"{FF7DB6B3-1288-4A82-A42A-14F76420DC42}" = Windows Live Call
"114EB224AD576F278686036AA9E1EFB7847E3935" = Windows ドライバ パッケージ - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)
"755087041320E005CB1E8A67C5C55A260EB81B90" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Anki" = Anki
"ATI Uninstaller" = ATI Uninstaller
"AVG9Uninstall" = AVG 9.0
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"Chipamp" = Chipamp
"CNXT_AUDIO_HDA" = Conexant CX20582 SmartAudio HD
"ComicRack" = ComicRack v0.9.119
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FLAC" = FLAC 1.2.1b (remove only)
"GOM Player" = GOM PLAYER
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HUAWEI DataCard Driver" = HUAWEI DataCard Driver 3.05
"InFlac" = InFlac 1.1.1
"JDownloader" = JDownloader
"Lenovo Welcome_is1" = Lenovo Welcome
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"OnScreenDisplay" = オン スクリーン表示
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"PowerISO" = PowerISO
"Rainlendar2" = Rainlendar2 (remove only)
"Rainmeter" = Rainmeter (remove only)
"Revo Uninstaller" = Revo Uninstaller 1.88
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"W7DevOR" = Registry Patch to arrange icons in Device and Printers folder of Windows 7
"Wakan" = Wakan 1.67
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live おすすめパック
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010/05/17 19:27:16 | Computer Name = RyanNKelley | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11996

Error - 2010/05/17 19:27:16 | Computer Name = RyanNKelley | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11996

Error - 2010/05/17 19:27:18 | Computer Name = RyanNKelley | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2010/05/17 19:27:18 | Computer Name = RyanNKelley | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13151

Error - 2010/05/17 19:27:18 | Computer Name = RyanNKelley | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13151

Error - 2010/05/17 19:27:19 | Computer Name = RyanNKelley | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2010/05/17 19:27:19 | Computer Name = RyanNKelley | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14367

Error - 2010/05/17 19:27:19 | Computer Name = RyanNKelley | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14367

Error - 2010/05/17 19:27:20 | Computer Name = RyanNKelley | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2010/05/17 19:27:20 | Computer Name = RyanNKelley | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15740

[ OSession Events ]
Error - 2010/04/05 19:54:34 | Computer Name = RyanNKelley | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 70926
seconds with 5940 seconds of active time. This session ended with a crash.

Error - 2010/05/12 10:21:16 | Computer Name = RyanNKelley | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 42991
seconds with 2340 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2010/05/15 7:03:31 | Computer Name = RyanNKelley | Source = Service Control Manager | ID = 7026
Description = ?????????????????????????????????????: cdrom

Error - 2010/05/18 0:16:02 | Computer Name = RyanNKelley | Source = Service Control Manager | ID = 7011
Description = Wlansvc ???????????????????????????? (30000 ???) ???????

Error - 2010/05/18 20:11:08 | Computer Name = RyanNKelley | Source = Service Control Manager | ID = 7026
Description = ?????????????????????????????????????: cdrom

Error - 2010/05/18 21:11:49 | Computer Name = RyanNKelley | Source = ACPI | ID = 327693
Description = : ??????????? (EC) ??????????????????????????EC ???????????????????????????BIOS
? EC ???????????????????????????????? BIOS ????????????????????????????????????????????????????????????????????

Error - 2010/05/18 21:11:50 | Computer Name = RyanNKelley | Source = Service Control Manager | ID = 7026
Description = ?????????????????????????????????????: cdrom

Error - 2010/05/18 21:12:23 | Computer Name = RyanNKelley | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 2010/05/18 21:16:35 | Computer Name = RyanNKelley | Source = DCOM | ID = 10016
Description =

Error - 2010/05/18 21:16:37 | Computer Name = RyanNKelley | Source = DCOM | ID = 10016
Description =

Error - 2010/05/18 21:16:40 | Computer Name = RyanNKelley | Source = DCOM | ID = 10016
Description =

Error - 2010/05/18 21:16:40 | Computer Name = RyanNKelley | Source = DCOM | ID = 10016
Description =


< End of report >

GMER Log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-24 11:59:33
Windows 6.1.7600
Running: 4dhjsehq.exe; Driver: C:\Users\RYANNK~1\AppData\Local\Temp\pflyiaow.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342DAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342D104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342D3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83415634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83415898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342D1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342D958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342D6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342DF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342E1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8348D599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834B1F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\drivers\vrisqqb.sys ???????????????? !
.rsrc C:\Windows\System32\drivers\discache.sys entry point in ".rsrc" section [0x8E3CD014]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8FA2E000, 0x2CC244, 0xE8000020]
.text peauth.sys 99A96C9D 28 Bytes [55, BA, 55, B4, 28, 52, 4A, ...]
.text peauth.sys 99A96CC1 28 Bytes [55, BA, 55, B4, 28, 52, 4A, ...]
.text autochk.exe 00691204 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text autochk.exe 0069120C 1 Byte [00]
.text autochk.exe 00691210 1 Byte [00]
.text autochk.exe 00691214 2 Bytes [00, 00] {ADD [EAX], AL}
.text autochk.exe 00691218 2 Bytes [00, 00] {ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1392] ntdll.dll!NtProtectVirtualMemory 77655360 5 Bytes JMP 0025000A
.text C:\Windows\system32\svchost.exe[1392] ntdll.dll!NtWriteVirtualMemory 77655EE0 5 Bytes JMP 0026000A
.text C:\Windows\system32\svchost.exe[1392] ntdll.dll!KiUserExceptionDispatcher 77656448 5 Bytes JMP 0024000A
.text C:\Windows\system32\svchost.exe[1392] ole32.dll!CoCreateInstance 75F257FC 5 Bytes JMP 0066000A
.text C:\Windows\system32\svchost.exe[1392] USER32.dll!GetCursorPos 7776C198 5 Bytes JMP 005D000A
.text C:\Windows\Explorer.EXE[2636] ntdll.dll!NtProtectVirtualMemory 77655360 5 Bytes JMP 0052000A
.text C:\Windows\Explorer.EXE[2636] ntdll.dll!NtWriteVirtualMemory 77655EE0 5 Bytes JMP 0053000A
.text C:\Windows\Explorer.EXE[2636] ntdll.dll!KiUserExceptionDispatcher 77656448 5 Bytes JMP 0051000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5960] ntdll.dll!NtProtectVirtualMemory 77655360 5 Bytes JMP 0063000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5960] ntdll.dll!NtWriteVirtualMemory 77655EE0 5 Bytes JMP 006C000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5960] ntdll.dll!KiUserExceptionDispatcher 77656448 5 Bytes JMP 0060000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\System32\rundll32.exe[3552] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [756C5E25] C:\Windows\system32\apphelp.dll (?????????????????? ?????/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3552] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [756C5E25] C:\Windows\system32\apphelp.dll (?????????????????? ?????/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3552] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [756C5E25] C:\Windows\system32\apphelp.dll (?????????????????? ?????/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3552] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [756C5E25] C:\Windows\system32\apphelp.dll (?????????????????? ?????/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3552] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [756C5E25] C:\Windows\system32\apphelp.dll (?????????????????? ?????/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3552] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [756C5E25] C:\Windows\system32\apphelp.dll (?????????????????? ?????/Microsoft Corporation)
IAT C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe[3612] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [756C5E25] C:\Windows\system32\apphelp.dll (?????????????????? ?????/Microsoft Corporation)
IAT C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe[3612] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [756C5E25] C:\Windows\system32\apphelp.dll (?????????????????? ?????/Microsoft Corporation)
IAT C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe[3612] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [756C5E25] C:\Windows\system32\apphelp.dll (?????????????????? ?????/Microsoft Corporation)
IAT C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe[3612] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [756C5E25] C:\Windows\system32\apphelp.dll (?????????????????? ?????/Microsoft Corporation)
IAT C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe[3612] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [756C5E25] C:\Windows\system32\apphelp.dll (?????????????????? ?????/Microsoft Corporation)
IAT C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe[3612] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [756C5E25] C:\Windows\system32\apphelp.dll (?????????????????? ?????/Microsoft Corporation)
IAT c:\Program Files\Lenovo\System Update\SUService.exe[3984] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [756C5E25] C:\Windows\system32\apphelp.dll (?????????????????? ?????/Microsoft Corporation)
IAT c:\Program Files\Lenovo\System Update\SUService.exe[3984] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [756C5E25] C:\Windows\system32\apphelp.dll (?????????????????? ?????/Microsoft Corporation)
IAT c:\Program Files\Lenovo\System Update\SUService.exe[3984] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [756C5E25] C:\Windows\system32\apphelp.dll (?????????????????? ?????/Microsoft Corporation)
IAT c:\Program Files\Lenovo\System Update\SUService.exe[3984] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [756C5E25] C:\Windows\system32\apphelp.dll (?????????????????? ?????/Microsoft Corporation)
IAT c:\Program Files\Lenovo\System Update\SUService.exe[3984] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [756C5E25] C:\Windows\system32\apphelp.dll (?????????????????? ?????/Microsoft Corporation)
IAT c:\Program Files\Lenovo\System Update\SUService.exe[3984] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [756C5E25] C:\Windows\system32\apphelp.dll (?????????????????? ?????/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (???? ??? ????? ??????? ?????/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (???? ??? ????? ??????? ?????/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8668DCEC

