deocder Posted December 27, 2009 Report Share Posted December 27, 2009 I'm working on this computer and can't seem to get anywhere....Here is the HijackThis log. See anything?_________________________________________________________Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:26:37 PM, on 12/26/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\IPSSVC.EXEC:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeC:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\Program Files\LENOVO\HOTKEY\FNF5SVC.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Max Spyware Detector\MaxWatchDogService.exeC:\Program Files\Max Spyware Detector\MaxActMon.exeC:\Program Files\Lenovo\PM Driver\PMSveH.exeC:\WINDOWS\system32\PSIService.exeC:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exeC:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exeC:\Program Files\Lenovo\Rescue and Recovery\rrservice.exec:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exeC:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exeC:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exec:\program files\lenovo\system update\suservice.exeC:\Program Files\Common Files\Lenovo\Logger\logmon.exeC:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exeC:\Program Files\Lenovo\HOTKEY\TpWAudAp.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\system32\WLTRAY.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Lenovo\AwayTask\AwaySch.EXEC:\Program Files\ThinkVantage\AMSG\Amsg.exeC:\Program Files\ThinkPad\ConnectUtilities\ACTray.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exeC:\Program Files\Lenovo\Client Security Solution\cssauth.exeC:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exeC:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exeC:\Program Files\Max Spyware Detector\MaxSDTray.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exeC:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeC:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exec:\program files\common files\installshield\updateservice\isuspm.exeC:\Program Files\McAfee Security Scan\1.0.150\McUICnt.exeC:\WINDOWS\system32\cidaemon.exeC:\Program Files\Common Files\InstallShield\UpdateService\agent.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exeE:\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO4 - HKLM\..\Run: [PMHandler] C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /rO4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exeO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exeO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exeO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXEO4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startupO4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exeO4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exeO4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silentO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"O4 - HKLM\..\Run: [RCAutoLiveUpdate] C:\Program Files\Max Registry Cleaner\MaxLURC.exe -AUTOO4 - HKLM\..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exeO4 - HKLM\..\Run: [sDActiveMonitor] C:\Program Files\Max Spyware Detector\MaxSDTray.exe "-AUTO"O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentO4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-21-177391176-3013064915-1126896040-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Susan Plesset')O4 - HKUS\S-1-5-21-177391176-3013064915-1126896040-1008\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Susan Plesset')O4 - HKUS\S-1-5-21-177391176-3013064915-1126896040-500\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Administrator')O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')O4 - Global Startup: McAfee Security Scan.lnk = ?O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeO8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.htmlO9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dllO9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dllO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dllO18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeO23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exeO23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeO23 - Service: Fingerprint Server (FingerprintServer) - Unknown owner - C:\WINDOWS\system32\FpLogonServ.exe (file missing)O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXEO23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeO23 - Service: MaxWatchDogService - Max Secure Software - C:\Program Files\Max Spyware Detector\MaxWatchDogService.exeO23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exeO23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exeO23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exeO23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exeO23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeO23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exeO23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exeO23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exeO23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exeO23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exeO23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exeO23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE--End of file - 13899 bytes Quote Link to post Share on other sites
schrauber Posted December 27, 2009 Report Share Posted December 27, 2009 Hello, deocderWelcome to the BestTechie Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Please set your system to show all files.Click Start, open My Computer, select the Tools menu and click Folder Options.Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.Uncheck: Hide file extensions for known file typesUncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Please download OTL from one of the following mirrors:This is THE Mirror[*]Save it to your desktop.[*]Double click on the icon on your desktop.[*]Under the Custom Scan box paste this innetsvcs%SYSTEMDRIVE%\*.exe/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sys/md5stop%systemroot%\*. /mp /sCREATERESTOREPOINT[*]Push the Quick Scan button.[*]Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimized Quote Link to post Share on other sites
deocder Posted December 27, 2009 Author Report Share Posted December 27, 2009 Awesome! Thank you Tom. Here are the log's from the scan:OTL logfile created on: 12/27/2009 9:59:53 AM - Run 1OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Jay Plesset\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.11)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1,014.00 Mb Total Physical Memory | 238.00 Mb Available Physical Memory | 23.00% Memory free2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File freePaging file location(s): C:\pagefile.sys 1524 3048 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 105.81 Gb Total Space | 64.69 Gb Free Space | 61.14% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: SUES_LAPTOPCurrent User Name: Jay PlessetLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OnSkip Microsoft Files: OnFile Age = 14 DaysOutput = StandardQuick Scan========== Processes (SafeList) ==========PRC - [2009/12/27 09:59:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay Plesset\Desktop\OTL.exePRC - [2009/11/24 18:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exePRC - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exePRC - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exePRC - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exePRC - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exePRC - [2009/10/28 01:54:16 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exePRC - [2009/04/24 14:05:42 | 00,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exePRC - [2009/04/23 17:49:56 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exePRC - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exePRC - [2008/10/20 10:36:40 | 00,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exePRC - [2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exePRC - [2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exePRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2008/03/04 10:34:20 | 00,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exePRC - [2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exePRC - [2008/01/20 08:05:35 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exePRC - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exePRC - [2007/08/10 02:21:56 | 16,384,000 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exePRC - [2007/08/03 19:42:08 | 00,927,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exePRC - [2007/08/03 19:35:38 | 02,630,968 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exePRC - [2007/08/03 19:10:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exePRC - [2007/07/05 18:05:04 | 00,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exePRC - [2007/07/05 18:04:18 | 00,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exePRC - [2007/07/05 18:03:32 | 00,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exePRC - [2007/04/09 13:03:00 | 00,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exePRC - [2007/04/08 20:24:32 | 00,054,832 | ---- | M] (Lenovo.) -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exePRC - [2007/03/23 02:32:42 | 00,138,008 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exePRC - [2007/03/23 02:32:40 | 00,252,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exePRC - [2007/03/23 02:32:36 | 00,138,008 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exePRC - [2007/03/23 02:32:24 | 00,162,584 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exePRC - [2007/03/16 08:26:22 | 00,057,344 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMSveH.exePRC - [2007/03/16 08:26:18 | 00,031,840 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMHandler.exePRC - [2007/02/10 08:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exePRC - [2007/02/08 16:11:32 | 00,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exePRC - [2007/02/08 16:09:58 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exePRC - [2007/02/08 16:00:06 | 00,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exePRC - [2007/01/29 22:01:26 | 00,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXEPRC - [2007/01/04 22:48:52 | 00,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exePRC - [2006/11/07 05:51:20 | 00,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXEPRC - [2006/11/02 23:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exePRC - [2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exePRC - [2006/10/12 02:28:56 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXEPRC - [2006/10/12 02:28:48 | 01,282,048 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\WLTRAY.EXEPRC - [2006/10/12 02:28:48 | 01,134,592 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\BCMWLTRY.EXEPRC - [2006/09/06 02:38:44 | 00,054,824 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exePRC - [2006/08/30 02:40:04 | 00,089,542 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exePRC - [2006/05/24 00:08:06 | 00,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exePRC - [2006/05/19 00:51:16 | 00,774,233 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exePRC - [2006/05/18 19:24:06 | 00,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exePRC - [2005/11/10 16:03:52 | 00,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exePRC - [2004/08/04 07:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exePRC - [2004/07/27 19:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\Installshield\UpdateService\issch.exe========== Modules (SafeList) ==========MOD - [2009/12/27 09:59:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay Plesset\Desktop\OTL.exeMOD - [2008/04/13 19:12:10 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dllMOD - [2008/04/13 19:12:09 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dllMOD - [2008/04/13 12:37:57 | 00,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dllMOD - [2007/08/03 19:42:18 | 00,660,792 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dllMOD - [2007/08/03 19:42:16 | 00,738,616 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_keyboard_hook.dllMOD - [2007/08/03 19:42:10 | 02,094,392 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvt_passwordmanager.dllMOD - [2007/08/03 19:28:10 | 01,324,344 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_dlgcustompolicy.dllMOD - [2007/08/03 19:28:06 | 00,714,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_banner.dllMOD - [2007/08/03 19:28:02 | 05,174,584 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_lenovo_res.dllMOD - [2007/08/03 19:27:46 | 01,910,072 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\csswait.dllMOD - [2007/08/03 19:27:42 | 00,800,056 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\cssuserdatadispatcher.dllMOD - [2007/08/03 19:19:10 | 00,664,888 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\tcsrpc.dllMOD - [2007/08/03 19:19:06 | 00,386,360 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\tvttsp.dllMOD - [2007/08/03 19:09:58 | 00,066,872 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_lenovo_res2.dll========== Win32 Services (SafeList) ==========SRV - File not found [On_Demand | Stopped] -- -- (FingerprintServer)SRV - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)SRV - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)SRV - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)SRV - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)SRV - [2009/04/30 13:23:41 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)SRV - [2009/04/23 17:49:56 | 00,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)SRV - [2008/10/20 10:36:40 | 00,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)SRV - [2008/05/21 16:25:30 | 00,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)SRV - [2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)SRV - [2008/04/13 19:12:02 | 00,065,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\nwwks.dll -- (NWCWorkstation)SRV - [2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)SRV - [2008/02/26 21:08:50 | 29,183,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)SRV - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)SRV - [2007/08/03 19:10:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)SRV - [2007/07/05 18:05:04 | 00,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)SRV - [2007/07/05 18:03:32 | 00,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)SRV - [2007/05/24 07:08:44 | 00,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)SRV - [2007/04/08 20:24:32 | 00,054,832 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe -- (FNF5SVC)SRV - [2007/03/16 08:26:22 | 00,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe -- (PMSveH)SRV - [2007/02/10 08:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)SRV - [2007/02/08 16:11:32 | 00,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)SRV - [2007/02/08 16:09:58 | 00,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)SRV - [2007/01/29 22:01:26 | 00,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)SRV - [2007/01/04 22:48:52 | 00,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)SRV - [2006/11/02 23:40:12 | 00,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)SRV - [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)SRV - [2006/10/12 02:28:56 | 00,020,480 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)SRV - [2006/05/24 00:08:06 | 00,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)SRV - [2005/11/14 04:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)SRV - [2005/10/14 06:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/3000notebook [binary data]IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Broadcom Corporation)O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)O4 - HKLM..