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Bluetooth \x30c7\x30d0\x30a4\x30b9 (RFCOMM \x30d7\x30ed\x30c8\x30b3\x30eb TDI) 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Bluetooth \x30c7\x30d0\x30a4\x30b9 (\x30d1\x30fc\x30bd\x30ca\x30eb \x30a8\x30ea\x30a2 \x30cd\x30c3\x30c8\x30ef\x30fc\x30af) 1?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f68b
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313c47442
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Bluetooth \x30c7\x30d0\x30a4\x30b9 (RFCOMM \x30d7\x30ed\x30c8\x30b3\x30eb TDI) 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Bluetooth \x30c7\x30d0\x30a4\x30b9 (\x30d1\x30fc\x30bd\x30ca\x30eb \x30a8\x30ea\x30a2 \x30cd\x30c3\x30c8\x30ef\x30fc\x30af) 1?
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f68b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313c47442 (not active ControlSet)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Ryan N Kelley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox (\x30bb\x30fc\x30d5\x30e2\x30fc\x30c9).lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox (\x30bb\x30fc\x30d5\x30e2\x30fc\x30c9).lnk 1

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 08: copy of MBR

---- Files - GMER 1.0.15 ----

File C:\Windows\System32\drivers\discache.sys suspicious modification
File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----



Thank you for your help.

[SweetTech]

Hello,

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt for further review.

[masterisosceles]

SweetTech,

Here is the combofix log report:

ComboFix 10-05-24.03 - Ryan N Kelley 05/25/2010 5:41.1.1 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1041.18.1790.801 [GMT 9:00]
Running from: c:\users\Ryan N Kelley\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Thumbs.db
Q:\Autorun.inf

Infected copy of c:\windows\system32\drivers\discache.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-04-24 to 2010-05-24 )))))))))))))))))))))))))))))))
.

2010-05-24 20:55 . 2010-05-24 20:55 -------- d-----w- C:\Device
2010-05-24 20:53 . 2010-05-24 20:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-24 20:30 . 2010-05-24 20:31 -------- d-----w- C:\32788R22FWJFW
2010-05-24 14:47 . 2010-05-24 14:46 39424 ----a-w- c:\users\winadmin-setup.exe
2010-05-23 14:36 . 2010-05-23 14:36 -------- d-----w- c:\users\Ryan N Kelley\AppData\Roaming\Malwarebytes
2010-05-23 14:35 . 2010-04-29 06:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-23 14:35 . 2010-05-23 14:35 -------- d-----w- c:\programdata\Malwarebytes
2010-05-23 14:35 . 2010-05-23 14:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-23 14:35 . 2010-04-29 06:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-19 08:29 . 2010-05-19 08:29 -------- d-----w- c:\programdata\PC-Doctor for Windows
2010-05-19 08:18 . 2010-05-19 08:30 -------- d-----w- c:\users\Ryan N Kelley\AppData\Roaming\Update
2010-05-19 03:54 . 2010-05-19 03:54 -------- d-----w- c:\users\Ryan N Kelley\AppData\Local\Mozilla
2010-05-18 23:38 . 2010-05-18 23:38 -------- d-----w- C:\$AVG
2010-05-18 17:48 . 2010-05-18 17:48 -------- d-----w- c:\windows\Sun
2010-05-18 06:34 . 2010-05-19 01:12 -------- d-----w- c:\users\Ryan N Kelley\Tracing
2010-05-18 05:13 . 2010-05-18 05:13 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-05-15 11:24 . 2010-05-19 05:28 -------- d-----w- C:\Games
2010-05-12 21:22 . 2010-04-12 08:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-11 21:32 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-07 19:46 . 2010-05-07 19:46 655872 ----a-w- c:\programdata\PC-Doctor for Windows\startmenu\msvcr90.dll
2010-05-07 19:46 . 2010-05-07 19:46 572928 ----a-w- c:\programdata\PC-Doctor for Windows\startmenu\msvcp90.dll
2010-05-07 19:46 . 2010-05-07 19:46 27136 ----a-w- c:\programdata\PC-Doctor for Windows\startmenu\startmenu-localizer.exe
2010-05-07 19:46 . 2010-05-07 19:46 24064 ----a-w- c:\programdata\PC-Doctor for Windows\startmenu\CommandLine.dll
2010-05-07 19:46 . 2010-05-07 19:46 225280 ----a-w- c:\programdata\PC-Doctor for Windows\startmenu\msvcm90.dll
2010-05-07 19:46 . 2010-05-07 19:46 1768960 ----a-w- c:\programdata\PC-Doctor for Windows\startmenu\Common.dll
2010-05-03 15:19 . 2010-05-03 15:19 -------- d-----w- c:\program files\iPod
2010-05-03 15:19 . 2010-05-03 15:20 -------- d-----w- c:\program files\iTunes
2010-05-03 15:07 . 2010-05-03 15:07 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-02 04:27 . 2010-05-02 04:27 4710 ----a-r- c:\users\Ryan N Kelley\AppData\Roaming\Microsoft\Installer\{35EF2C07-76FE-4CD6-9648-07001437ED3D}\_06D189188746F24FB2931E.exe
2010-05-02 04:27 . 2010-05-02 04:27 2550 ----a-r- c:\users\Ryan N Kelley\AppData\Roaming\Microsoft\Installer\{35EF2C07-76FE-4CD6-9648-07001437ED3D}\_A3ED264C7BD8D9D4BC7EEF.exe
2010-05-02 04:27 . 2010-05-02 04:27 2550 ----a-r- c:\users\Ryan N Kelley\AppData\Roaming\Microsoft\Installer\{35EF2C07-76FE-4CD6-9648-07001437ED3D}\_6FEFF9B68218417F98F549.exe
2010-05-02 04:11 . 2010-05-02 04:11 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-02 04:11 . 2010-05-02 04:11 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-05-02 04:11 . 2010-05-02 04:11 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-02 04:11 . 2010-05-02 04:11 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-02 04:10 . 2010-05-24 11:10 -------- d-----w- c:\windows\system32\drivers\Avg
2010-05-02 04:10 . 2010-05-02 04:10 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-02 04:10 . 2010-05-02 04:10 -------- d-----w- c:\programdata\avg9
2010-04-28 05:40 . 2010-04-28 05:40 -------- d-----w- c:\program files\Bonjour
2010-04-28 05:09 . 2010-04-28 05:09 -------- d-----w- c:\program files\River Software
2010-04-28 00:23 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-28 00:23 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-26 12:32 . 2010-04-26 12:32 -------- d-----w- c:\users\Ryan N Kelley\AppData\Roaming\cYo
2010-04-26 12:32 . 2010-04-26 12:32 -------- d-----w- c:\users\Ryan N Kelley\AppData\Local\cYo
2010-04-26 12:30 . 2010-04-26 12:30 -------- d-----w- c:\program files\ComicRack
2010-04-25 00:47 . 2010-04-25 00:48 -------- d-----w- c:\program files\Guitar Pro 5
2010-04-24 23:51 . 2010-04-24 23:51 -------- d-----w- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-24 20:46 . 2010-01-20 07:59 386112 ----a-w- c:\windows\system32\perfh011.dat
2010-05-24 20:46 . 2010-01-20 07:59 103702 ----a-w- c:\windows\system32\perfc011.dat
2010-05-24 20:28 . 2010-02-23 15:48 -------- d-----w- c:\users\Ryan N Kelley\AppData\Roaming\uTorrent
2010-05-24 20:27 . 2010-03-02 14:52 -------- d-----w- c:\users\Ryan N Kelley\AppData\Roaming\dvdcss
2010-05-24 06:52 . 2010-02-23 16:21 -------- d-----w- c:\users\Ryan N Kelley\AppData\Roaming\vlc
2010-05-24 03:00 . 2010-02-23 15:42 -------- d-----w- c:\users\Ryan N Kelley\AppData\Roaming\.anki
2010-05-19 08:41 . 2010-01-19 15:32 -------- d-----w- c:\program files\PC-Doctor
2010-05-19 08:40 . 2010-01-19 15:32 -------- d-----w- c:\programdata\PCDr
2010-05-19 02:31 . 2010-01-20 07:46 -------- d-----w- c:\programdata\Lenovo
2010-05-19 02:31 . 2010-01-19 15:41 -------- d-----w- c:\program files\Windows Live
2010-05-19 02:31 . 2010-01-19 15:43 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-05-19 02:31 . 2010-01-19 15:26 -------- d-----w- c:\program files\Microsoft
2010-05-17 23:17 . 2010-03-07 23:31 -------- d-----w- c:\program files\Winamp
2010-05-12 21:21 . 2010-01-19 15:27 -------- d-----w- c:\program files\Java
2010-05-12 18:01 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-05 22:45 . 2010-03-01 13:27 -------- d-----w- c:\program files\JDownloader
2010-05-05 22:36 . 2010-02-23 23:22 -------- d-----w- c:\users\Ryan N Kelley\AppData\Roaming\Apple Computer
2010-05-05 14:44 . 2010-02-23 16:55 -------- d-----w- c:\users\Ryan N Kelley\AppData\Roaming\Skype
2010-05-05 12:41 . 2010-03-21 15:50 -------- d-----w- c:\users\Ryan N Kelley\AppData\Roaming\skypePM
2010-05-03 15:19 . 2010-02-23 23:17 -------- d-----w- c:\program files\Common Files\Apple
2010-05-02 04:20 . 2010-03-27 09:10 -------- d-----w- c:\program files\Opera
2010-05-02 04:10 . 2010-03-25 01:36 -------- d-----w- c:\program files\AVG
2010-05-02 03:37 . 2010-03-21 01:42 -------- d-----w- c:\program files\Comical
2010-04-25 21:00 . 2010-02-23 15:48 -------- d-----w- c:\program files\uTorrent
2010-04-25 00:48 . 2010-02-23 14:36 114616 ----a-w- c:\users\Ryan N Kelley\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-21 12:30 . 2010-04-21 12:30 -------- d-----w- c:\program files\VS Revo Group
2010-04-08 04:20 . 2010-04-08 04:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 04:20 . 2010-04-08 04:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-07 00:23 . 2010-04-07 00:23 67584 ----a-w- c:\programdata\MotioninJoy\DS3tool\update\DS3_Tool.exe
2010-04-07 00:23 . 2010-04-07 00:23 17408 ----a-w- c:\programdata\MotioninJoy\DS3tool\update\drivers\MijUfilt.sys
2010-04-07 00:23 . 2010-04-07 00:23 24576 ----a-w- c:\programdata\MotioninJoy\DS3tool\update\drivers\MijBThid.sys
2010-04-06 08:59 . 2010-04-06 08:59 -------- d-----w- c:\program files\Common Files\Java
2010-04-06 04:25 . 2010-04-06 04:24 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-06 04:10 . 2010-04-06 04:06 -------- d-----w- c:\program files\QuickTime
2010-03-27 10:33 . 2010-03-27 10:33 -------- d-----w- c:\programdata\MotioninJoy
2010-03-27 10:22 . 2010-03-27 10:22 -------- d-----w- c:\users\Ryan N Kelley\AppData\Roaming\ATI
2010-03-27 10:22 . 2010-03-27 10:22 -------- d-----w- c:\programdata\ATI
2010-03-27 08:02 . 2010-02-23 14:32 -------- d-----w- c:\programdata\Norton
2010-03-21 15:50 . 2010-03-21 15:50 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-03-20 18:04 . 2010-02-23 22:19 1 ----a-w- c:\users\Ryan N Kelley\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-08 21:33 . 2010-04-14 04:01 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-03-02 18:20 . 2010-01-19 15:20 394600 ------w- c:\windows\PWMBTHLV.EXE
2010-03-02 18:20 . 2010-01-19 15:20 11552 ----a-w- c:\windows\system32\drivers\TPPWR32V.SYS
2010-02-27 12:07 . 2010-04-14 04:02 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-27 12:07 . 2010-04-14 04:02 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 07:32 . 2010-04-14 04:01 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-27 07:32 . 2010-04-14 04:01 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-27 07:32 . 2010-04-14 04:01 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-24 01:16 . 2010-03-27 08:17 181632 ------w- c:\windows\system32\MpSigStub.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sh--r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sh--w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-11-17 69568]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2009-11-16 487992]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-03-02 886120]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-13 36864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-25 1594664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Launch Backup Service Once"="c:\program files\Lenovo\Rescue and Recovery\rrstrigger.exe" [2009-08-28 21304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-10-2 795936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PCDSRVC{3037D694-FD904ACA-06020000}_0;PCDSRVC{3037D694-FD904ACA-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2010-05-07 21360]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2010-03-02 75112]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies ????;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1343400]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-05-02 52872]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-10-09 20520]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-05-02 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-05-02 242896]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-10-19 172032]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-05-02 308064]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\LENOVO\HOTKEY\CAMMUTE.exe [2009-11-09 54632]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-11-17 44984]
S2 TPHKSVC;?? ???????;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-11-16 62904]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-30 175104]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-10-02 204288]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-11-04 862208]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-06-04 27320]
S3 usbsmi;Integrated Camera;c:\windows\system32\DRIVERS\SMIksdrv.sys [2009-10-26 181248]