\Run: [PMHandler] C:\Program Files\Lenovo\PM Driver\PMHandler.exe (Lenovo)O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)O4 - HKLM..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe ()O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab (IASRunner Class)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)O20 - Winlogon\Notify\SDNotify: DllName - C:\Program Files\Max Spyware Detector\SDNotify.dll - C:\Program Files\Max Spyware Detector\SDNotify.dll File not foundO30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2006/04/30 02:13:35 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - comfile [open] -- "%1" %*O35 - exefile [open] -- "%1" %*NetSvcs: 6to4 - File not foundNetSvcs: Ias - C:\WINDOWS\system32\ias [2007/11/27 22:30:07 | 00,000,000 | ---D | M]NetSvcs: Iprip - File not foundNetSvcs: Irmon - File not foundNetSvcs: NWCWorkstation - C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation)NetSvcs: Nwsapagent - File not foundNetSvcs: WmdmPmSp - File not foundCREATERESTOREPOINTRestore point Set: OTL Restore Point (16891947461378048)========== Files/Folders - Created Within 14 Days ==========[2009/12/27 09:59:03 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jay Plesset\Desktop\OTL.exe[2009/12/27 09:49:40 | 00,000,000 | ---D | C] -- C:\7aa02f0085259727dc4c8a[2009/12/27 00:03:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\SQL9_KB970895_ENU[2009/12/26 21:57:28 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys[2009/12/26 21:57:28 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys[2009/12/26 21:57:28 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys[2009/12/26 21:57:27 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr[2009/12/26 21:57:26 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys[2009/12/26 21:57:26 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys[2009/12/26 21:57:26 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys[2009/12/26 21:57:26 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys[2009/12/26 21:57:11 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe[2009/12/26 21:57:08 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software[2009/12/26 21:05:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jay Plesset\Application Data\Malwarebytes[2009/12/26 21:05:38 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2009/12/26 21:05:36 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2009/12/26 21:05:36 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2009/12/26 21:05:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes[2009/09/02 17:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intuit[2009/07/22 00:02:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft[2009/02/27 14:19:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit[2009/02/14 06:53:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth[2008/12/15 21:07:41 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft[2008/12/15 21:07:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft[2008/11/25 20:59:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe[2007/12/15 03:10:42 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]========== Files - Modified Within 14 Days ==========[2009/12/27 09:59:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay Plesset\Desktop\OTL.exe[2009/12/27 09:46:12 | 00,591,718 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2009/12/27 09:46:12 | 00,491,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2009/12/27 09:46:12 | 00,089,982 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2009/12/27 09:42:41 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2009/12/27 09:41:34 | 00,025,269 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI[2009/12/27 09:41:22 | 00,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI[2009/12/27 09:41:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2009/12/27 09:41:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2009/12/27 09:41:08 | 10,637,02528 | -HS- | M] () -- C:\hiberfil.sys[2009/12/27 00:28:26 | 02,883,584 | ---- | M] () -- C:\Documents and Settings\Jay Plesset\NTUSER.DAT[2009/12/27 00:28:09 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Jay Plesset\ntuser.ini[2009/12/27 00:06:15 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job[2009/12/26 21:57:28 | 00,001,716 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk[2009/12/26 21:57:26 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT[2009/12/26 20:59:42 | 00,000,123 | ---- | M] () -- C:\WINDOWS\System\SysRegC.dll[2009/12/22 04:58:11 | 00,000,123 | ---- | M] () -- C:\WINDOWS\System\SysSD.dll[2009/12/21 19:39:06 | 00,011,738 | ---- | M] () -- C:\Documents and Settings\Jay Plesset\My Documents\Wines WE LIKE.docx[2009/12/18 09:17:05 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Jay Plesset\Desktop\Microsoft Office Excel 2007.lnk[2009/12/13 22:57:54 | 30,568,448 | R--- | M] () -- C:\Jay H Plesset DDS PA.qbw[2009/12/13 22:57:54 | 00,196,608 | R--- | M] () -- C:\Jay H Plesset DDS PA.qbw.TLG[2009/12/13 22:57:54 | 00,000,330 | ---- | M] () -- C:\Jay H Plesset DDS PA.qbw.ND[2009/12/13 22:39:21 | 23,572,480 | ---- | M] () -- C:\Jay H Plesset DDS PA (Backup Dec 13,2009 10 38 PM).QBB[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]========== Files Created - No Company Name ==========[2009/12/26 21:57:28 | 00,001,716 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk[2009/12/26 21:57:11 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx[2009/12/13 22:47:12 | 00,196,608 | R--- | C] () -- C:\Jay H Plesset DDS PA.qbw.TLG[2009/12/13 22:39:13 | 23,572,480 | ---- | C] () -- C:\Jay H Plesset DDS PA (Backup Dec 13,2009 10 38 PM).QBB[2008/04/23 21:40:33 | 00,003,140 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys[2008/04/23 21:40:33 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\F908CF7746.sys[2007/12/21 13:59:55 | 00,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI[2007/11/27 23:26:04 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini[2007/11/27 23:08:13 | 00,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys[2007/11/27 22:58:05 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll[2007/11/27 22:58:05 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll[2007/11/27 22:58:05 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll[2007/11/27 22:58:05 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll[2007/11/27 22:58:05 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll[2007/11/27 22:58:05 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll[2007/11/27 22:53:03 | 00,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll[2007/11/27 22:53:03 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll[2007/11/27 22:52:51 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll[2007/11/27 22:52:50 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll[2007/11/27 22:51:50 | 00,012,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS[2007/11/27 22:50:25 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll[2007/08/16 05:28:38 | 00,025,269 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI[2007/08/16 05:28:27 | 00,000,380 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI[2007/02/09 14:54:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini[2006/04/30 02:31:51 | 00,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI[2006/04/30 02:22:10 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini========== LOP Check ==========[2007/11/27 23:03:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland[2009/02/27 09:11:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES[2009/05/17 08:24:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo[2007/11/27 23:20:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}[2007/12/30 21:00:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jay Plesset\Application Data\InterVideo[2008/11/22 09:12:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jay Plesset\Application Data\Leadertech[2009/05/17 08:24:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jay Plesset\Application Data\Lenovo[2009/12/12 08:52:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jay Plesset\Application Data\MSNInstaller[2008/08/16 06:50:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jay Plesset\Application Data\Opera[2009/12/27 00:06:15 | 00,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job========== Purity Check ==================== Custom Scans ==========< %SYSTEMDRIVE%\*.exe >< MD5 for: AGP440.SYS >[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys[2004/08/04 01:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys< MD5 for: ATAPI.SYS >[2007/04/03 05:39:42 | 00,096,384 | ---- | M] (Microsoft Corporation) MD5=2218E3FD674DC284CE98C807086CAB14 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys[2007/04/03 05:39:42 | 00,096,384 | ---- | M] (Microsoft Corporation) MD5=2218E3FD674DC284CE98C807086CAB14 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys< MD5 for: EVENTLOG.DLL >[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll[2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll< MD5 for: IASTOR.SYS >[2007/02/11 23:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\drivers\other\iastor.sys[2007/02/11 23:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SWTOOLS\DRIVERS\IMSM\iastor.sys[2007/02/12 12:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys< MD5 for: NETLOGON.DLL >[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll[2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll< MD5 for: SCECLI.DLL >[2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll< %systemroot%\*. /mp /s >< >< End of report >***********************************************************************************************************************************************************OTL Extras logfile created on: 12/27/2009 9:59:53 AM - Run 1OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Jay Plesset\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.11)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1,014.00 Mb Total Physical Memory | 238.00 Mb Available Physical Memory | 23.00% Memory free2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File freePaging file location(s): C:\pagefile.sys 1524 3048 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 105.81 Gb Total Space | 64.69 Gb Free Space | 61.14% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: SUES_LAPTOPCurrent User Name: Jay PlessetLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OnSkip Microsoft Files: OnFile Age = 14 DaysOutput = StandardQuick Scan========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0"AntiVirusOverride" = 0"FirewallOverride" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DoNotAllowExceptions" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"135:TCP" = 135:TCP:*:Enabled:DCOM"135:UDP" = 135:UDP:*:Enabled:DCOM2========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)"C:\Program Files\EagleSoft\Shared Files\esinetconnect.exe" = C:\Program Files\EagleSoft\Shared Files\esinetconnect.exe:*:Enabled:Patterson EagleSoft Internet Connection -- File not found"C:\Program Files\EagleSoft\Shared Files\ESTechUtil.exe" = C:\Program Files\EagleSoft\Shared Files\ESTechUtil.exe:*:Enabled:Patterson EagleSoft Technical Utility -- File not found"C:\Program Files\EagleSoft\Shared Files\EagleSoft.exe" = C:\Program Files\EagleSoft\Shared Files\EagleSoft.exe:*:Enabled:Patterson EagleSoft -- File not found"C:\Program Files\EagleSoft\Shared Files\techaid.exe" = C:\Program Files\EagleSoft\Shared Files\techaid.exe:*:Enabled:Patterson EagleSoft Technical Reference -- File not found"C:\Program Files\EagleSoft\Shared Files\ESMsgServer.exe" = C:\Program Files\EagleSoft\Shared Files\ESMsgServer.exe:*:Enabled:Patterson EagleSoft Messenger Server -- File not found"C:\Program Files\EagleSoft\Shared Files\ESMessenger.exe" = C:\Program Files\EagleSoft\Shared Files\ESMessenger.exe:*:Enabled:Patterson EagleSoft Messenger Client -- File not found"C:\Program Files\EagleSoft\Shared Files\dbsrv7.exe" = C:\Program Files\EagleSoft\Shared Files\dbsrv7.exe:*:Enabled:Patterson EagleSoft ODBC Server -- File not found"C:\Program Files\EagleSoft\Shared Files\dbeng7.exe" = C:\Program Files\EagleSoft\Shared Files\dbeng7.exe:*:Enabled:Patterson EagleSoft ODBC Client -- File not found"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3"{04DB4871-BC1D-44BF-AADB-47326365EB8C}" = Opera 9.27"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)"{2C0CD17D-0B06-4700-83FA-7344B868B0A2}" = Opera 9.63"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer"{578B6EF9-119B-4FB8-8377-7DAFA9588B97}" = Network Magic"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.32"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service"{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{A52A504E-18BE-4821-9A2A-BFB4542DA0BD}" = Lenovo PM Driver"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}" = Pure Networks Platform"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime"{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"avast!" = avast! Antivirus"AwayTask" = Maintenance Manager"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2"Digital Media LE" = Roxio Digital Media LE"EPSON Printer and Utilities" = EPSON Printer Software"HDMI" = Intel® Graphics Media Accelerator Driver"HijackThis" = HijackThis 2.0.2"HOMESTUDENTR" = Microsoft Office Home and Student 2007"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs"InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Microsoft SQL Server 2005" = Microsoft SQL Server 2005"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP"myBabylon_English Toolbar" = myBabylon_English Toolbar"Network MagicUninstall" = Network Magic"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs"OnScreenDisplay" = On Screen Display"PCMCIAPW" = ThinkPad PC Card Power Policy"Picasa2" = Picasa 2"SynTPDeinstKey" = Synaptics Pointing Device Driver"Windows Live Toolbar" = Windows Live Toolbar"Windows Media Format Runtime" = Windows Media Format 11 runtime"Windows Media Player" = Windows Media Player 11"Windows XP Service Pack" = Windows XP Service Pack 3"WMCSetup" = Windows Media Connect"WMFDist11" = Windows Media Format 11 runtime"wmp11" = Windows Media Player 11"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0========== Last 10 Event Log Errors ==========[ Antivirus Events ]Error - 12/27/2009 10:42:33 AM | Computer Name = SUES_LAPTOP | Source = avast! | ID = 33554522Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1008\Preferred failed, 00000005. Error - 12/27/2009 10:42:33 AM | Computer Name = SUES_LAPTOP | Source = avast! | ID = 33554522Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-3801357592-4008900785-3674365008-500\f75676ba-bf34-42ed-995c-8cbe7d07d54e failed, 00000005. Error - 12/27/2009 10:42:33 AM | Computer Name = SUES_LAPTOP | Source = avast! | ID = 33554522Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-3801357592-4008900785-3674365008-500\Preferred failed, 00000005. Error - 12/27/2009 10:42:33 AM | Computer Name = SUES_LAPTOP | Source = avast! | ID = 33554522Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-799280402-3262740209-2941955826-500\ffd098b8-290e-4ed1-9bd6-41d064a3a2cc failed, 00000005. Error - 12/27/2009 10:42:33 AM | Computer Name = SUES_LAPTOP | Source = avast! | ID = 33554522Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-799280402-3262740209-2941955826-500\Preferred failed, 00000005. Error - 12/27/2009 10:42:34 AM | Computer Name = SUES_LAPTOP | Source = avast! | ID = 33554522Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-988936293-1743377944-886619355-500\a63cc348-bc5a-403c-b673-e24ae79c177c failed, 00000005. Error - 12/27/2009 10:42:34 AM | Computer Name = SUES_LAPTOP | Source = avast! | ID = 33554522Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-988936293-1743377944-886619355-500\Preferred failed, 00000005. Error - 12/27/2009 10:42:34 AM | Computer Name = SUES_LAPTOP | Source = avast! | ID = 