.
Contents of the 'Scheduled Tasks' folder

2010-05-20 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-05-07 19:46]

2010-05-20 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-05-08 00:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lenovo.msn.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: ????? Bluetooth ???????(&B)... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: ???? Bluetooth ???????(&B)... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Ryan N Kelley\AppData\Roaming\Mozilla\Firefox\Profiles\6f2ywr9q.default\
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06020000}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Lenovo\Access Connections\Locations\W*i*n*d*o*w*s* *ï0¤0ä0ì0¹0 *µ0ü0Ó0¹0\AdptList\Adpt00]
"m_eAdptType"=dword:00000002
"m_szPnpId"="PCI\\VEN_10EC&DEV_8172&SUBSYS_E02010EC"
"m_szHomePage"="http://www.microsoft...=ie&ar=msnhome"
"m_szDefPrinter"="Microsoft XPS Document Writer"
"m_bDhcpEnabled"=dword:00000001
"m_vStaticIp"=hex:01,00,00,00,1c,00,00,00,31,00,39,00,32,00,2e,00,31,00,36,00,
38,00,2e,00,31,00,2e,00,31,00,30,00,37,00,00,00
"m_vSubnetMask"=hex:01,00,00,00,1c,00,00,00,32,00,35,00,35,00,2e,00,32,00,35,
00,35,00,2e,00,32,00,35,00,35,00,2e,00,30,00,00,00
"m_szGatewayIp"=hex:01,00,00,00,18,00,00,00,31,00,39,00,32,00,2e,00,31,00,36,
00,38,00,2e,00,31,00,2e,00,31,00,00,00
"m_bDiscnntOnPrfSwitch"=dword:00000001
"m_eEncryCspUsed"=dword:00000003
"m_ePowerSaveMode"=dword:00000004

[HKEY_LOCAL_MACHINE\SOFTWARE\Lenovo\Access Connections\Locations\W*i*n*d*o*w*s* *ï0¤0ä0ì0¹0 *µ0ü0Ó0¹0\AdptList\Adpt00\BrowserPxySettings]
"m_bAutoDetect"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5876)
c:\program files\ThinkPad\Bluetooth Software\btmmhook.dll
c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\JP\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\atieclxx.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Lenovo\Access Connections\SvcGuiHlpr.exe
c:\program files\Lenovo\Client Security Solution\cssauth.exe
c:\windows\System32\TpShocks.exe
c:\windows\System32\rundll32.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
.
**************************************************************************
.
Completion time: 2010-05-25 06:11:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-24 21:11

Pre-Run: 92,366,249,984 bytes free
Post-Run: 94,143,459,328 bytes free

- - End Of File - - 5C2568A1358247717F28E0794FBECBAE

[SweetTech]

Hello,

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

• Open Malwarebytes' Anti-Malware
  
• Select the Update tab
  
• Click Check for Updates
  
• After the update have been completed, Select the Scanner tab.
  
• Select Perform quick scan, then click on Scan
  
• Leave the default options as it is and click on Start Scan
  
• When done, you will be prompted. Click OK, then click on Show Results
  
• Checked (ticked) all items and click on Remove Selected
  
• After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
• Check
• Click the button.
• Accept any security warnings from your browser.
• Check
• Make sure that the option "Remove found threats" is Unchecked
• Push the Start button.
• ESET will then download updates for itself, install itself, and begin
  scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as
  ESETScan. Include the contents of this report in your next reply.
• Push the button.
• Push

NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan

• Please reopen on your desktop.
• Copy and Paste the following bolded text into the textbox.
  
  

  
  netsvcs
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\drivers\*.sys /180
  

• Push
• A report will open. Copy and Paste that report in your next reply.

NEXT:


Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the updated MalwareBytes' Anti-Malware scan.
3. The log that was produced after running the ESET Online Virus Scanner.
4. The log that was produced after running the OTL scan.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Cheers,
SweetTech.

[masterisosceles]

2.MalwareBytes' Anti-Malware scan:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4140

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/25/2010 9:10:06 AM
mbam-log-2010-05-25 (09-10-06).txt

Scan type: Quick scan
Objects scanned: 126828
Time elapsed: 9 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

3. The log that was produced after running the ESET Online Virus Scanner.
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\discache.sys.vir Win32/Olmarik.ZC trojan cleaned - quarantined
C:\Users\Ryan N Kelley\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\532116bf-606bb2c4 Java/TrojanDownloader.Agent.AF trojan cleaned by deleting - quarantined
C:\Users\Ryan N Kelley\Downloads\Rosetta Stone 3.4.5 incl crack win-mac\Rosetta Stone v3.4.5.exe NSIS/TrojanDownloader.Agent.NBS.Gen trojan deleted - quarantined

4. The log that was produced after running the OTL scan.

OTL logfile created on: 2010/05/25 14:31:41 - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Ryan N Kelley\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000411 | Country: 米国 | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.95 Gb Total Space | 86.92 Gb Free Space | 39.16% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 9.77 Gb Total Space | 5.05 Gb Free Space | 51.66% Space Free | Partition Type: NTFS

Computer Name: RYANNKELLEY
Current User Name: Ryan N Kelley
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Ryan N Kelley\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Users\Ryan N Kelley\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Ryan N Kelley\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Windows\System32\TpShocks.exe (Lenovo.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Windows\System32\ibmpmsvc.exe (Lenovo.)
PRC - C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\cammute.exe (Lenovo Group Limited)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\Rainlendar2\Rainlendar2.exe ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe ()
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)


========== Modules (SafeList) ==========

MOD - C:\Users\Ryan N Kelley\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (AcSvc) -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (IBMPMSVC) -- C:\Windows\System32\ibmpmsvc.exe (Lenovo.)
SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.CAMMUTE) -- C:\Program Files\Lenovo\HOTKEY\cammute.exe (Lenovo Group Limited)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (TPHDEXLGSVC) -- C:\Windows\System32\TPHDEXLG.exe (Lenovo.)
SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)


========== Driver Services (SafeList) ==========

DRV - (PCDSRVC{3037D694-FD904ACA-06020000}_0) -- c:\Program Files\PC-Doctor\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (AvgRkx86) -- C:\Windows\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (IBMPMDRV) -- C:\Windows\System32\drivers\ibmpmdrv.sys (Lenovo.)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation )
DRV - (usbsmi) -- C:\Windows\System32\drivers\SMIksdrv.sys (SMI)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (Shockprf) -- C:\Windows\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\Windows\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek )
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (netw5v32) Intel® -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/jp/ja [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/19 12:54:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/19 12:54:01 | 000,000,000 | ---D | M]