33554522Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Crypto\RSA\S-1-5-21-177391176-3013064915-1126896040-1008\18f2c9718993975942ed390c377199bd_2a1a5594-44da-454f-bcc3-a8d1236514c1 failed, 00000005. Error - 12/27/2009 10:42:34 AM | Computer Name = SUES_LAPTOP | Source = avast! | ID = 33554522Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Crypto\RSA\S-1-5-21-177391176-3013064915-1126896040-1008\8f71098770f72c7a67cd8f1151619865_2a1a5594-44da-454f-bcc3-a8d1236514c1 failed, 00000005. Error - 12/27/2009 10:42:34 AM | Computer Name = SUES_LAPTOP | Source = avast! | ID = 33554522Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\RRbackups\common\usersids.dat failed, 00000005. [ Application Events ]Error - 12/27/2009 1:07:59 AM | Computer Name = SUES_LAPTOP | Source = MsiInstaller | ID = 10005Description = Product: Microsoft SQL Server 2005 Express Edition -- Error 29503. The SQL Server service failed to start. For more information, see the SQL Server Books Online topics, "How to: View SQL Server 2005 Setup Log Files" and "Starting SQL Server Manually." The error is (3417) .Error - 12/27/2009 1:08:00 AM | Computer Name = SUES_LAPTOP | Source = MsiInstaller | ID = 1023Description = Product: Microsoft SQL Server 2005 Express Edition - Update 'GDR 3080 for SQL Server Database Services 2005 ENU (KB970895)' could not be installed. Error code 1603. Additional information is available in the log file C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\LOG\Hotfix\SQL9_Hotfix_KB970895_sqlrun_sql.msp.log.Error - 12/27/2009 1:13:40 AM | Computer Name = SUES_LAPTOP | Source = MSSQL$MSSMLBIZ | ID = 5118Description = The file "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf" is compressed but does not reside in a read-only database or filegroup. The file must be decompressed.Error - 12/27/2009 1:13:40 AM | Computer Name = SUES_LAPTOP | Source = MSSQL$MSSMLBIZ | ID = 5118Description = The file "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf" is compressed but does not reside in a read-only database or filegroup. The file must be decompressed.Error - 12/27/2009 1:13:40 AM | Computer Name = SUES_LAPTOP | Source = MsiInstaller | ID = 10005Description = Product: Microsoft SQL Server 2005 Express Edition -- Error 29503. The SQL Server service failed to start. For more information, see the SQL Server Books Online topics, "How to: View SQL Server 2005 Setup Log Files" and "Starting SQL Server Manually." The error is (3417) .Error - 12/27/2009 1:13:42 AM | Computer Name = SUES_LAPTOP | Source = MsiInstaller | ID = 1023Description = Product: Microsoft SQL Server 2005 Express Edition - Update 'GDR 3080 for SQL Server Database Services 2005 ENU (KB970895)' could not be installed. Error code 1603. Additional information is available in the log file C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\LOG\Hotfix\SQL9_Hotfix_KB970895_sqlrun_sql.msp.log.Error - 12/27/2009 10:50:34 AM | Computer Name = SUES_LAPTOP | Source = MSSQL$MSSMLBIZ | ID = 5118Description = The file "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf" is compressed but does not reside in a read-only database or filegroup. The file must be decompressed.Error - 12/27/2009 10:50:34 AM | Computer Name = SUES_LAPTOP | Source = MSSQL$MSSMLBIZ | ID = 5118Description = The file "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf" is compressed but does not reside in a read-only database or filegroup. The file must be decompressed.Error - 12/27/2009 10:50:35 AM | Computer Name = SUES_LAPTOP | Source = MsiInstaller | ID = 10005Description = Product: Microsoft SQL Server 2005 Express Edition -- Error 29503. The SQL Server service failed to start. For more information, see the SQL Server Books Online topics, "How to: View SQL Server 2005 Setup Log Files" and "Starting SQL Server Manually." The error is (3417) .Error - 12/27/2009 10:50:36 AM | Computer Name = SUES_LAPTOP | Source = MsiInstaller | ID = 1023Description = Product: Microsoft SQL Server 2005 Express Edition - Update 'GDR 3080 for SQL Server Database Services 2005 ENU (KB970895)' could not be installed. Error code 1603. Additional information is available in the log file C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\LOG\Hotfix\SQL9_Hotfix_KB970895_sqlrun_sql.msp.log.[ System Events ]Error - 11/30/2009 4:03:19 AM | Computer Name = SUES_LAPTOP | Source = Windows Update Agent | ID = 20Description = Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706).Error - 11/30/2009 3:27:00 PM | Computer Name = SUES_LAPTOP | Source = System Error | ID = 1003Description = Error code 1000008e, parameter1 c0000005, parameter2 8061c09a, parameter3 a2ef4be4, parameter4 00000000.Error - 12/1/2009 5:01:25 PM | Computer Name = SUES_LAPTOP | Source = Disk | ID = 262155Description = The driver detected a controller error on \Device\Harddisk1\D.Error - 12/1/2009 5:01:25 PM | Computer Name = SUES_LAPTOP | Source = Dhcp | ID = 1000Description = Your computer has lost the lease to its IP address 192.168.1.100 on the Network Card with network address 001E4C5B8328.Error - 12/1/2009 5:10:20 PM | Computer Name = SUES_LAPTOP | Source = Windows Update Agent | ID = 20Description = Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706).Error - 12/1/2009 9:42:50 PM | Computer Name = SUES_LAPTOP | Source = Disk | ID = 262155Description = The driver detected a controller error on \Device\Harddisk1\D.Error - 12/1/2009 11:09:59 PM | Computer Name = SUES_LAPTOP | Source = Disk | ID = 262155Description = The driver detected a controller error on \Device\Harddisk1\D.Error - 12/2/2009 8:14:29 AM | Computer Name = SUES_LAPTOP | Source = System Error | ID = 1003Description = Error code 000000c2, parameter1 00000040, parameter2 00000000, parameter3 80000000, parameter4 00000000.Error - 12/2/2009 1:18:31 PM | Computer Name = SUES_LAPTOP | Source = iaStor | ID = 262153Description = The device, \Device\Ide\iaStor0, did not respond within the timeout period.Error - 12/2/2009 1:19:06 PM | Computer Name = SUES_LAPTOP | Source = iaStor | ID = 262153Description = The device, \Device\Ide\iaStor0, did not respond within the timeout period.< End of report > Quote Link to post Share on other sites
schrauber Posted December 28, 2009 Report Share Posted December 28, 2009 Hi,Please download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done. Quote Link to post Share on other sites
deocder Posted December 28, 2009 Author Report Share Posted December 28, 2009 Thanks again Tom,I have tried to run the scan you have instructed me to do. After pressing the scan button, during the scan, the computer flashed a blue screen and immediaty rebooted. This has happend twice during the scan. I am unable to read the blue screen as it flashes very quickly before rebooting. I will continue to try to get the scan to complete. Quote Link to post Share on other sites
deocder Posted December 29, 2009 Author Report Share Posted December 29, 2009 I finally got the scan to complete! Here is the log:GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2009-12-29 01:31:01Windows 5.1.2600 Service Pack 3Running: 9m087noy.exe; Driver: C:\DOCUME~1\JAYPLE~1\LOCALS~1\Temp\uxriypoc.sys---- System - GMER 1.0.15 ----SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0x9DE1A6B8]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0x9DE1A574]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0x9DE1AA52]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0x9DE1A14C]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0x9DE1A64E]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0x9DE1A08C]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0x9DE1A0F0]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0x9DE1A76E]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0x9DE1A72E]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0x9DE1A8AE]---- User IAT/EAT - GMER 1.0.15 ----IAT C:\WINDOWS\system32\services.exe[1148] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002IAT C:\WINDOWS\system32\services.exe[1148] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000---- Devices - GMER 1.0.15 ----AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)Device \FileSystem\Fastfat \Fat 9C62ED20AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)---- Files - GMER 1.0.15 ----File C:\RRbackups\C 0 bytesFile C:\RRbackups\C\0 0 bytesFile C:\RRbackups\C\0\Data116 50003968 bytesFile C:\RRbackups\C\0\Data27 50003968 bytesFile C:\RRbackups\C\0\Data46 50003968 bytesFile C:\RRbackups\C\0\Data65 50003968 bytesFile C:\RRbackups\C\0\Data84 50003968 bytesFile C:\RRbackups\C\0\Data0 50003968 bytesFile C:\RRbackups\C\0\Data1 50003968 bytesFile C:\RRbackups\C\0\Data10 50003968 bytesFile C:\RRbackups\C\0\Data100 50003968 bytesFile C:\RRbackups\C\0\Data101 50003968 bytesFile C:\RRbackups\C\0\Data102 50003968 bytesFile C:\RRbackups\C\0\Data103 50003968 bytesFile C:\RRbackups\C\0\Data104 50003968 bytesFile C:\RRbackups\C\0\Data105 50003968 bytesFile C:\RRbackups\C\0\Data106 50003968 bytesFile C:\RRbackups\C\0\Data107 50003968 bytesFile C:\RRbackups\C\0\Data108 50003968 bytesFile C:\RRbackups\C\0\Data109 50003968 bytesFile C:\RRbackups\C\0\Data11 50003968 bytesFile C:\RRbackups\C\0\Data110 50003968 bytesFile C:\RRbackups\C\0\Data111 50003968 bytesFile C:\RRbackups\C\0\Data112 50003968 bytesFile C:\RRbackups\C\0\Data113 50003968 bytesFile C:\RRbackups\C\0\Data114 50003968 bytesFile C:\RRbackups\C\0\Data115 50003968 bytesFile C:\RRbackups\C\0\Data28 50003968 bytesFile C:\RRbackups\C\0\Data29 50003968 bytesFile C:\RRbackups\C\0\Data3 50003968 bytesFile C:\RRbackups\C\0\Data30 50003968 bytesFile C:\RRbackups\C\0\Data31 50003968 bytesFile C:\RRbackups\C\0\Data32 50003968 bytesFile C:\RRbackups\C\0\Data33 50003968 bytesFile C:\RRbackups\C\0\Data34 50003968 bytesFile C:\RRbackups\C\0\Data35 50003968 bytesFile C:\RRbackups\C\0\Data36 50003968 bytesFile C:\RRbackups\C\0\Data37 50003968 bytesFile C:\RRbackups\C\0\Data38 50003968 bytesFile C:\RRbackups\C\0\Data39 50003968 bytesFile C:\RRbackups\C\0\Data4 50003968 bytesFile C:\RRbackups\C\0\Data40 50003968 bytesFile C:\RRbackups\C\0\Data41 50003968 bytesFile C:\RRbackups\C\0\Data42 50003968 bytesFile C:\RRbackups\C\0\Data43 50003968 bytesFile C:\RRbackups\C\0\Data44 50003968 bytesFile C:\RRbackups\C\0\Data45 50003968 bytesFile C:\RRbackups\C\0\Data47 50003968 bytesFile C:\RRbackups\C\0\Data48 50003968 bytesFile C:\RRbackups\C\0\Data49 50003968 bytesFile C:\RRbackups\C\0\Data5 50003968 bytesFile C:\RRbackups\C\0\Data50 50003968 bytesFile C:\RRbackups\C\0\Data51 50003968 bytesFile C:\RRbackups\C\0\Data52 50003968 bytesFile C:\RRbackups\C\0\Data53 50003968 bytesFile C:\RRbackups\C\0\Data54 50003968 bytesFile C:\RRbackups\C\0\Data55 50003968 bytesFile C:\RRbackups\C\0\Data56 50003968 bytesFile C:\RRbackups\C\0\Data57 50003968 bytesFile C:\RRbackups\C\0\Data58 50003968 bytesFile C:\RRbackups\C\0\Data59 50003968 bytesFile C:\RRbackups\C\0\Data6 50003968 bytesFile C:\RRbackups\C\0\Data60 50003968 bytesFile C:\RRbackups\C\0\Data61 50003968 bytesFile C:\RRbackups\C\0\Data62 50003968 bytesFile C:\RRbackups\C\0\Data63 50003968 bytesFile C:\RRbackups\C\0\Data64 50003968 bytesFile C:\RRbackups\C\0\Data66 50003968 bytesFile C:\RRbackups\C\0\Data67 50003968 bytesFile C:\RRbackups\C\0\Data68 50003968 bytesFile C:\RRbackups\C\0\Data69 50003968 bytesFile C:\RRbackups\C\0\Data7 50003968 bytesFile C:\RRbackups\C\0\Data70 50003968 bytesFile C:\RRbackups\C\0\Data71 50003968 bytesFile C:\RRbackups\C\0\Data72 50003968 bytesFile C:\RRbackups\C\0\Data73 50003968 bytesFile C:\RRbackups\C\0\Data74 50003968 bytesFile C:\RRbackups\C\0\Data75 50003968 bytesFile C:\RRbackups\C\0\Data76 50003968 bytesFile C:\RRbackups\C\0\Data77 50003968 bytesFile C:\RRbackups\C\0\Data78 50003968 bytesFile C:\RRbackups\C\0\Data79 50003968 bytesFile C:\RRbackups\C\0\Data8 50003968 bytesFile C:\RRbackups\C\0\Data80 50003968 bytesFile C:\RRbackups\C\0\Data81 50003968 bytesFile C:\RRbackups\C\0\Data82 50003968 bytesFile C:\RRbackups\C\0\Data83 50003968 bytesFile C:\RRbackups\C\0\Data117 50003968 bytesFile C:\RRbackups\C\0\Data118 50003968 bytesFile C:\RRbackups\C\0\Data119 50003968 bytesFile C:\RRbackups\C\0\Data12 50003968 bytesFile C:\RRbackups\C\0\Data120 50003968 bytesFile C:\RRbackups\C\0\Data121 50003968 bytesFile C:\RRbackups\C\0\Data122 50003968 bytesFile C:\RRbackups\C\0\Data123 50003968 bytesFile C:\RRbackups\C\0\Data124 50003968 bytesFile C:\RRbackups\C\0\Data125 50003968 bytesFile C:\RRbackups\C\0\Data126 50003968 bytesFile C:\RRbackups\C\0\Data127 7510283 bytesFile C:\RRbackups\C\0\Data13 50003968 bytesFile C:\RRbackups\C\0\Data14 50003968 bytesFile C:\RRbackups\C\0\Data15 50003968 bytesFile C:\RRbackups\C\0\Data16 50003968 bytesFile C:\RRbackups\C\0\Data17 50003968 bytesFile C:\RRbackups\C\0\Data18 50003968 bytesFile C:\RRbackups\C\0\Data19 50003968 bytesFile C:\RRbackups\C\0\Data2 50003968 bytesFile C:\RRbackups\C\0\Data20 50003968 bytesFile C:\RRbackups\C\0\Data21 50003968 bytesFile C:\RRbackups\C\0\Data22 50003968 bytesFile C:\RRbackups\C\0\Data23 50003968 bytesFile C:\RRbackups\C\0\Data24 50003968 bytesFile C:\RRbackups\C\0\Data25 50003968 bytesFile C:\RRbackups\C\0\Data26 50003968 bytesFile C:\RRbackups\C\0\Data85 50003968 bytesFile C:\RRbackups\C\0\Data86 50003968 bytesFile C:\RRbackups\C\0\Data87 50003968 bytesFile C:\RRbackups\C\0\Data88 50003968 bytesFile C:\RRbackups\C\0\Data89 50003968 bytesFile C:\RRbackups\C\0\Data9 50003968 bytesFile C:\RRbackups\C\0\Data90 50003968 bytesFile C:\RRbackups\C\0\Data91 50003968 bytesFile C:\RRbackups\C\0\Data92 50003968 bytesFile C:\RRbackups\C\0\Data93 50003968 bytesFile C:\RRbackups\C\0\Data94 50003968 bytesFile C:\RRbackups\C\0\Data95 50003968 bytesFile C:\RRbackups\C\0\Data96 50003968 bytesFile C:\RRbackups\C\0\Data97 50003968 bytesFile C:\RRbackups\C\0\Data98 50003968 bytesFile C:\RRbackups\C\0\Data99 50003968 bytesFile C:\RRbackups\C\0\dats 0 bytesFile C:\RRbackups\C\0\EFSFile 0 bytesFile C:\RRbackups\C\0\HashFile 362082 bytesFile C:\RRbackups\C\0\Info 756 bytesFile C:\RRbackups\C\0\TOCFile 36811670 bytesFile C:\RRbackups\C\1 0 bytesFile C:\RRbackups\C\1\Data0 50003968 bytesFile C:\RRbackups\C\1\Data1 50003968 bytesFile C:\RRbackups\C\1\Data10 50003968 bytesFile C:\RRbackups\C\1\Data100 50003968 bytesFile C:\RRbackups\C\1\Data101 50003968 bytesFile C:\RRbackups\C\1\Data102 50003968 bytesFile C:\RRbackups\C\1\Data103 50003968 bytesFile C:\RRbackups\C\1\Data104 50003968 bytesFile C:\RRbackups\C\1\Data105 50003968 bytesFile C:\RRbackups\C\1\Data106 50003968 bytesFile C:\RRbackups\C\1\Data107 50003968 bytesFile C:\RRbackups\C\1\Data108 50003968 bytesFile C:\RRbackups\C\1\Data109 50003968 bytesFile C:\RRbackups\C\1\Data11 50003968 bytesFile C:\RRbackups\C\1\Data110 50003968 bytesFile C:\RRbackups\C\1\Data111 50003968 bytesFile C:\RRbackups\C\1\Data112 50003968 bytesFile C:\RRbackups\C\1\Data113 50003968 bytesFile C:\RRbackups\C\1\Data114 50003968 bytesFile C:\RRbackups\C\1\Data115 50003968 bytesFile C:\RRbackups\C\1\Data28 50003968 bytesFile C:\RRbackups\C\1\Data29 50003968 bytesFile C:\RRbackups\C\1\Data3 50003968 bytesFile C:\RRbackups\C\1\Data30 50003968 bytesFile C:\RRbackups\C\1\Data31 50003968 bytesFile C:\RRbackups\C\1\Data32 50003968 bytesFile C:\RRbackups\C\1\Data33 50003968 bytesFile C:\RRbackups\C\1\Data34 50003968 bytesFile C:\RRbackups\C\1\Data35 50003968 bytesFile C:\RRbackups\C\1\Data36 50003968 bytesFile C:\RRbackups\C\1\Data37 50003968 bytesFile C:\RRbackups\C\1\Data38 50003968 bytesFile C:\RRbackups\C\1\Data39 50003968 bytesFile C:\RRbackups\C\1\Data4 50003968 bytesFile C:\RRbackups\C\1\Data40 50003968 bytesFile C:\RRbackups\C\1\Data41 50003968 bytesFile C:\RRbackups\C\1\Data42 50003968 bytesFile C:\RRbackups\C\1\Data43 50003968 bytesFile C:\RRbackups\C\1\Data44 50003968 bytesFile C:\RRbackups\C\1\Data45 50003968 bytesFile C:\RRbackups\C\1\Data47 50003968 bytesFile C:\RRbackups\C\1\Data48 50003968 bytesFile C:\RRbackups\C\1\Data49 50003968 bytesFile C:\RRbackups\C\1\Data5 50003968 bytesFile C:\RRbackups\C\1\Data50 50003968 