[2010/05/19 12:54:20 | 000,000,000 | ---D | M] -- C:\Users\Ryan N Kelley\AppData\Roaming\mozilla\Extensions
[2010/05/19 12:54:20 | 000,000,000 | ---D | M] -- C:\Users\Ryan N Kelley\AppData\Roaming\mozilla\Firefox\Profiles\6f2ywr9q.default\extensions
[2010/05/19 12:54:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/02 02:17:08 | 000,001,842 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-jp.xml
[2010/04/02 02:17:08 | 000,002,630 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google-jp.xml
[2010/04/02 02:17:08 | 000,001,269 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\oshiete-goo.xml
[2010/04/02 02:17:08 | 000,000,814 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\rakuten.xml
[2010/04/02 02:17:08 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-ja.xml
[2010/04/02 02:17:08 | 000,000,889 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-jp-auctions.xml
[2010/04/02 02:17:08 | 000,000,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-jp.xml

O1 HOSTS File: ([2010/05/25 05:57:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe ()
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [Launch Backup Service Once] C:\Program Files\Lenovo\Rescue and Recovery\rrstrigger.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\Windows\System32\TpShocks.exe (Lenovo.)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: イメージを Bluetooth デバイスに送信(&B)... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: ページを Bluetooth デバイスに送信(&B)... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: このコンテンツを引用 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Live Writer でこのコンテンツに関する記事を書く(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 06:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/14 11:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/25 09:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/25 06:11:52 | 000,000,000 | ---D | C] -- C:\Users\Ryan N Kelley\AppData\Local\temp
[2010/05/25 05:57:10 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/05/25 05:55:03 | 000,000,000 | ---D | C] -- C:\Device
[2010/05/25 05:31:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/05/25 05:31:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/05/25 05:31:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/05/25 05:31:07 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/05/25 05:30:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/05/25 05:30:11 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/05/25 05:30:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/25 05:29:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/23 23:36:57 | 000,000,000 | ---D | C] -- C:\Users\Ryan N Kelley\AppData\Roaming\Malwarebytes
[2010/05/23 23:35:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/23 23:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/23 23:35:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/23 23:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/20 13:32:11 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/05/19 17:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
[2010/05/19 17:18:55 | 000,000,000 | ---D | C] -- C:\Users\Ryan N Kelley\AppData\Roaming\Update
[2010/05/19 12:54:15 | 000,000,000 | ---D | C] -- C:\Users\Ryan N Kelley\AppData\Roaming\Mozilla
[2010/05/19 12:54:15 | 000,000,000 | ---D | C] -- C:\Users\Ryan N Kelley\AppData\Local\Mozilla
[2010/05/19 12:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/05/19 08:38:26 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/05/19 02:48:56 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/05/18 15:34:23 | 000,000,000 | ---D | C] -- C:\Users\Ryan N Kelley\Tracing
[2010/05/18 14:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/05/15 20:24:18 | 000,000,000 | ---D | C] -- C:\Games
[2010/05/13 06:22:57 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/13 06:22:57 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/13 06:22:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/13 06:22:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/05/04 00:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/04 00:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/02 13:11:20 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/05/02 13:11:19 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/05/02 13:11:14 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/05/02 13:11:05 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/05/02 13:10:55 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/05/02 13:10:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/05/02 13:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/04/28 14:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/28 14:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\River Software
[2010/04/28 09:23:12 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/04/28 09:23:12 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010/04/26 21:32:06 | 000,000,000 | ---D | C] -- C:\Users\Ryan N Kelley\AppData\Roaming\cYo
[2010/04/26 21:32:06 | 000,000,000 | ---D | C] -- C:\Users\Ryan N Kelley\AppData\Local\cYo
[2010/04/26 21:30:43 | 000,000,000 | ---D | C] -- C:\Program Files\ComicRack
[2010/04/26 10:37:29 | 000,000,000 | ---D | C] -- C:\Users\Ryan N Kelley\Documents\Theories of War and Peace copy

========== Files - Modified Within 30 Days ==========

[2010/05/25 14:37:48 | 002,359,296 | -HS- | M] () -- C:\Users\Ryan N Kelley\ntuser.dat
[2010/05/25 14:28:06 | 000,010,929 | ---- | M] () -- C:\Users\Ryan N Kelley\Documents\Trojan Report 5.25.10.docx
[2010/05/25 14:21:11 | 000,000,746 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-866844561-1735434821-3606381178-1002UA.job
[2010/05/25 08:53:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/25 06:44:57 | 060,343,739 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/25 06:23:12 | 000,019,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/25 06:23:12 | 000,019,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/25 06:21:00 | 000,000,694 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-866844561-1735434821-3606381178-1002Core.job
[2010/05/25 06:03:13 | 000,609,756 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/25 06:03:13 | 000,386,112 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2010/05/25 06:03:13 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2010/05/25 06:03:12 | 001,199,652 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/25 06:03:12 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/25 05:58:12 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/05/25 05:57:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/05/25 05:56:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/25 05:56:02 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/25 05:27:01 | 003,696,466 | R--- | M] () -- C:\Users\Ryan N Kelley\Desktop\ComboFix.exe
[2010/05/24 13:46:59 | 001,804,254 | -H-- | M] () -- C:\Users\Ryan N Kelley\AppData\Local\IconCache.db
[2010/05/24 13:00:30 | 000,008,487 | ---- | M] () -- C:\Users\Ryan N Kelley\Documents\VirtuaNES.ini
[2010/05/24 09:02:36 | 000,003,249 | ---- | M] () -- C:\Users\Ryan N Kelley\Documents\Kaspersky Report.html
[2010/05/20 21:19:44 | 001,572,085 | ---- | M] () -- C:\Users\Ryan N Kelley\Desktop\1274357740129.jpg
[2010/05/20 21:09:28 | 000,993,399 | ---- | M] () -- C:\Users\Ryan N Kelley\Desktop\020.JPG
[2010/05/20 13:32:22 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2010/05/20 13:32:22 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2010/05/20 13:31:48 | 180,732,072 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/19 15:10:10 | 172,785,396 | ---- | M] () -- C:\Users\Ryan N Kelley\Desktop\t_reddeadr_vr_mvf4_gt_hd.wmv
[2010/05/19 14:28:27 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/19 14:28:27 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/19 11:42:22 | 000,524,288 | -HS- | M] () -- C:\Users\Ryan N Kelley\ntuser.dat{0f210e93-62ed-11df-9faf-00269ed98ce7}.TMContainer00000000000000000002.regtrans-ms
[2010/05/19 11:42:22 | 000,524,288 | -HS- | M] () -- C:\Users\Ryan N Kelley\ntuser.dat{0f210e93-62ed-11df-9faf-00269ed98ce7}.TMContainer00000000000000000001.regtrans-ms
[2010/05/19 11:42:22 | 000,065,536 | -HS- | M] () -- C:\Users\Ryan N Kelley\ntuser.dat{0f210e93-62ed-11df-9faf-00269ed98ce7}.TM.blf
[2010/05/13 14:01:02 | 000,011,621 | ---- | M] () -- C:\Users\Ryan N Kelley\Documents\Square Numbers.docx
[2010/05/13 13:04:11 | 000,011,536 | ---- | M] () -- C:\Users\Ryan N Kelley\Documents\square explanation.docx
[2010/05/13 12:43:01 | 000,013,212 | ---- | M] () -- C:\Users\Ryan N Kelley\Documents\glint.ini
[2010/05/13 12:40:36 | 000,012,596 | ---- | M] () -- C:\Users\Ryan N Kelley\Documents\Lawless Questions.docx
[2010/05/13 00:58:09 | 000,155,221 | ---- | M] () -- C:\Users\Ryan N Kelley\Documents\Square-enix Financial Analysis.pptx
[2010/05/11 17:23:23 | 000,010,646 | ---- | M] () -- C:\Users\Ryan N Kelley\Documents\MBA Management.docx
[2010/05/08 10:11:33 | 000,012,160 | ---- | M] () -- C:\Users\Ryan N Kelley\Documents\Outline.docx
[2010/05/07 14:27:42 | 000,014,894 | ---- | M] () -- C:\Users\Ryan N Kelley\Documents\I promised myself that I would write every day.docx
[2010/05/07 13:52:29 | 000,014,103 | ---- | M] () -- C:\Users\Ryan N Kelley\Documents\SquareEnix Report.docx
[2010/05/07 13:22:30 | 000,015,236 | ---- | M] () -- C:\Users\Ryan N Kelley\Documents\Ryan Nathaniel Kelley Resume 10.5.6.docx
[2010/05/02 13:11:20 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/05/02 13:11:19 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/05/02 13:11:14 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/05/02 13:11:05 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/05/02 13:10:55 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/05/02 13:10:55 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010/04/26 06:01:01 | 000,434,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/05/25 14:27:59 | 000,010,929 | ---- | C] () -- C:\Users\Ryan N Kelley\Documents\Trojan Report 5.25.10.docx
[2010/05/25 06:16:38 | 000,000,746 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-866844561-1735434821-3606381178-1002UA.job
[2010/05/25 06:16:33 | 000,000,694 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-866844561-1735434821-3606381178-1002Core.job
[2010/05/25 05:31:25 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/05/25 05:31:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/05/25 05:31:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/05/25 05:31:25 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/05/25 05:31:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/05/25 05:26:12 | 003,696,466 | R--- | C] () -- C:\Users\Ryan N Kelley\Desktop\ComboFix.exe
[2010/05/24 09:02:36 | 000,003,249 | ---- | C] () -- C:\Users\Ryan N Kelley\Documents\Kaspersky Report.html
[2010/05/20 21:19:44 | 001,572,085 | ---- | C] () -- C:\Users\Ryan N Kelley\Desktop\1274357740129.jpg
[2010/05/20 21:09:25 | 000,993,399 | ---- | C] () -- C:\Users\Ryan N Kelley\Desktop\020.JPG
[2010/05/20 13:31:48 | 180,732,072 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/05/19 17:30:29 | 000,000,528 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2010/05/19 17:30:14 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2010/05/19 15:06:25 | 172,785,396 | ---- | C] () -- C:\Users\Ryan N Kelley\Desktop\t_reddeadr_vr_mvf4_gt_hd.wmv
[2010/05/19 14:28:27 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/05/19 14:28:27 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/05/19 11:34:04 | 000,524,288 | -HS- | C] () -- C:\Users\Ryan N Kelley\ntuser.dat{0f210e93-62ed-11df-9faf-00269ed98ce7}.TMContainer00000000000000000002.regtrans-ms
[2010/05/19 11:34:03 | 000,524,288 | -HS- | C] () -- C:\Users\Ryan N Kelley\ntuser.dat{0f210e93-62ed-11df-9faf-00269ed98ce7}.TMContainer00000000000000000001.regtrans-ms
[2010/05/19 11:34:02 | 000,065,536 | -HS- | C] () -- C:\Users\Ryan N Kelley\ntuser.dat{0f210e93-62ed-11df-9faf-00269ed98ce7}.TM.blf
[2010/05/13 13:04:10 | 000,011,536 | ---- | C] () -- C:\Users\Ryan N Kelley\Documents\square explanation.docx
[2010/05/13 00:58:33 | 000,011,621 | ---- | C] () -- C:\Users\Ryan N Kelley\Documents\Square Numbers.docx
[2010/05/13 00:35:28 | 000,155,221 | ---- | C] () -- C:\Users\Ryan N Kelley\Documents\Square-enix Financial Analysis.pptx
[2010/05/12 22:48:48 | 000,012,596 | ---- | C] () -- C:\Users\Ryan N Kelley\Documents\Lawless Questions.docx
[2010/05/11 17:23:22 | 000,010,646 | ---- | C] () -- C:\Users\Ryan N Kelley\Documents\MBA Management.docx
[2010/05/08 10:11:32 | 000,012,160 | ---- | C] () -- C:\Users\Ryan N Kelley\Documents\Outline.docx
[2010/05/07 13:52:28 | 000,014,103 | ---- | C] () -- C:\Users\Ryan N Kelley\Documents\SquareEnix Report.docx
[2010/05/07 13:22:29 | 000,015,236 | ---- | C] () -- C:\Users\Ryan N Kelley\Documents\Ryan Nathaniel Kelley Resume 10.5.6.docx
[2010/05/02 13:10:55 | 060,343,739 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/02 13:10:55 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/04/27 22:40:01 | 000,014,894 | ---- | C] () -- C:\Users\Ryan N Kelley\Documents\I promised myself that I would write every day.docx
[2010/01/20 00:16:22 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/01/20 00:11:58 | 000,163,840 | ---- | C] () -- C:\Windows\System32\SM37XCoInst.dll
[2009/07/14 08:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 08:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/11 06:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/14 10:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/07/21 15:20:38 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/05/25 06:11:39 | 000,020,774 | ---- | M] () -- C:\ComboFix.txt
[2009/06/11 06:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/05/25 05:56:02 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/19 14:28:27 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/19 14:28:27 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/25 05:56:04 | 1877,393,408 | -HS- | M] () -- C:\pagefile.sys
[2010/03/27 17:30:47 | 000,000,006 | ---- | M] () -- C:\SISHashTodo
[2010/03/27 17:30:47 | 000,000,610 | ---- | M] () -- C:\SISTodo

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /180 >
[2009/12/02 02:50:03 | 000,274,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2010/05/02 13:11:05 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/05/02 13:10:55 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/05/02 13:11:19 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/05/02 13:11:14 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/02/19 12:07:42 | 000,516,152 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\System32\drivers\CHDRT32.sys
[2009/12/11 16:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/27 16:32:05 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/27 16:32:26 | 000,221,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/27 16:32:12 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2010/01/20 00:32:32 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) -- C:\Windows\System32\drivers\psadd.sys
[2009/12/08 17:05:40 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/12/08 17:05:09 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2010/03/03 03:20:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\drivers\TPPWR32V.SYS
[2009/12/04 15:51:10 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbehci.sys
[2009/12/04 15:51:54 | 000,258,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbhub.sys