bytesFile C:\RRbackups\C\1\Data51 50003968 bytesFile C:\RRbackups\C\1\Data52 50003968 bytesFile C:\RRbackups\C\1\Data53 50003968 bytesFile C:\RRbackups\C\1\Data54 50003968 bytesFile C:\RRbackups\C\1\Data55 50003968 bytesFile C:\RRbackups\C\1\Data56 50003968 bytesFile C:\RRbackups\C\1\Data57 50003968 bytesFile C:\RRbackups\C\1\Data58 50003968 bytesFile C:\RRbackups\C\1\Data59 50003968 bytesFile C:\RRbackups\C\1\Data6 50003968 bytesFile C:\RRbackups\C\1\Data60 50003968 bytesFile C:\RRbackups\C\1\Data61 50003968 bytesFile C:\RRbackups\C\1\Data62 50003968 bytesFile C:\RRbackups\C\1\Data63 50003968 bytesFile C:\RRbackups\C\1\Data64 50003968 bytesFile C:\RRbackups\C\1\Data66 50003968 bytesFile C:\RRbackups\C\1\Data67 50003968 bytesFile C:\RRbackups\C\1\Data68 50003968 bytesFile C:\RRbackups\C\1\Data69 50003968 bytesFile C:\RRbackups\C\1\Data7 50003968 bytesFile C:\RRbackups\C\1\Data70 50003968 bytesFile C:\RRbackups\C\1\Data71 50003968 bytesFile C:\RRbackups\C\1\Data72 50003968 bytesFile C:\RRbackups\C\1\Data73 50003968 bytesFile C:\RRbackups\C\1\Data74 50003968 bytesFile C:\RRbackups\C\1\Data75 50003968 bytesFile C:\RRbackups\C\1\Data76 50003968 bytesFile C:\RRbackups\C\1\Data77 50003968 bytesFile C:\RRbackups\C\1\Data78 50003968 bytesFile C:\RRbackups\C\1\Data79 50003968 bytesFile C:\RRbackups\C\1\Data8 50003968 bytesFile C:\RRbackups\C\1\Data80 50003968 bytesFile C:\RRbackups\C\1\Data81 50003968 bytesFile C:\RRbackups\C\1\Data82 50003968 bytesFile C:\RRbackups\C\1\Data83 50003968 bytesFile C:\RRbackups\C\1\Data117 50003968 bytesFile C:\RRbackups\C\1\Data118 50003968 bytesFile C:\RRbackups\C\1\Data119 50003968 bytesFile C:\RRbackups\C\1\Data12 50003968 bytesFile C:\RRbackups\C\1\Data120 50003968 bytesFile C:\RRbackups\C\1\Data121 50003968 bytesFile C:\RRbackups\C\1\Data122 50003968 bytesFile C:\RRbackups\C\1\Data123 50003968 bytesFile C:\RRbackups\C\1\Data124 50003968 bytesFile C:\RRbackups\C\1\Data125 50003968 bytesFile C:\RRbackups\C\1\Data126 50003968 bytesFile C:\RRbackups\C\1\Data127 50003968 bytesFile C:\RRbackups\C\1\Data128 50003968 bytesFile C:\RRbackups\C\1\Data129 50003968 bytesFile C:\RRbackups\C\1\Data13 50003968 bytesFile C:\RRbackups\C\1\Data130 50003968 bytesFile C:\RRbackups\C\1\Data131 50003968 bytesFile C:\RRbackups\C\1\Data132 50003968 bytesFile C:\RRbackups\C\1\Data133 50003968 bytesFile C:\RRbackups\C\1\Data134 50003968 bytesFile C:\RRbackups\C\1\Data136 50003968 bytesFile C:\RRbackups\C\1\Data137 50003968 bytesFile C:\RRbackups\C\1\Data138 50003968 bytesFile C:\RRbackups\C\1\Data139 50003968 bytesFile C:\RRbackups\C\1\Data14 50003968 bytesFile C:\RRbackups\C\1\Data140 50003968 bytesFile C:\RRbackups\C\1\Data141 50003968 bytesFile C:\RRbackups\C\1\Data142 50003968 bytesFile C:\RRbackups\C\1\Data143 50003968 bytesFile C:\RRbackups\C\1\Data144 50003968 bytesFile C:\RRbackups\C\1\Data145 50003968 bytesFile C:\RRbackups\C\1\Data146 50003968 bytesFile C:\RRbackups\C\1\Data147 50003968 bytesFile C:\RRbackups\C\1\Data148 50003968 bytesFile C:\RRbackups\C\1\Data149 50003968 bytesFile C:\RRbackups\C\1\Data15 50003968 bytesFile C:\RRbackups\C\1\Data150 50003968 bytesFile C:\RRbackups\C\1\Data151 50003968 bytesFile C:\RRbackups\C\1\Data152 50003968 bytesFile C:\RRbackups\C\1\Data153 50003968 bytesFile C:\RRbackups\C\1\Data155 50003968 bytesFile C:\RRbackups\C\1\Data156 50003968 bytesFile C:\RRbackups\C\1\Data157 50003968 bytesFile C:\RRbackups\C\1\Data158 50003968 bytesFile C:\RRbackups\C\1\Data159 50003968 bytesFile C:\RRbackups\C\1\Data16 50003968 bytesFile C:\RRbackups\C\1\Data160 50003968 bytesFile C:\RRbackups\C\1\Data161 50003968 bytesFile C:\RRbackups\C\1\Data162 50003968 bytesFile C:\RRbackups\C\1\Data163 50003968 bytesFile C:\RRbackups\C\1\Data164 50003968 bytesFile C:\RRbackups\C\1\Data165 50003968 bytesFile C:\RRbackups\C\1\Data166 50003968 bytesFile C:\RRbackups\C\1\Data167 50003968 bytesFile C:\RRbackups\C\1\Data168 50003968 bytesFile C:\RRbackups\C\1\Data169 50003968 bytesFile C:\RRbackups\C\1\Data17 50003968 bytesFile C:\RRbackups\C\1\Data170 50003968 bytesFile C:\RRbackups\C\1\Data171 50003968 bytesFile C:\RRbackups\C\1\Data172 50003968 bytesFile C:\RRbackups\C\1\Data116 50003968 bytesFile C:\RRbackups\C\1\Data135 50003968 bytesFile C:\RRbackups\C\1\Data154 50003968 bytesFile C:\RRbackups\C\1\Data173 50003968 bytesFile C:\RRbackups\C\1\Data27 50003968 bytesFile C:\RRbackups\C\1\Data46 50003968 bytesFile C:\RRbackups\C\1\Data65 50003968 bytesFile C:\RRbackups\C\1\Data84 50003968 bytesFile C:\RRbackups\C\1\Data174 50003968 bytesFile C:\RRbackups\C\1\Data175 50003968 bytesFile C:\RRbackups\C\1\Data176 50003968 bytesFile C:\RRbackups\C\1\Data177 50003968 bytesFile C:\RRbackups\C\1\Data178 50003968 bytesFile C:\RRbackups\C\1\Data179 50003968 bytesFile C:\RRbackups\C\1\Data18 50003968 bytesFile C:\RRbackups\C\1\Data180 50003968 bytesFile C:\RRbackups\C\1\Data181 50003968 bytesFile C:\RRbackups\C\1\Data182 50003968 bytesFile C:\RRbackups\C\1\Data183 50003968 bytesFile C:\RRbackups\C\1\Data184 50003968 bytesFile C:\RRbackups\C\1\Data185 50003968 bytesFile C:\RRbackups\C\1\Data186 50003968 bytesFile C:\RRbackups\C\1\Data187 50003968 bytesFile C:\RRbackups\C\1\Data188 50003968 bytesFile C:\RRbackups\C\1\Data189 50003968 bytesFile C:\RRbackups\C\1\Data19 50003968 bytesFile C:\RRbackups\C\1\Data190 50003968 bytesFile C:\RRbackups\C\1\Data191 50003968 bytesFile C:\RRbackups\C\1\Data192 50003968 bytesFile C:\RRbackups\C\1\Data193 21054919 bytesFile C:\RRbackups\C\1\Data2 50003968 bytesFile C:\RRbackups\C\1\Data20 50003968 bytesFile C:\RRbackups\C\1\Data21 50003968 bytesFile C:\RRbackups\C\1\Data22 50003968 bytesFile C:\RRbackups\C\1\Data23 50003968 bytesFile C:\RRbackups\C\1\Data24 50003968 bytesFile C:\RRbackups\C\1\Data25 50003968 bytesFile C:\RRbackups\C\1\Data26 50003968 bytesFile C:\RRbackups\C\1\Data85 50003968 bytesFile C:\RRbackups\C\1\Data86 50003968 bytesFile C:\RRbackups\C\1\Data87 50003968 bytesFile C:\RRbackups\C\1\Data88 50003968 bytesFile C:\RRbackups\C\1\Data89 50003968 bytesFile C:\RRbackups\C\1\Data9 50003968 bytesFile C:\RRbackups\C\1\Data90 50003968 bytesFile C:\RRbackups\C\1\Data91 50003968 bytesFile C:\RRbackups\C\1\Data92 50003968 bytesFile C:\RRbackups\C\1\Data93 50003968 bytesFile C:\RRbackups\C\1\Data94 50003968 bytesFile C:\RRbackups\C\1\Data95 50003968 bytesFile C:\RRbackups\C\1\Data96 50003968 bytesFile C:\RRbackups\C\1\Data97 50003968 bytesFile C:\RRbackups\C\1\Data98 50003968 bytesFile C:\RRbackups\C\1\Data99 50003968 bytesFile C:\RRbackups\C\1\dats 0 bytesFile C:\RRbackups\C\1\EFSFile 0 bytesFile C:\RRbackups\C\1\HashFile 605388 bytesFile C:\RRbackups\C\1\Info 756 bytesFile C:\RRbackups\C\1\TOCFile 61547780 bytesFile C:\RRbackups\C\2 0 bytesFile C:\RRbackups\C\2\Data0 50003968 bytesFile C:\RRbackups\C\2\Data1 50003968 bytesFile C:\RRbackups\C\2\Data2 50003968 bytesFile C:\RRbackups\C\2\Data3 50003968 bytesFile C:\RRbackups\C\2\Data4 50003968 bytesFile C:\RRbackups\C\2\Data5 50003968 bytesFile C:\RRbackups\C\2\Data6 50003968 bytesFile C:\RRbackups\C\2\Data7 50003968 bytesFile C:\RRbackups\C\2\Data8 12169021 bytesFile C:\RRbackups\C\2\dats 0 bytesFile C:\RRbackups\C\2\EFSFile 0 bytesFile C:\RRbackups\C\2\HashFile 607584 bytesFile C:\RRbackups\C\2\Info 756 bytesFile C:\RRbackups\C\2\TOCFile 61771040 bytesFile C:\RRbackups\C\3 0 bytesFile C:\RRbackups\C\3\Data0 50003968 bytesFile C:\RRbackups\C\3\Data1 50003968 bytesFile C:\RRbackups\C\3\Data10 50003968 bytesFile C:\RRbackups\C\3\Data11 50003968 bytesFile C:\RRbackups\C\3\Data12 50003968 bytesFile C:\RRbackups\C\3\Data13 50003968 bytesFile C:\RRbackups\C\3\Data14 50003968 bytesFile C:\RRbackups\C\3\Data15 50003968 bytesFile C:\RRbackups\C\3\Data16 50003968 bytesFile C:\RRbackups\C\3\Data17 50003968 bytesFile C:\RRbackups\C\3\Data18 50003968 bytesFile C:\RRbackups\C\3\Data19 50003968 bytesFile C:\RRbackups\C\3\Data2 50003968 bytesFile C:\RRbackups\C\3\Data20 50003968 bytesFile C:\RRbackups\C\3\Data21 50003968 bytesFile C:\RRbackups\C\3\Data22 50003968 bytesFile C:\RRbackups\C\3\Data23 46361765 bytesFile C:\RRbackups\C\3\Data3 50003968 bytesFile C:\RRbackups\C\3\Data4 50003968 bytesFile C:\RRbackups\C\3\Data5 50003968 bytesFile C:\RRbackups\C\3\Data6 50003968 bytesFile C:\RRbackups\C\3\Data7 50003968 bytesFile C:\RRbackups\C\3\Data8 50003968 bytesFile C:\RRbackups\C\3\Data9 50003968 bytesFile C:\RRbackups\C\3\dats 0 bytesFile C:\RRbackups\C\3\EFSFile 0 bytesFile C:\RRbackups\C\3\HashFile 570180 bytesFile C:\RRbackups\C\3\Info 756 bytesFile C:\RRbackups\C\3\TOCFile 57968300 bytesFile C:\RRbackups\C\4 0 bytesFile C:\RRbackups\C\4\Data0 50003968 bytesFile C:\RRbackups\C\4\Data1 50003968 bytesFile C:\RRbackups\C\4\Data10 50003968 bytesFile C:\RRbackups\C\4\Data11 50003968 bytesFile C:\RRbackups\C\4\Data12 50003968 bytesFile C:\RRbackups\C\4\Data13 50003968 bytesFile C:\RRbackups\C\4\Data14 50003968 bytesFile C:\RRbackups\C\4\Data15 32909451 bytesFile C:\RRbackups\C\4\Data2 50003968 bytesFile C:\RRbackups\C\4\Data3 50003968 bytesFile C:\RRbackups\C\4\Data4 50003968 bytesFile C:\RRbackups\C\4\Data5 50003968 bytesFile C:\RRbackups\C\4\Data6 50003968 bytesFile C:\RRbackups\C\4\Data7 50003968 bytesFile C:\RRbackups\C\4\Data8 50003968 bytesFile C:\RRbackups\C\4\Data9 50003968 bytesFile C:\RRbackups\C\4\dats 0 bytesFile C:\RRbackups\C\4\EFSFile 0 bytesFile C:\RRbackups\C\4\HashFile 641418 bytesFile C:\RRbackups\C\4\Info 756 bytesFile C:\RRbackups\C\4\TOCFile 65210830 bytesFile C:\RRbackups\C\5 0 bytesFile C:\RRbackups\C\5\Data0 50003968 bytesFile C:\RRbackups\C\5\Data1 50003968 bytesFile C:\RRbackups\C\5\Data2 50003968 bytesFile C:\RRbackups\C\5\Data3 14517132 bytesFile C:\RRbackups\C\5\dats 0 bytesFile C:\RRbackups\C\5\EFSFile 0 bytesFile C:\RRbackups\C\5\HashFile 628320 bytesFile C:\RRbackups\C\5\Info 756 bytesFile C:\RRbackups\C\5\TOCFile 63879200 bytesFile C:\RRbackups\C\MERGE 0 bytesFile C:\RRbackups\C\MERGE\Data27 50003968 bytesFile C:\RRbackups\C\MERGE\Data46 50003968 bytesFile C:\RRbackups\C\MERGE\Data0 50003968 bytesFile C:\RRbackups\C\MERGE\Data1 50003968 bytesFile C:\RRbackups\C\MERGE\Data10 50003968 bytesFile C:\RRbackups\C\MERGE\Data11 50003968 bytesFile C:\RRbackups\C\MERGE\Data12 50003968 bytesFile C:\RRbackups\C\MERGE\Data13 50003968 bytesFile C:\RRbackups\C\MERGE\Data14 50003968 bytesFile C:\RRbackups\C\MERGE\Data15 50003968 bytesFile C:\RRbackups\C\MERGE\Data16 50003968 bytesFile C:\RRbackups\C\MERGE\Data17 50003968 bytesFile C:\RRbackups\C\MERGE\Data18 50003968 bytesFile C:\RRbackups\C\MERGE\Data19 50003968 bytesFile C:\RRbackups\C\MERGE\Data2 50003968 bytesFile C:\RRbackups\C\MERGE\Data20 50003968 bytesFile C:\RRbackups\C\MERGE\Data21 50003968 bytesFile C:\RRbackups\C\MERGE\Data22 50003968 bytesFile C:\RRbackups\C\MERGE\Data23 50003968 bytesFile C:\RRbackups\C\MERGE\Data24 50003968 bytesFile C:\RRbackups\C\MERGE\Data25 50003968 bytesFile C:\RRbackups\C\MERGE\Data26 50003968 bytesFile C:\RRbackups\C\MERGE\Data28 50003968 bytesFile C:\RRbackups\C\MERGE\Data29 50003968 bytesFile C:\RRbackups\C\MERGE\Data3 50003968 bytesFile C:\RRbackups\C\MERGE\Data30 50003968 bytesFile C:\RRbackups\C\MERGE\Data31 50003968 bytesFile C:\RRbackups\C\MERGE\Data32 50003968 bytesFile C:\RRbackups\C\MERGE\Data33 50003968 bytesFile C:\RRbackups\C\MERGE\Data34 50003968 bytesFile C:\RRbackups\C\MERGE\Data35 50003968 bytesFile C:\RRbackups\C\MERGE\Data36 50003968 bytesFile C:\RRbackups\C\MERGE\Data37 50003968 bytesFile C:\RRbackups\C\MERGE\Data38 50003968 bytesFile C:\RRbackups\C\MERGE\Data39 50003968 bytesFile C:\RRbackups\C\MERGE\Data4 50003968 bytesFile C:\RRbackups\C\MERGE\Data40 50003968 bytesFile C:\RRbackups\C\MERGE\Data41 50003968 bytesFile C:\RRbackups\C\MERGE\Data42 50003968 bytesFile C:\RRbackups\C\MERGE\Data43 50003968 bytesFile C:\RRbackups\C\MERGE\Data44 50003968 bytesFile C:\RRbackups\C\MERGE\Data45 50003968 bytesFile C:\RRbackups\C\MERGE\Data47 50003968 bytesFile C:\RRbackups\C\MERGE\Data48 50003968 bytesFile C:\RRbackups\C\MERGE\Data49 50003968 bytesFile C:\RRbackups\C\MERGE\Data5 50003968 bytesFile C:\RRbackups\C\MERGE\Data50 50003968 bytesFile C:\RRbackups\C\MERGE\Data51 50003968 bytesFile C:\RRbackups\C\MERGE\Data52 50003968 bytesFile C:\RRbackups\C\MERGE\Data53 50003968 bytesFile C:\RRbackups\C\MERGE\Data54 50003968 bytesFile C:\RRbackups\C\MERGE\Data55 50003968 bytesFile C:\RRbackups\C\MERGE\Data56 50003968 bytesFile C:\RRbackups\C\MERGE\Data57 50003968 bytesFile C:\RRbackups\C\MERGE\Data58 50003968 bytesFile C:\RRbackups\C\MERGE\Data59 50003968 bytesFile C:\RRbackups\C\MERGE\Data6 50003968 bytesFile C:\RRbackups\C\MERGE\Data60 50003968 bytesFile C:\RRbackups\C\MERGE\Data61 50003968 bytesFile C:\RRbackups\C\MERGE\Data62 50003968 bytesFile C:\RRbackups\C\MERGE\Data63 50003968 bytesFile C:\RRbackups\C\MERGE\Data64 50003968 bytesFile C:\RRbackups\C\MERGE\Data65 50003968 bytesFile C:\RRbackups\C\MERGE\Data66 50003968 bytesFile C:\RRbackups\C\MERGE\Data67 50003968 bytesFile C:\RRbackups\C\MERGE\Data68 50003968 bytesFile C:\RRbackups\C\MERGE\Data7 50003968 bytesFile C:\RRbackups\C\MERGE\Data8 50003968 bytesFile C:\RRbackups\C\MERGE\Data9 50003968 bytesFile C:\RRbackups\C\MERGE\EFSFile 0 bytesFile C:\RRbackups\C\MERGE\HashFile 607584 bytesFile C:\RRbackups\C\MERGE\Info 0 bytesFile C:\RRbackups\C\MERGE\TOCFile 61771040 bytesFile C:\RRbackups\common 0 bytesFile C:\RRbackups\common\backups.dat 8192 bytesFile C:\RRbackups\common\bt0.dat 32256 bytesFile C:\RRbackups\common\bt1.dat 32256 bytesFile C:\RRbackups\common\bt2.dat 32256 bytesFile C:\RRbackups\common\bt3.dat 32256 bytesFile C:\RRbackups\common\bt4.dat 32256 bytesFile C:\RRbackups\common\bt5.dat 32256 bytesFile C:\RRbackups\common\css.dat 8192 bytesFile C:\RRbackups\common\hints.dat 8192 bytesFile C:\RRbackups\common\mnd.dat 8192 bytesFile C:\RRbackups\common\regcerts.dat 8192 bytesFile C:\RRbackups\common\restore.log 110 bytesFile C:\RRbackups\common\rr.log 118725 bytesFile C:\RRbackups\common\SAM 28672 bytesFile C:\RRbackups\common\seccache.dat 8192 bytesFile C:\RRbackups\common\secpolicy.dat 57344 bytesFile C:\RRbackups\common\settings.dat 28672 bytesFile C:\RRbackups\common\system.dat 12288 bytesFile C:\RRbackups\common\tvtcmn.dat 8192 bytesFile C:\RRbackups\common\tvtns.bin 23 bytesFile C:\RRbackups\common\usersids.dat 19760 bytesFile C:\RRbackups\Documents and Settings 0 bytesFile C:\RRbackups\Documents and Settings\Administrator 0 bytesFile C:\RRbackups\Documents and Settings\Administrator\Application Data 0 bytesFile C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo 0 bytesFile C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft 0 bytesFile C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto 0 bytesFile C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA 0 bytesFile C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-177391176-3013064915-1126896040-500 0 bytesFile C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect 0 bytesFile C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST 24 bytesFile C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-500 0 bytesFile C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-500\95890812-1074-4f1e-a770-59e2aad7ece7 388 bytesFile C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-500\9a03dc07-8c36-4df7-86bd-08c16f66c2df 388 bytesFile C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-500\Preferred 24 bytesFile C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3801357592-4008900785-3674365008-500 0 bytesFile C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3801357592-4008900785-3674365008-500\f75676ba-bf34-42ed-995c-8cbe7d07d54e 388 bytesFile C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3801357592-4008900785-3674365008-500\Preferred 24 bytesFile C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-799280402-3262740209-2941955826-500 0 bytesFile C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-799280402-3262740209-2941955826-500\ffd098b8-290e-4ed1-9bd6-41d064a3a2cc 388 bytesFile C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-799280402-3262740209-2941955826-500\Preferred 24 bytesFile C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-988936293-1743377944-886619355-500 0 bytesFile C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-988936293-1743377944-886619355-500\a63cc348-bc5a-403c-b673-e24ae79c177c 388 bytesFile C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-988936293-1743377944-886619355-500\Preferred 24 bytesFile C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates 0 bytesFile C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My 0 bytesFile C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytesFile C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytesFile C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytesFile C:\RRbackups\Documents and Settings\All Users 0 bytesFile C:\RRbackups\Documents and Settings\All Users\Application Data 0 bytesFile C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo 0 bytesFile C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution 0 bytesFile C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\cspContainer.dat 332 bytesFile C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\encobject.dat 1608 bytesFile C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\swkeys.dat 6372 bytesFile C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\symkeys.dat 656 bytesFile C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft 0 bytesFile C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto 0 bytesFile C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA 0 bytesFile C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys 0 bytesFile C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e17459beeef013e01dbf6151b4b7cdbf_2a1a5594-44da-454f-bcc3-a8d1236514c1 1752 bytesFile C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8c8c08b314953ee7cab9b763cd76286_2a1a5594-44da-454f-bcc3-a8d1236514c1 1291 bytesFile C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18 0 bytesFile C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_2a1a5594-44da-454f-bcc3-a8d1236514c1 57 bytesFile C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_2a1a5594-44da-454f-bcc3-a8d1236514c1 47 bytesFile C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_2a1a5594-44da-454f-bcc3-a8d1236514c1 54 bytesFile C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_2a1a5594-44da-454f-bcc3-a8d1236514c1 893 bytesFile C:\RRbackups\Documents and Settings\Default User 0 bytesFile C:\RRbackups\Documents and Settings\Default User\Application Data 0 bytesFile C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo 0 bytesFile C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft 0 bytesFile C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto 0 bytesFile C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto\RSA 0 bytesFile C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect 0 bytesFile C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST 24 bytesFile C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3801357592-4008900785-3674365008-500 0 bytesFile C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3801357592-4008900785-3674365008-500\f75676ba-bf34-42ed-995c-8cbe7d07d54e 388 bytesFile C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3801357592-4008900785-3674365008-500\Preferred 24 bytesFile C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-799280402-3262740209-2941955826-500 0 bytesFile C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-799280402-3262740209-2941955826-500\ffd098b8-290e-4ed1-9bd6-41d064a3a2cc 388 bytesFile C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-799280402-3262740209-2941955826-500\Preferred 24 bytesFile C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-988936293-1743377944-886619355-500 0 bytesFile C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-988936293-1743377944-886619355-500\a63cc348-bc5a-403c-b673-e24ae79c177c 388 bytesFile C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-988936293-1743377944-886619355-500\Preferred 24 bytesFile C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates 0 bytesFile C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My 0 bytesFile C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytesFile C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytesFile C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset 0 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data 0 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Lenovo 0 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Lenovo\Client Security Solution 0 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Lenovo\Client Security Solution\config.ini 61 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Lenovo\Client Security Solution\cspContainer.dat 332 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Lenovo\Client Security Solution\cssversion.dat 1908 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Lenovo\Client Security Solution\encobject.dat 11256 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Lenovo\Client Security Solution\hibernation.dat 4 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Lenovo\Client Security Solution\swkeys.dat 6372 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Lenovo\Client Security Solution\symkeys.dat 1968 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft 0 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Crypto 0 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Crypto\RSA 0 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Crypto\RSA\S-1-5-21-177391176-3013064915-1126896040-1009 0 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Crypto\RSA\S-1-5-21-177391176-3013064915-1126896040-1009\533145ef011ddf5ca3983e2545a902b4_2a1a5594-44da-454f-bcc3-a8d1236514c1 2075 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Crypto\RSA\S-1-5-21-177391176-3013064915-1126896040-1009\6b29ae44e85efac3c72ff4d1865d73f1_2a1a5594-44da-454f-bcc3-a8d1236514c1 53 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Crypto\RSA\S-1-5-21-177391176-3013064915-1126896040-1009\8f71098770f72c7a67cd8f1151619865_2a1a5594-44da-454f-bcc3-a8d1236514c1 54 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Crypto\RSA\S-1-5-21-177391176-3013064915-1126896040-1009\8fa2527bb3d045243dc1859cda72d459_2a1a5594-44da-454f-bcc3-a8d1236514c1 52 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect 0 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\CREDHIST 160 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1009 0 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1009\040dcc2a-ef82-4d0a-986a-413b7605918c 388 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1009\3b61c35b-7c24-4bfb-a3cf-7898c26911f9 388 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1009\54b57933-178c-42cc-a5d3-676105cd008c 388 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1009\58cf196c-6743-4882-a0d6-333cb3dced54 388 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1009\8418aa6a-3a63-414c-843c-1b605502311b 388 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1009\8c31c5e0-bc73-4526-8032-731f745e7f7e 388 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1009\8f6f36d2-4ac6-4ed9-954b-594a6cc8caa8 388 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1009\b38fdcfb-f0cf-4e0b-89f2-5d7a89fad2ab 388 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1009\Preferred 24 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-3801357592-4008900785-3674365008-500 0 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-3801357592-4008900785-3674365008-500\f75676ba-bf34-42ed-995c-8cbe7d07d54e 388 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-3801357592-4008900785-3674365008-500\Preferred 24 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-799280402-3262740209-2941955826-500 0 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-799280402-3262740209-2941955826-500\ffd098b8-290e-4ed1-9bd6-41d064a3a2cc 388 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-799280402-3262740209-2941955826-500\Preferred 24 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-988936293-1743377944-886619355-500 0 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-988936293-1743377944-886619355-500\a63cc348-bc5a-403c-b673-e24ae79c177c 388 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-988936293-1743377944-886619355-500\Preferred 24 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\SystemCertificates 0 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\SystemCertificates\My 0 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytesFile C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytesFile C:\RRbackups\Documents and Settings\LocalService 0 bytesFile C:\RRbackups\Documents and Settings\LocalService\Application Data 0 bytesFile C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft 0 bytesFile C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates 0 bytesFile C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My 0 bytesFile C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytesFile C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytesFile C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytesFile C:\RRbackups\Documents and Settings\NetworkService 0 bytesFile C:\RRbackups\Documents and Settings\NetworkService\Application Data 0 bytesFile C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft 0 bytesFile C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto 0 bytesFile C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA 0 bytesFile C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20 0 bytesFile C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20\94498385663a229a93d423c6d144ae0b_2a1a5594-44da-454f-bcc3-a8d1236514c1 2519 bytesFile C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect 0 bytesFile C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\CREDHIST 24 bytesFile C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20 0 bytesFile C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\a64fa3f6-39da-4d67-b6bb-268329786979 388 bytesFile C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\dd55866a-c547-42c1-a4b3-2fd9b24487b9 388 bytesFile C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\Preferred 24 bytesFile C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates 0 bytesFile C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My 0 bytesFile C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytesFile C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytesFile C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset 0 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset\Application Data 0 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Lenovo 0 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft 0 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Crypto 0 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Crypto\RSA 0 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Crypto\RSA\S-1-5-21-177391176-3013064915-1126896040-1008 0 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Crypto\RSA\S-1-5-21-177391176-3013064915-1126896040-1008\18f2c9718993975942ed390c377199bd_2a1a5594-44da-454f-bcc3-a8d1236514c1 54 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Crypto\RSA\S-1-5-21-177391176-3013064915-1126896040-1008\8f71098770f72c7a67cd8f1151619865_2a1a5594-44da-454f-bcc3-a8d1236514c1 54 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect 0 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\CREDHIST 24 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1008 0 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1008\3b8cb826-d363-42e5-a6aa-481997ed3efe 388 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1008\65b9ad86-9afd-4395-b8cf-070b3c720c94 388 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1008\9da837b6-7ac6-4db2-a4a3-5edee8df6ceb 388 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1008\f7954ab0-f671-469a-956e-8dcec3f8bae5 388 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1008\Preferred 24 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-3801357592-4008900785-3674365008-500 0 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-3801357592-4008900785-3674365008-500\f75676ba-bf34-42ed-995c-8cbe7d07d54e 388 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-3801357592-4008900785-3674365008-500\Preferred 24 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-799280402-3262740209-2941955826-500 0 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-799280402-3262740209-2941955826-500\ffd098b8-290e-4ed1-9bd6-41d064a3a2cc 388 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-799280402-3262740209-2941955826-500\Preferred 24 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-988936293-1743377944-886619355-500 0 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-988936293-1743377944-886619355-500\a63cc348-bc5a-403c-b673-e24ae79c177c 388 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-988936293-1743377944-886619355-500\Preferred 24 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\SystemCertificates 0 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\SystemCertificates\My 0 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytesFile C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytesFile C:\RRbackups\SIS 0 bytesFile C:\RRbackups\SIS\C 0 bytesFile C:\RRbackups\SIS\C\0 0 bytes---- EOF - GMER 1.0.15 ---- 0 bytes Quote Link to post Share on other sites
schrauber Posted December 29, 2009 Report Share Posted December 29, 2009 Hi,Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-Malware[*]Then click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.Also please post back with a fresh OTL logfile. Quote Link to post Share on other sites