========== Files - Unicode (All) ==========
[2010/05/13 07:56:19 | 002,011,240 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\?????.pptx) -- C:\Users\Ryan N Kelley\Documents\普天間発表.pptx
[2010/05/11 16:29:26 | 000,011,212 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\???????????????????.docx) -- C:\Users\Ryan N Kelley\Documents\見せかけの同盟はもう維持出来ない副文献.docx
[2010/05/11 16:29:24 | 000,011,212 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\???????????????????.docx) -- C:\Users\Ryan N Kelley\Documents\見せかけの同盟はもう維持出来ない副文献.docx
[2010/05/11 16:10:12 | 000,013,104 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\????????????????·?????·????·???.docx) -- C:\Users\Ryan N Kelley\Documents\見せかけの同盟はもう維持できない・単語シート・ライアン・ケリー.docx
[2010/05/11 16:10:10 | 000,013,104 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\????????????????·?????·????·???.docx) -- C:\Users\Ryan N Kelley\Documents\見せかけの同盟はもう維持できない・単語シート・ライアン・ケリー.docx
[2010/05/10 10:34:07 | 002,011,240 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\?????.pptx) -- C:\Users\Ryan N Kelley\Documents\普天間発表.pptx
[2010/05/08 10:11:39 | 000,025,305 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\???????????????2????.docx) -- C:\Users\Ryan N Kelley\Documents\米軍は日本から引き揚げると見る２つの根拠.docx
[2010/05/07 17:01:16 | 000,025,305 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\???????????????2????.docx) -- C:\Users\Ryan N Kelley\Documents\米軍は日本から引き揚げると見る２つの根拠.docx
[2010/04/28 09:43:14 | 000,012,131 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\?????????.docx) -- C:\Users\Ryan N Kelley\Documents\原発バブルと民主党.docx
[2010/04/27 12:46:09 | 000,012,131 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\?????????.docx) -- C:\Users\Ryan N Kelley\Documents\原発バブルと民主党.docx
[2010/04/26 21:26:41 | 000,032,731 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\?????????????.docx) -- C:\Users\Ryan N Kelley\Documents\『財務諸表の読み方』の概要.docx
[2010/04/19 14:34:03 | 000,013,374 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\??????·????????.docx) -- C:\Users\Ryan N Kelley\Documents\パナソニック・損益計算書の分析.docx
[2010/04/19 12:57:49 | 000,119,924 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\????????????.pptx) -- C:\Users\Ryan N Kelley\Documents\パナソニック株式会社分析.pptx
[2010/04/19 10:40:53 | 000,119,924 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\????????????.pptx) -- C:\Users\Ryan N Kelley\Documents\パナソニック株式会社分析.pptx
[2010/04/19 10:33:19 | 000,011,112 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\??????·???????.docx) -- C:\Users\Ryan N Kelley\Documents\パナソニック・損益計算書比較.docx
[2010/04/19 10:33:18 | 000,011,112 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\??????·???????.docx) -- C:\Users\Ryan N Kelley\Documents\パナソニック・損益計算書比較.docx
[2010/04/19 07:20:17 | 000,013,374 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\??????·????????.docx) -- C:\Users\Ryan N Kelley\Documents\パナソニック・損益計算書の分析.docx
[2010/04/19 06:38:40 | 000,187,412 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\??????.pdf) -- C:\Users\Ryan N Kelley\Documents\パナソニック.pdf
[2010/04/19 06:38:40 | 000,187,412 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\??????.pdf) -- C:\Users\Ryan N Kelley\Documents\パナソニック.pdf
[2010/04/15 10:02:17 | 000,011,413 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\??????????·????.docx) -- C:\Users\Ryan N Kelley\Documents\「学生の声」ライアン・ケリー編.docx
[2010/04/15 10:02:16 | 000,011,413 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\??????????·????.docx) -- C:\Users\Ryan N Kelley\Documents\「学生の声」ライアン・ケリー編.docx
[2010/04/09 07:58:00 | 000,011,973 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\????·???·???????.docx) -- C:\Users\Ryan N Kelley\Documents\ライアン・ケリー・研究目的の提示.docx
[2010/04/09 07:57:58 | 000,011,973 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\????·???·???????.docx) -- C:\Users\Ryan N Kelley\Documents\ライアン・ケリー・研究目的の提示.docx
[2010/04/06 08:53:38 | 000,000,162 | -H-- | M] ()(C:\Users\Ryan N Kelley\Documents\~$????.docx) -- C:\Users\Ryan N Kelley\Documents\~$中根知恵.docx
[2010/04/06 08:53:38 | 000,000,162 | -H-- | C] ()(C:\Users\Ryan N Kelley\Documents\~$????.docx) -- C:\Users\Ryan N Kelley\Documents\~$中根知恵.docx
[2010/04/06 08:53:37 | 000,012,013 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\????.docx) -- C:\Users\Ryan N Kelley\Documents\中根知恵.docx
[2010/04/06 08:53:33 | 000,012,013 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\????.docx) -- C:\Users\Ryan N Kelley\Documents\中根知恵.docx
[2010/04/05 13:13:18 | 000,032,731 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\?????????????.docx) -- C:\Users\Ryan N Kelley\Documents\『財務諸表の読み方』の概要.docx
[2010/04/02 16:08:09 | 000,011,199 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\????.docx) -- C:\Users\Ryan N Kelley\Documents\財務諸表.docx
[2010/04/02 16:08:09 | 000,000,162 | -H-- | M] ()(C:\Users\Ryan N Kelley\Documents\~$????.docx) -- C:\Users\Ryan N Kelley\Documents\~$財務諸表.docx
[2010/04/02 16:08:09 | 000,000,162 | -H-- | C] ()(C:\Users\Ryan N Kelley\Documents\~$????.docx) -- C:\Users\Ryan N Kelley\Documents\~$財務諸表.docx
[2010/04/02 16:08:08 | 000,011,199 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\????.docx) -- C:\Users\Ryan N Kelley\Documents\財務諸表.docx
[2010/04/02 11:31:53 | 000,011,398 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\????????????????????????.docx) -- C:\Users\Ryan N Kelley\Documents\証券発行を希望している会社はまず投資機関に相談し.docx
[2010/04/02 11:31:51 | 000,011,398 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\????????????????????????.docx) -- C:\Users\Ryan N Kelley\Documents\証券発行を希望している会社はまず投資機関に相談し.docx
[2010/04/02 10:06:18 | 000,011,826 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\????·??1.docx) -- C:\Users\Ryan N Kelley\Documents\ライアン・ケリ1.docx
[2010/04/02 10:06:16 | 000,011,826 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\????·??1.docx) -- C:\Users\Ryan N Kelley\Documents\ライアン・ケリ1.docx
[2010/04/02 09:54:21 | 000,012,066 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\????·???????????.docx) -- C:\Users\Ryan N Kelley\Documents\ライアン・ケリー「お勧めの場所」.docx
[2010/04/02 09:54:17 | 000,012,066 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\????·???????????.docx) -- C:\Users\Ryan N Kelley\Documents\ライアン・ケリー「お勧めの場所」.docx
[2010/04/02 09:51:34 | 000,012,066 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\????·???.docx) -- C:\Users\Ryan N Kelley\Documents\ライアン・ケリー.docx
[2010/04/02 08:19:23 | 000,012,066 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\????·???.docx) -- C:\Users\Ryan N Kelley\Documents\ライアン・ケリー.docx
[2010/03/31 09:47:21 | 000,012,929 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\????·???????·????152???.docx) -- C:\Users\Ryan N Kelley\Documents\ライアン・ケリー待遇表現・応用練習１５２ページ.docx
[2010/03/31 09:47:19 | 000,012,929 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\????·???????·????152???.docx) -- C:\Users\Ryan N Kelley\Documents\ライアン・ケリー待遇表現・応用練習１５２ページ.docx
[2010/03/31 09:47:08 | 000,012,929 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\????·????152???.docx) -- C:\Users\Ryan N Kelley\Documents\待遇表現・応用練習１５２ページ.docx
[2010/03/31 08:00:45 | 000,012,929 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\????·????152???.docx) -- C:\Users\Ryan N Kelley\Documents\待遇表現・応用練習１５２ページ.docx
[2010/03/29 16:43:21 | 000,084,750 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\????·??????10?3?.pdf) -- C:\Users\Ryan N Kelley\Documents\ライアン・ケリー履歴書１０年３月.pdf
[2010/03/29 16:43:21 | 000,084,750 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\????·??????10?3?.pdf) -- C:\Users\Ryan N Kelley\Documents\ライアン・ケリー履歴書１０年３月.pdf
[2010/03/29 16:23:45 | 000,084,693 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\???????.pdf) -- C:\Users\Ryan N Kelley\Documents\履歴書一般模範.pdf
[2010/03/29 16:23:45 | 000,084,693 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\???????.pdf) -- C:\Users\Ryan N Kelley\Documents\履歴書一般模範.pdf
[2010/03/29 15:56:55 | 000,011,199 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\??????.docx) -- C:\Users\Ryan N Kelley\Documents\会計学の授業.docx
[2010/03/29 15:56:53 | 000,011,199 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\??????.docx) -- C:\Users\Ryan N Kelley\Documents\会計学の授業.docx
[2010/03/09 10:50:54 | 000,000,000 | ---D | M](C:\Users\Ryan N Kelley\Documents\??) -- C:\Users\Ryan N Kelley\Documents\写真
[2010/03/09 10:39:55 | 000,000,000 | ---D | C](C:\Users\Ryan N Kelley\Documents\??) -- C:\Users\Ryan N Kelley\Documents\写真
[2010/03/09 10:15:15 | 000,000,000 | ---D | M](C:\Users\Ryan N Kelley\Documents\????·??3??) -- C:\Users\Ryan N Kelley\Documents\政治経済・教材３学期
[2010/03/09 10:08:11 | 000,000,000 | ---D | C](C:\Users\Ryan N Kelley\Documents\????·??3??) -- C:\Users\Ryan N Kelley\Documents\政治経済・教材３学期
[2010/03/08 14:22:58 | 000,027,169 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\????????????·?????.odt) -- C:\Users\Ryan N Kelley\Documents\デフレ地獄脱出への処方箋・予習シート.odt
[2010/03/04 10:12:44 | 000,027,169 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\????????????·?????.odt) -- C:\Users\Ryan N Kelley\Documents\デフレ地獄脱出への処方箋・予習シート.odt
[2010/03/02 12:39:25 | 126,318,468 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\???????.wmv) -- C:\Users\Ryan N Kelley\Documents\マネーゲーム②.wmv
[2010/02/26 12:58:42 | 076,170,946 | ---- | C] ()(C:\Users\Ryan N Kelley\Documents\???????.wmv) -- C:\Users\Ryan N Kelley\Documents\マネーゲーム①.wmv
[2010/02/23 23:29:41 | 000,000,000 | -HSD | M](C:\Users\Ryan N Kelley\???? ????) -- C:\Users\Ryan N Kelley\スタート メニュー
[2010/02/23 23:27:39 | 000,000,000 | -HSD | M](C:\ProgramData\??????) -- C:\ProgramData\デスクトップ
[2010/02/23 23:27:39 | 000,000,000 | -HSD | M](C:\ProgramData\???? ????) -- C:\ProgramData\スタート メニュー
[2010/01/20 00:50:10 | 000,000,020 | ---- | M] ()(C:\Windows\??) -- C:\Windows\ｨ
[2010/01/20 00:50:10 | 000,000,020 | ---- | C] ()(C:\Windows\??) -- C:\Windows\ｨ
[2007/12/17 15:47:42 | 126,318,468 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\???????.wmv) -- C:\Users\Ryan N Kelley\Documents\マネーゲーム②.wmv
[2007/12/17 14:55:03 | 076,170,946 | ---- | M] ()(C:\Users\Ryan N Kelley\Documents\???????.wmv) -- C:\Users\Ryan N Kelley\Documents\マネーゲーム①.wmv
(C:\Users\Ryan N Kelley\???? ????) -- C:\Users\Ryan N Kelley\スタート メニュー
(C:\ProgramData\??????) -- C:\ProgramData\デスクトップ
(C:\ProgramData\???? ????) -- C:\ProgramData\スタート メニュー