deocder Posted December 29, 2009 Author Report Share Posted December 29, 2009 (edited) Hello, I have posted both logs below: .Are we making progress?Malwarebytes' Anti-Malware 1.42Database version: 3289Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.1112/29/2009 10:56:08 AMmbam-log-2009-12-29 (10-56-08).txtScan type: Quick ScanObjects scanned: 138975Time elapsed: 9 minute(s), 21 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)**********************************************************************************************************************************OTL logfile created on: 12/29/2009 11:04:36 AM - Run 3OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Jay Plesset\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.11)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1,014.00 Mb Total Physical Memory | 342.00 Mb Available Physical Memory | 34.00% Memory free2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File freePaging file location(s): C:\pagefile.sys 1524 3048 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 105.81 Gb Total Space | 64.49 Gb Free Space | 60.96% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: SUES_LAPTOPCurrent User Name: Jay PlessetLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2009/12/27 09:59:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay Plesset\Desktop\OTL.exePRC - [2009/11/24 18:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exePRC - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exePRC - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exePRC - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exePRC - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exePRC - [2009/10/28 01:54:16 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exePRC - [2009/04/24 14:05:42 | 00,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exePRC - [2009/04/23 17:49:56 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exePRC - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exePRC - [2008/10/20 10:36:40 | 00,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exePRC - [2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exePRC - [2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exePRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2008/03/04 10:34:20 | 00,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exePRC - [2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exePRC - [2008/01/20 08:05:35 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exePRC - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exePRC - [2007/08/10 02:21:56 | 16,384,000 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exePRC - [2007/08/03 19:42:08 | 00,927,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exePRC - [2007/08/03 19:35:38 | 02,630,968 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exePRC - [2007/08/03 19:10:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exePRC - [2007/07/05 18:05:04 | 00,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exePRC - [2007/07/05 18:04:18 | 00,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exePRC - [2007/07/05 18:03:32 | 00,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exePRC - [2007/04/09 13:03:00 | 00,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exePRC - [2007/04/08 20:24:32 | 00,054,832 | ---- | M] (Lenovo.) -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exePRC - [2007/03/23 02:32:42 | 00,138,008 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exePRC - [2007/03/23 02:32:40 | 00,252,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exePRC - [2007/03/23 02:32:36 | 00,138,008 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exePRC - [2007/03/23 02:32:24 | 00,162,584 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exePRC - [2007/03/16 08:26:22 | 00,057,344 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMSveH.exePRC - [2007/03/16 08:26:18 | 00,031,840 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMHandler.exePRC - [2007/02/10 08:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exePRC - [2007/02/08 16:11:32 | 00,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exePRC - [2007/02/08 16:09:58 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exePRC - [2007/02/08 16:00:06 | 00,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exePRC - [2007/01/29 22:01:26 | 00,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXEPRC - [2007/01/04 22:48:52 | 00,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exePRC - [2006/11/07 05:51:20 | 00,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXEPRC - [2006/11/02 23:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exePRC - [2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exePRC - [2006/10/12 02:28:56 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXEPRC - [2006/10/12 02:28:48 | 01,282,048 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\WLTRAY.EXEPRC - [2006/10/12 02:28:48 | 01,134,592 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\BCMWLTRY.EXEPRC - [2006/09/06 02:38:44 | 00,054,824 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exePRC - [2006/08/30 02:40:04 | 00,089,542 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exePRC - [2006/05/24 00:08:06 | 00,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exePRC - [2006/05/19 00:51:16 | 00,774,233 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exePRC - [2006/05/18 19:24:06 | 00,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exePRC - [2005/11/10 16:03:52 | 00,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exePRC - [2004/08/04 07:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exePRC - [2004/07/27 19:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\Installshield\UpdateService\issch.exe========== Modules (SafeList) ==========MOD - [2009/12/27 09:59:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay Plesset\Desktop\OTL.exeMOD - [2008/04/13 19:12:10 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dllMOD - [2008/04/13 19:12:09 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dllMOD - [2008/04/13 12:37:57 | 00,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dllMOD - [2007/08/03 19:42:18 | 00,660,792 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dllMOD - [2007/08/03 19:42:10 | 02,094,392 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvt_passwordmanager.dllMOD - [2007/08/03 19:28:10 | 01,324,344 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_dlgcustompolicy.dllMOD - [2007/08/03 19:28:06 | 00,714,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_banner.dllMOD - [2007/08/03 19:28:02 | 05,174,584 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_lenovo_res.dllMOD - [2007/08/03 19:27:46 | 01,910,072 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\csswait.dllMOD - [2007/08/03 19:27:42 | 00,800,056 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\cssuserdatadispatcher.dllMOD - [2007/08/03 19:19:10 | 00,664,888 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\tcsrpc.dllMOD - [2007/08/03 19:19:06 | 00,386,360 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\tvttsp.dllMOD - [2007/08/03 19:09:58 | 00,066,872 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_lenovo_res2.dll========== Win32 Services (SafeList) ==========SRV - File not found [On_Demand | Stopped] -- -- (FingerprintServer)SRV - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)SRV - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)SRV - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)SRV - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)SRV - [2009/04/30 13:23:41 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)SRV - [2009/04/23 17:49:56 | 00,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)SRV - [2008/10/20 10:36:40 | 00,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)SRV - [2008/05/21 16:25:30 | 00,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)SRV - [2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)SRV - [2008/04/13 19:12:02 | 00,065,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\nwwks.dll -- (NWCWorkstation)SRV - [2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)SRV - [2008/02/26 21:08:50 | 29,183,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)SRV - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)SRV - [2007/08/03 19:10:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)SRV - [2007/07/05 18:05:04 | 00,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)SRV - [2007/07/05 18:03:32 | 00,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)SRV - [2007/05/24 07:08:44 | 00,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)SRV - [2007/04/08 20:24:32 | 00,054,832 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe -- (FNF5SVC)SRV - [2007/03/16 08:26:22 | 00,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe -- (PMSveH)SRV - [2007/02/10 08:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)SRV - [2007/02/08 16:11:32 | 00,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)SRV - [2007/02/08 16:09:58 | 00,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)SRV - [2007/01/29 22:01:26 | 00,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)SRV - [2007/01/04 22:48:52 | 00,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)SRV - [2006/11/02 23:40:12 | 00,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)SRV - [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)SRV - [2006/10/12 02:28:56 | 00,020,480 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)SRV - [2006/05/24 00:08:06 | 00,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)SRV - [2005/11/14 04:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)SRV - [2005/10/14 06:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)========== Driver Services (SafeList) ==========DRV - [2009/11/24 18:50:59 | 00,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)DRV - [2009/11/24 18:50:12 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)DRV - [2009/11/24 18:50:00 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)DRV - [2009/11/24 18:49:07 | 00,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)DRV - [2009/11/24 18:48:57 | 00,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)DRV - [2009/11/24 18:47:54 | 00,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)DRV - [2008/05/16 05:10:32 | 00,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)DRV - [2008/05/16 05:10:30 | 00,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)DRV - [2008/04/13 13:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)DRV - [2008/04/13 13:34:12 | 00,163,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwrdr.sys -- (NWRDR)DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)DRV - [2007/11/27 23:09:50 | 00,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)DRV - [2007/11/27 23:08:47 | 00,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)DRV - [2007/08/10 00:52:44 | 04,603,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2007/06/17 00:29:08 | 00,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)DRV - [2007/05/22 18:59:38 | 00,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)DRV - [2007/05/22 02:59:34 | 00,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)DRV - [2007/04/09 13:03:00 | 00,012,848 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)DRV - [2007/04/02 14:24:08 | 00,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)DRV - [2007/02/25 22:59:10 | 05,700,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)DRV - [2007/02/24 17:42:22 | 00,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)DRV - [2007/02/16 18:46:42 | 00,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)DRV - [2007/02/12 12:36:54 | 00,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)DRV - [2007/02/08 15:30:28 | 00,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)DRV - [2007/02/02 06:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)DRV - [2007/01/23 20:03:28 | 00,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)DRV - [2007/01/23 19:40:20 | 00,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)DRV - [2006/11/06 03:23:24 | 00,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)DRV - [2006/10/12 02:28:42 | 00,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)DRV - [2006/08/30 00:53:00 | 01,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)DRV - [2006/05/24 14:48:14 | 00,010,240 | ---- | M] (Lenovo ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PMHler.sys -- (PMHler)DRV - [2006/05/19 00:24:20 | 00,193,088 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)DRV - [2005/11/08 12:27:20 | 00,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)DRV - [2004/08/04 07:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)DRV - [2004/08/04 07:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)DRV - [2004/08/03 17:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)DRV - [2003/09/11 02:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)DRV - [2001/09/10 12:00:00 | 00,017,976 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\epusbsto.sys -- (EPUSBSTOR)DRV - [2001/08/17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)DRV - [2001/08/17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)DRV - [2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)DRV - [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)DRV - [2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)DRV - [2001/08/17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)DRV - [2001/08/17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)DRV - [2001/08/17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)DRV - [2001/08/17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)DRV - [2001/08/17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)DRV - [2001/08/17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)DRV - [2001/08/17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)DRV - [2001/08/17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)DRV - [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)DRV - [2001/08/17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)DRV - [2001/08/17 07:20:04 | 00,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)DRV - [2001/08/17 07:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/3000notebook [binary data]IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Broadcom Corporation)O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)O4 - HKLM..\Run: [PMHandler] C:\Program Files\Lenovo\PM Driver\PMHandler.exe (Lenovo)O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)O4 - HKLM..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe ()O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab (IASRunner Class)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)O20 - Winlogon\Notify\SDNotify: DllName - C:\Program Files\Max Spyware Detector\SDNotify.dll - C:\Program Files\Max Spyware Detector\SDNotify.dll File not foundO30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2006/04/30 02:13:35 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - comfile [open] -- "%1" %*O35 - exefile [open] -- "%1" %*NetSvcs: 6to4 - File not foundNetSvcs: Ias - C:\WINDOWS\system32\ias [2007/11/27 22:30:07 | 00,000,000 | ---D | M]NetSvcs: Iprip - File not foundNetSvcs: Irmon - File not foundNetSvcs: NWCWorkstation - C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation)NetSvcs: Nwsapagent - File not foundNetSvcs: WmdmPmSp - File not foundCREATERESTOREPOINTRestore point Set: OTL Restore Point (16891947461378048)========== Files/Folders - Created Within 30 Days ==========[2009/12/29 09:40:55 | 00,000,000 | ---D | C] -- C:\53a14093590df81296e4fb63[2009/12/27 09:59:03 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jay Plesset\Desktop\OTL.exe[2009/12/27 00:03:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\SQL9_KB970895_ENU[2009/12/26 21:57:28 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys[2009/12/26 21:57:28 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys[2009/12/26 21:57:28 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys[2009/12/26 21:57:27 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr[2009/12/26 21:57:26 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys[2009/12/26 21:57:26 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys[2009/12/26 21:57:26 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys[2009/12/26 21:57:26 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys[2009/12/26 21:57:11 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe[2009/12/26 21:57:08 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software[2009/12/26 21:05:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jay Plesset\Application Data\Malwarebytes[2009/12/26 21:05:38 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2009/12/26 21:05:36 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2009/12/26 21:05:36 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2009/12/26 21:05:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes[2009/12/12 08:52:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jay Plesset\Application Data\MSNInstaller[2009/09/02 17:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intuit[2009/07/22 00:02:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft[2009/02/27 14:19:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit[2009/02/14 06:53:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth[2008/12/15 21:07:41 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft[2008/12/15 21:07:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft[2008/11/25 20:59:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe[2007/12/15 03:10:42 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2009/12/29 10:06:01 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job[2009/12/29 09:43:08 | 00,591,718 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2009/12/29 09:43:08 | 00,491,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2009/12/29 09:43:08 | 00,089,982 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2009/12/29 09:39:28 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2009/12/29 09:39:08 | 00,025,269 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI[2009/12/29 09:38:53 | 00,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI[2009/12/29 09:38:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2009/12/29 09:38:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2009/12/29 09:38:36 | 10,637,02528 | -HS- | M] () -- C:\hiberfil.sys[2009/12/29 02:26:44 | 02,883,584 | ---- | M] () -- C:\Documents and Settings\Jay Plesset\NTUSER.DAT[2009/12/29 02:26:21 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Jay Plesset\ntuser.ini[2009/12/29 02:26:01 | 01,984,550 | -H-- | M] () -- C:\Documents and Settings\Jay Plesset\Local Settings\Application Data\IconCache.db[2009/12/28 08:44:31 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Jay Plesset\Desktop\9m087noy.exe[2009/12/27 09:59:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay Plesset\Desktop\OTL.exe[2009/12/26 21:57:28 | 00,001,716 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk[2009/12/26 21:57:26 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT[2009/12/26 20:59:42 | 00,000,123 | ---- | M] () -- C:\WINDOWS\System\SysRegC.dll[2009/12/22 04:58:11 | 00,000,123 | ---- | M] () -- C:\WINDOWS\System\SysSD.dll[2009/12/21 19:39:06 | 00,011,738 | ---- | M] () -- C:\Documents and Settings\Jay Plesset\My Documents\Wines WE LIKE.docx[2009/12/18 09:17:05 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Jay Plesset\Desktop\Microsoft Office Excel 2007.lnk[2009/12/13 22:57:54 | 30,568,448 | R--- | M] () -- C:\Jay H Plesset DDS PA.qbw[2009/12/13 22:57:54 | 00,196,608 | R--- | M] () -- C:\Jay H Plesset DDS PA.qbw.TLG[2009/12/13 22:57:54 | 00,000,330 | ---- | M] () -- C:\Jay H Plesset DDS PA.qbw.ND[2009/12/13 22:39:21 | 23,572,480 | ---- | M] () -- C:\Jay H Plesset DDS PA (Backup Dec 13,2009 10 38 PM).QBB[2009/12/11 09:01:40 | 00,000,330 | ---- | M] () -- C:\Jay H Plesset DDS PA.ND[2009/12/09 19:00:31 | 00,012,233 | ---- | M] () -- C:\Documents and Settings\Jay Plesset\My Documents\Holiday Card 2009.docx[2009/12/09 03:04:30 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK[2009/12/06 20:06:43 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Jay Plesset\My Documents\~$liday Card 2009.docx[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]========== Files Created - No Company Name ==========[2009/12/28 19:33:15 | 10,637,02528 | -HS- | C] () -- C:\hiberfil.sys[2009/12/28 08:44:29 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Jay Plesset\Desktop\9m087noy.exe[2009/12/26 21:57:28 | 00,001,716 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk[2009/12/26 21:57:11 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx[2009/12/13 22:47:12 | 00,196,608 | R--- | C] () -- C:\Jay H Plesset DDS PA.qbw.TLG[2009/12/13 22:39:13 | 23,572,480 | ---- | C] () -- C:\Jay H Plesset DDS PA (Backup Dec 13,2009 10 38 PM).QBB[2009/12/06 20:06:43 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Jay Plesset\My Documents\~$liday Card 2009.docx[2009/12/06 20:06:42 | 00,012,233 | ---- | C] () -- C:\Documents and Settings\Jay Plesset\My Documents\Holiday Card 2009.docx[2008/04/23 21:40:33 | 00,003,140 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys[2008/04/23 21:40:33 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\F908CF7746.sys[2007/12/21 13:59:55 | 00,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI[2007/11/27 23:26:04 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini[2007/11/27 23:08:13 | 00,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys[2007/11/27 22:58:05 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll[2007/11/27 22:58:05 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll[2007/11/27 22:58:05 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll[2007/11/27 22:58:05 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll[2007/11/27 22:58:05 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll[2007/11/27 22:58:05 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll[2007/11/27 22:53:03 | 00,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll[2007/11/27 22:53:03 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll[2007/11/27 22:52:51 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll[2007/11/27 22:52:50 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll[2007/11/27 22:51:50 | 00,012,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS[2007/11/27 22:50:25 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll[2007/08/16 05:28:38 | 00,025,269 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI[2007/08/16 05:28:27 | 00,000,380 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI[2007/02/09 14:54:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini[2006/04/30 02:31:51 | 00,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI[2006/04/30 02:22:10 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini========== Custom Scans ==========< %SYSTEMDRIVE%\*.exe >< MD5 for: AGP440.SYS >[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys[2004/08/04 01:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys< MD5 for: ATAPI.SYS >[2007/04/03 05:39:42 | 00,096,384 | ---- | M] (Microsoft Corporation) MD5=2218E3FD674DC284CE98C807086CAB14 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys[2007/04/03 05:39:42 | 00,096,384 | ---- | M] (Microsoft Corporation) MD5=2218E3FD674DC284CE98C807086CAB14 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys< MD5 for: EVENTLOG.DLL >[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll[2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll< MD5 for: IASTOR.SYS >[2007/02/11 23:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\drivers\other\iastor.sys[2007/02/11 23:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SWTOOLS\DRIVERS\IMSM\iastor.sys[2007/02/12 12:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys< MD5 for: NETLOGON.DLL >[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll[2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll< MD5 for: SCECLI.DLL >[2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll< %systemroot%\*. /mp /s >< >< End of report > Edited December 29, 2009 by deocder Quote Link to post Share on other sites
schrauber Posted December 29, 2009 Report Share Posted December 29, 2009 Hi,How is your system running? Quote Link to post Share on other sites
deocder Posted December 30, 2009 Author Report Share Posted December 30, 2009 Hello and thanks!I have noticed that Internet Explorer taks a long time to load. Also, I have been unable to install Security Update for SQL Server 2005 Service Pack 2 (KB970895), but I dont think it has anything to do with Malware.How do the scans look? Quote Link to post Share on other sites
schrauber Posted December 30, 2009 Report Share Posted December 30, 2009 The logfiles looking good. Let's run an onlinescan to check for some leftovers.Please run a BitDefender Online ScanClick I Agree to agree to the EULA.Allow the ActiveX control to install when prompted.Click Click here to scan to begin the scan.Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.When the scan is finished, click on Click here to export the scan results.Save the report to your desktop so you can post it in your next reply. Quote Link to post Share on other sites
deocder Posted December 31, 2009 Author Report Share Posted December 31, 2009 I ran the scan and nothing was found. Additionally, "Click here to export the scan results" did not exist as on option. Quote Link to post Share on other sites
schrauber Posted December 31, 2009 Report Share Posted December 31, 2009 Ok, how is your system running? Quote Link to post Share on other sites
deocder Posted January 4, 2010 Author Report Share Posted January 4, 2010 It seems to be running well now but I have not had much time to really work with the system since going through all the scans. Thank you for your help thus far, I really appreciate it! Quote Link to post Share on other sites
schrauber Posted January 4, 2010 Report Share Posted January 4, 2010 Ã’k, please test the system a few days and let me know Quote Link to post Share on other sites
deocder Posted January 12, 2010 Author Report Share Posted January 12, 2010 Hello,Finally I have had a chance to work on this computer. However I had to do so remotely and cannot be in front of it.In addition, I have been unable to restore the desktop wallpaper. I have tried several fixes to no avail.The computer was having issues connecting to the internet. But once connected I tried to check the router it was connected to to make sure it was set up properly. I was unable to browse to the router (192.168.1.1). All other web browsing was fine, just unable to connect to the router's GUI. I have been able to connect to this in the past. I suspected that the browser was hijacked so I installed Spybot S&D and ran immunization. Then did a scan.I have also updated Malwarebytes and run another scan.In addition, another OTL scan.All logs are below.....Spybot Log:MaxSecure.RegistryCleaner: [sBI $5AA2E7C9] Program directory (Directory, fixed)C:\Program Files\Max Registry Cleaner\MaxSecure.RegistryCleaner: [sBI $52C9D917] Program directory (Directory, fixed)C:\Program Files\Max Registry Cleaner\Backup\MaxSecure.RegistryCleaner: [sBI $E0207521] Program directory (Directory, fixed)C:\Program Files\Max Registry Cleaner\BackupDB\MaxSecure.RegistryCleaner: [sBI $BA545786] Program directory (Directory, fixed)C:\Program Files\Max Registry Cleaner\Log\MaxSecure.RegistryCleaner: [sBI $ACF07A50] Text file (File, fixed)C:\Program Files\Max Registry Cleaner\Log\RCLiveupdateLog.txtProperties.size=0Properties.md5=D41D8CD98F00B204E9800998ECF8427EMaxSecure.RegistryCleaner: [sBI $ACF07A50] Text file (File, fixed)C:\Program Files\Max Registry Cleaner\Log\ScanLog.txtProperties.size=0Properties.md5=D41D8CD98F00B204E9800998ECF8427EMaxSecure.RegistryCleaner: [sBI $ACF07A50] Text file (File, fixed)C:\Program Files\Max Registry Cleaner\Log\VoucherLog.txtProperties.size=0Properties.md5=D41D8CD98F00B204E9800998ECF8427EMaxSecure.RegistryCleaner: [sBI $44D17AEA] Program directory (Directory, fixed)C:\Program Files\Max Registry Cleaner\setting\MaxSecure.RegistryCleaner: [sBI $033A6FF0] Configuration file (File, fixed)C:\Program Files\Max Registry Cleaner\setting\CurrentSettings.iniProperties.size=0Properties.md5=D41D8CD98F00B204E9800998ECF8427ESpywareDetector: [sBI $3B9C51F2] Settings (Registry key, fixed)HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDNotifySpywareDetector: [sBI $C90CC544] Program directory (Directory, fixed)C:\WINDOWS\MaxSecureBackup\SpywareDetector: [sBI $0D8F8637] Text file (File, fixed)C:\MaxSignature.txtProperties.size=0Properties.md5=D41D8CD98F00B204E9800998ECF8427ESpywareDetector: [sBI $879186E6] Library (File, fixed)C:\WINDOWS\system32\GetHardDiskNo.dllProperties.size=0Properties.md5=D41D8CD98F00B204E9800998ECF8427EMicrosoft.Windows.ActiveDesktop: [sBI $377029D9] User settings (Registry change, fixed)HKEY_USERS\S-1-5-21-177391176-3013064915-1126896040-1009\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaperMicrosoft.Windows.Explorer: [sBI $1931FF4D] Settings (Registry change, fixed)HKEY_USERS\S-1-5-21-177391176-3013064915-1126896040-1009\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChangesCoreMetrics: Tracking cookie (Internet Explorer: Jay Plesset) (Cookie, fixed)DoubleClick: Tracking cookie (Internet Explorer: Jay Plesset) (Cookie, fixed)CasaleMedia: Tracking cookie (Internet Explorer: Jay Plesset) (Cookie, fixed)Right Media: Tracking cookie (Internet Explorer: Jay Plesset) (Cookie, fixed)Statcounter: Tracking cookie (Internet Explorer: Jay Plesset) (Cookie, fixed)MediaPlex: Tracking cookie (Internet Explorer: Jay Plesset) (Cookie, fixed)HitBox: Tracking cookie (Internet Explorer: Jay Plesset) (Cookie, fixed)HitBox: Tracking cookie (Internet Explorer: Jay Plesset) (Cookie, fixed)MediaPlex: Tracking cookie (Internet Explorer: Jay Plesset) (Cookie, fixed)--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---2009-01-26 blindman.exe (1.0.0.8)2009-01-26 SDFiles.exe (1.6.1.7)2009-01-26 SDMain.exe (1.0.0.6)2009-01-26 SDShred.exe (1.0.2.5)2009-01-26 SDUpdate.exe (1.6.0.12)2009-01-26 SpybotSD.exe (1.6.2.46)2009-03-05 TeaTimer.exe (1.6.6.32)2010-01-11 unins000.exe (51.49.0.0)2009-01-26 Update.exe (1.6.0.7)2009-11-04 advcheck.dll (1.6.5.20)2007-04-02 aports.dll (2.1.0.0)2008-06-14 DelZip179.dll (1.79.11.1)2009-01-26 SDHelper.dll (1.6.2.14)2008-06-19 sqlite3.dll2009-01-26 Tools.dll (2.1.6.10)2009-01-16 UninsSrv.dll (1.0.0.0)2009-10-08 Includes\Adware.sbi (*)2010-01-05 Includes\AdwareC.sbi (*)2009-01-22 Includes\Cookies.sbi (*)2009-11-03 Includes\Dialer.sbi (*)2010-01-05 Includes\DialerC.sbi (*)2009-01-22 Includes\HeavyDuty.sbi (*)2009-05-26 Includes\Hijackers.sbi (*)2010-01-05 Includes\HijackersC.sbi (*)2009-12-15 Includes\Keyloggers.sbi (*)2010-01-05 Includes\KeyloggersC.sbi (*)2004-11-29 Includes\LSP.sbi (*)2009-12-30 Includes\Malware.sbi (*)2010-01-05 Includes\MalwareC.sbi (*)2009-03-25 Includes\PUPS.sbi (*)2010-01-05 Includes\PUPSC.sbi (*)2009-01-22 Includes\Revision.sbi (*)2009-01-13 Includes\Security.sbi (*)2010-01-05 Includes\SecurityC.sbi (*)2008-06-03 Includes\Spybots.sbi (*)2008-06-03 Includes\SpybotsC.sbi (*)2009-11-03 Includes\Spyware.sbi (*)2010-01-05 Includes\SpywareC.sbi (*)2009-06-08 Includes\Tracks.uti2009-12-08 Includes\Trojans.sbi (*)2010-01-05 Includes\TrojansC.sbi (*)2008-03-04 Plugins\Chai.dll2008-03-05 Plugins\Fennel.dll2008-02-26 Plugins\Mate.dll2007-12-24 Plugins\TCPIPAddress.dllMALWAREBYTES LOG:Malwarebytes' Anti-Malware 1.44Database version: 3545Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187021/11/2010 10:46:11 PMmbam-log-2010-01-11 (22-46-11).txtScan type: Quick ScanObjects scanned: 140870Time elapsed: 9 minute(s), 7 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)OTL SCAN:OTL logfile created on: 1/11/2010 10:47:46 PM - Run 4OTL by OldTimer - Version 3.1.24.0 Folder = C:\Documents and Settings\Jay Plesset\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1,014.00 Mb Total Physical Memory | 484.00 Mb Available Physical Memory | 48.00% Memory free2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File freePaging file location(s): C:\pagefile.sys 1524 3048 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 105.81 Gb Total Space | 63.66 Gb Free Space | 60.17% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: SUES_LAPTOPCurrent User Name: Jay PlessetLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OnSkip Microsoft Files: OnFile Age = 14 DaysOutput = StandardQuick Scan========== Processes (SafeList) ==========PRC - [2010/01/11 22:34:39 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay Plesset\Desktop\OTL.exePRC - [2009/11/24 18:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exePRC - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exePRC - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exePRC - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exePRC - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exePRC - [2009/09/28 19:34:22 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exePRC - [2009/09/28 19:34:16 | 00,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exePRC - [2009/04/23 17:49:56 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exePRC - [2008/10/20 10:36:40 | 00,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exePRC - [2008/09/26 11:02:04 | 02,356,088 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exePRC - [2008/08/11 12:41:00 | 00,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exePRC - [2008/08/11 12:41:00 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exePRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exePRC - [2008/01/20 08:05:35 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exePRC - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exePRC - [2007/08/10 02:21:56 | 16,384,000 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exePRC - [2007/08/03 19:10:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exePRC - [2007/07/05 18:05:04 | 00,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exePRC - [2007/07/05 18:04:18 | 