< End of report >

5. Computer seems to be running better, but browser (chrome) is still slow.

5. An update on how your computer is currently running.

[SweetTech]

Hello,

OTL Fix

We need to run an OTL Fix

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox. Do not include the word "Code"
  
  

  :Services
  :OTL
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
  :Files
  C:\Users\Ryan N Kelley\Downloads\Rosetta Stone 3.4.5 incl crack win-mac\
  :Commands
  [purity]
  [emptytemp]
  [EMPTYFLASH]
  [start explorer]
  [Reboot]

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click .
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

[masterisosceles]

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== FILES ==========
C:\Users\Ryan N Kelley\Downloads\Rosetta Stone 3.4.5 incl crack win-mac\Crack\win folder moved successfully.
C:\Users\Ryan N Kelley\Downloads\Rosetta Stone 3.4.5 incl crack win-mac\Crack folder moved successfully.
C:\Users\Ryan N Kelley\Downloads\Rosetta Stone 3.4.5 incl crack win-mac folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Ryan N Kelley
->Temp folder emptied: 1715 bytes
->Temporary Internet Files folder emptied: 19403267 bytes
->Java cache emptied: 12368693 bytes
->FireFox cache emptied: 58371868 bytes
->Google Chrome cache emptied: 186588271 bytes
->Flash cache emptied: 94651 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31108 bytes
RecycleBin emptied: 965958344 bytes

Total Files Cleaned = 1,185.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Ryan N Kelley
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.5.0 log created on 05262010_045433

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[SweetTech]

Hello,

If you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



NEXT:



Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Clean-Up
Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.



NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===

Below I have included a number of recommendations for how to protect your computer against malware infections.

• It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
  Strong passwords: How to create and use them then consider a password keeper, to keep all your passwords safe.
  
• Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
  
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  
• Make Internet Explorer more secure
  
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
• ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
• WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
  WOT has an addon available for both Firefox and IE
• Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here
  
  • If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
    
    • NoScript - for blocking ads and other potential website attacks
• Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  
• In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
  Think Prevention.
  PC Safety and Security--What Do I Need?.

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

[masterisosceles]

SweetTech,

I have completed all of the steps, and my computer is running fine.

Thanks again.

[SweetTech]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.