00,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exePRC - [2007/07/05 18:03:32 | 00,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exePRC - [2007/04/08 20:24:32 | 00,054,832 | ---- | M] (Lenovo.) -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exePRC - [2007/03/16 08:26:22 | 00,057,344 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMSveH.exePRC - [2007/02/08 16:11:32 | 00,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exePRC - [2007/02/08 16:09:58 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exePRC - [2007/02/08 16:00:06 | 00,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exePRC - [2007/01/29 22:01:26 | 00,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXEPRC - [2007/01/04 22:48:52 | 00,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exePRC - [2006/11/02 23:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exePRC - [2006/10/12 02:28:56 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXEPRC - [2006/10/12 02:28:48 | 01,134,592 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\BCMWLTRY.EXEPRC - [2006/05/24 00:08:06 | 00,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exePRC - [2006/05/19 00:51:16 | 00,774,233 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exePRC - [2006/05/18 19:24:06 | 00,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exePRC - [2005/11/10 16:03:52 | 00,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exePRC - [2004/08/04 07:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exe========== Modules (SafeList) ==========MOD - [2010/01/11 22:34:39 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay Plesset\Desktop\OTL.exe========== Win32 Services (SafeList) ==========SRV - File not found [On_Demand | Stopped] -- -- (FingerprintServer)SRV - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)SRV - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)SRV - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)SRV - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)SRV - [2009/09/28 19:34:22 | 00,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)SRV - [2009/04/30 13:23:41 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)SRV - [2009/04/23 17:49:56 | 00,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)SRV - [2008/10/20 10:36:40 | 00,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)SRV - [2008/08/11 12:41:00 | 00,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)SRV - [2008/04/13 19:12:02 | 00,065,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\nwwks.dll -- (NWCWorkstation)SRV - [2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)SRV - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)SRV - [2007/08/03 19:10:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)SRV - [2007/07/05 18:05:04 | 00,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)SRV - [2007/07/05 18:03:32 | 00,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)SRV - [2007/05/24 07:08:44 | 00,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)SRV - [2007/04/08 20:24:32 | 00,054,832 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe -- (FNF5SVC)SRV - [2007/03/16 08:26:22 | 00,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe -- (PMSveH)SRV - [2007/02/08 16:11:32 | 00,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)SRV - [2007/02/08 16:09:58 | 00,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)SRV - [2007/01/29 22:01:26 | 00,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)SRV - [2007/01/04 22:48:52 | 00,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)SRV - [2006/11/02 23:40:12 | 00,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)SRV - [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)SRV - [2006/10/12 02:28:56 | 00,020,480 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)SRV - [2006/05/24 00:08:06 | 00,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)SRV - [2005/11/14 04:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/11 21:34:00 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/11 21:33:51 | 00,000,000 | ---D | M][2010/01/11 21:34:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jay Plesset\Application Data\Mozilla\Extensions[2010/01/11 21:46:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jay Plesset\Application Data\Mozilla\Firefox\Profiles\kqmnm4uk.default\extensions[2010/01/11 21:33:51 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensionsO1 HOSTS File: (371817 bytes) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO1 - Hosts: 127.0.0.1 www.007guard.comO1 - Hosts: 127.0.0.1 007guard.comO1 - Hosts: 127.0.0.1 008i.comO1 - Hosts: 127.0.0.1 www.008k.comO1 - Hosts: 127.0.0.1 008k.comO1 - Hosts: 127.0.0.1 www.00hq.comO1 - Hosts: 127.0.0.1 00hq.comO1 - Hosts: 127.0.0.1 010402.comO1 - Hosts: 127.0.0.1 www.032439.comO1 - Hosts: 127.0.0.1 032439.comO1 - Hosts: 127.0.0.1 www.0scan.comO1 - Hosts: 127.0.0.1 0scan.comO1 - Hosts: 127.0.0.1 www.1000gratisproben.comO1 - Hosts: 127.0.0.1 1000gratisproben.comO1 - Hosts: 127.0.0.1 www.1001namen.comO1 - Hosts: 127.0.0.1 1001namen.comO1 - Hosts: 127.0.0.1 www.100888290cs.comO1 - Hosts: 127.0.0.1 100888290cs.comO1 - Hosts: 127.0.0.1 www.100sexlinks.comO1 - Hosts: 127.0.0.1 100sexlinks.comO1 - Hosts: 127.0.0.1 10sek.comO1 - Hosts: 127.0.0.1 www.10sek.comO1 - Hosts: 127.0.0.1 1-2005-search.comO1 - Hosts: 127.0.0.1 www.1-2005-search.comO1 - Hosts: 12818 more lines...O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)O4 - HKLM..\RunOnce: [spybotDeletingA1658] C:\WINDOWS\System32\command.com ()O4 - HKLM..\RunOnce: [spybotDeletingA2135] C:\WINDOWS\System32\command.com ()O4 - HKLM..\RunOnce: [spybotDeletingA3373] C:\WINDOWS\System32\command.com ()O4 - HKLM..\RunOnce: [spybotDeletingA3897] C:\WINDOWS\System32\command.com ()O4 - HKLM..\RunOnce: [spybotDeletingC5390] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)O4 - HKLM..\RunOnce: [spybotDeletingC5998] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)O4 - HKLM..\RunOnce: [spybotDeletingC6777] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)O4 - HKLM..\RunOnce: [spybotDeletingC8650] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)O4 - HKCU..\RunOnce: [spybotDeletingB269] C:\WINDOWS\System32\command.com ()O4 - HKCU..\RunOnce: [spybotDeletingB294] C:\WINDOWS\System32\command.com ()O4 - HKCU..\RunOnce: [spybotDeletingB7085] C:\WINDOWS\System32\command.com ()O4 - HKCU..\RunOnce: [spybotDeletingB9085] C:\WINDOWS\System32\command.com ()O4 - HKCU..\RunOnce: [spybotDeletingD1835] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)O4 - HKCU..\RunOnce: [spybotDeletingD3451] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)O4 - HKCU..\RunOnce: [spybotDeletingD6623] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)O4 - HKCU..\RunOnce: [spybotDeletingD8889] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: NoActiveDesktopChanges = [binary data]O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: NoActiveDesktop = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: NoSaveSettings = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: ClassicShell = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab (IASRunner Class)O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)O24 - Desktop WallPaper: C:\Documents and Settings\Jay Plesset\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\Jay Plesset\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2006/04/30 02:13:35 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - comfile [open] -- "%1" %*O35 - exefile [open] -- "%1" %*NetSvcs: 6to4 - File not foundNetSvcs: Ias - C:\WINDOWS\system32\ias [2007/11/27 22:30:07 | 00,000,000 | ---D | M]NetSvcs: Iprip - File not foundNetSvcs: Irmon - File not foundNetSvcs: NWCWorkstation - C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation)NetSvcs: Nwsapagent - File not foundNetSvcs: WmdmPmSp - File not foundCREATERESTOREPOINTRestore point Set: OTL Restore Point (16892003295952896)========== Files/Folders - Created Within 14 Days ==========[2010/01/11 22:34:37 | 00,544,256 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jay Plesset\Desktop\OTL.exe[2010/01/11 22:34:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jay Plesset\My Documents\Downloads[2010/01/11 22:25:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jay Plesset\Local Settings\Application Data\PDF Writer[2010/01/11 22:25:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jay Plesset\Application Data\PDF Writer[2010/01/11 22:25:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PDF Writer[2010/01/11 22:21:36 | 00,227,840 | ---- | C] (Bullzip) -- C:\WINDOWS\System32\bzFlRdr.dll[2010/01/11 22:21:36 | 00,131,072 | ---- | C] (Bullzip) -- C:\WINDOWS\System32\bzpdfc.dll[2010/01/11 22:21:36 | 00,103,424 | ---- | C] (Bullzip) -- C:\WINDOWS\System32\bzDCT.dll[2010/01/11 22:21:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Bullzip[2010/01/11 22:21:33 | 00,194,560 | ---- | C] (Bullzip) -- C:\WINDOWS\System32\bzpdf.dll[2010/01/11 22:21:28 | 00,000,000 | ---D | C] -- C:\Program Files\Bullzip[2010/01/11 21:34:35 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy[2010/01/11 21:34:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy[2010/01/11 21:33:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jay Plesset\Local Settings\Application Data\Mozilla[2010/01/11 21:33:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jay Plesset\Application Data\Mozilla[2010/01/11 21:31:18 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Jay Plesset\Desktop\spybotsd162.exe[2010/01/06 23:01:15 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Jay Plesset\Recent[2010/01/06 22:57:26 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner[2010/01/06 22:25:02 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Jay Plesset\IECompatCache[2010/01/06 22:23:45 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Jay Plesset\PrivacIE[2010/01/06 22:21:49 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Jay Plesset\IETldCache[2010/01/06 22:17:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates[2010/01/06 22:15:45 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8[2010/01/06 22:14:12 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp[2010/01/06 21:29:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2[2009/12/30 22:29:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8[2009/12/30 00:23:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS[2009/12/29 23:59:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jay Plesset\Local Settings\Application Data\LogMeIn[2009/12/29 23:59:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn[2009/12/29 23:59:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ICS[2009/12/29 23:59:22 | 00,083,288 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll[2009/12/29 23:59:22 | 00,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys[2009/12/29 23:59:22 | 00,028,984 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll[2009/12/29 23:59:14 | 00,087,352 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll[2009/12/29 23:58:47 | 00,000,000 | ---D | C] -- C:\Program Files\LogMeIn[2009/12/29 23:54:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jay Plesset\Local Settings\Application Data\Deployment[2009/09/02 17:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intuit[2009/07/22 00:02:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft[2009/02/27 14:19:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit[2009/02/14 06:53:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth[2008/12/15 21:07:41 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft[2008/12/15 21:07:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft[2008/11/25 20:59:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe[2007/12/15 03:10:42 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files - Modified Within 14 Days ==========[2010/01/11 22:48:44 | 06,815,744 | ---- | M] () -- C:\Documents and Settings\Jay Plesset\NTUSER.DAT[2010/01/11 22:34:39 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay Plesset\Desktop\OTL.exe[2010/01/11 22:25:21 | 00,015,596 | ---- | M] () -- C:\Documents and Settings\Jay Plesset\Desktop\Spybot - Search & Destroy scan report.pdf[2010/01/11 22:21:40 | 00,001,716 | ---- | M] () -- C:\WINDOWS\System32\BioPdf.PdfWriter.Lib.tlb[2010/01/11 22:11:39 | 00,000,359 | ---- | M] () -- C:\WINDOWS\wininit.ini[2010/01/11 22:06:01 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job[2010/01/11 21:41:52 | 00,371,817 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts[2010/01/11 21:34:02 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat[2010/01/11 21:33:54 | 00,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk[2010/01/11 21:31:18 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Jay Plesset\Desktop\spybotsd162.exe[2010/01/11 21:04:26 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010/01/11 20:46:04 | 00,025,269 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI[2010/01/11 20:45:48 | 00,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI[2010/01/11 20:45:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010/01/11 20:45:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010/01/11 20:45:30 | 10,637,02528 | -HS- | M] () -- C:\hiberfil.sys[2010/01/11 20:44:46 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Jay Plesset\ntuser.ini[2010/01/10 15:51:47 | 04,792,240 | -H-- | M] () -- C:\Documents and Settings\Jay Plesset\Local Settings\Application Data\IconCache.db[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2010/01/07 00:12:09 | 00,001,710 | ---- | M] () -- C:\Documents and Settings\Jay Plesset\Desktop\wallpaperenable.reg[2010/01/06 23:18:31 | 00,000,881 | ---- | M] () -- C:\Documents and Settings\Jay Plesset\Desktop\fixreg.zip[2010/01/06 23:01:57 | 00,039,710 | ---- | M] () -- C:\Documents and Settings\Jay Plesset\My Documents\cc_20100106_230151.reg[2010/01/06 22:35:02 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest[2010/01/06 22:35:02 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest[2010/01/06 22:35:02 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest[2010/01/06 22:35:02 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest[2010/01/06 22:35:02 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest[2010/01/06 22:35:01 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest[2010/01/06 21:40:23 | 00,444,750 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2010/01/06 21:40:23 | 00,072,460 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2009/12/30 22:23:10 | 00,591,718 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2009/12/29 23:59:14 | 00,001,024 | ---- | M] () -- C:\.rnd[2009/12/29 23:40:01 | 90,042,970 | ---- | M] () -- C:\Documents and Settings\Jay Plesset\My Documents\registry_backup.reg[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files Created - No Company Name ==========[2010/01/11 22:25:21 | 00,015,596 | ---- | C] () -- C:\Documents and Settings\Jay Plesset\Desktop\Spybot - Search & Destroy scan report.pdf[2010/01/11 22:21:40 | 00,001,716 | ---- | C] () -- C:\WINDOWS\System32\BioPdf.PdfWriter.Lib.tlb[2010/01/11 22:21:37 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\BioPdf.PdfWriter.Lib.dll[2010/01/11 22:11:38 | 00,000,359 | ---- | C] () -- C:\WINDOWS\wininit.ini[2010/01/11 21:34:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat[2010/01/11 21:33:54 | 00,001,609 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk[2010/01/07 00:12:09 | 00,001,710 | ---- | C] () -- C:\Documents and Settings\Jay Plesset\Desktop\wallpaperenable.reg[2010/01/06 23:18:31 | 00,000,881 | ---- | C] () -- C:\Documents and Settings\Jay Plesset\Desktop\fixreg.zip[2010/01/06 23:01:54 | 00,039,710 | ---- | C] () -- C:\Documents and Settings\Jay Plesset\My Documents\cc_20100106_230151.reg[2009/12/30 00:32:23 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Startup.cpl[2009/12/29 23:59:13 | 00,001,024 | ---- | C] () -- C:\.rnd[2009/12/29 23:39:50 | 90,042,970 | ---- | C] () -- C:\Documents and Settings\Jay Plesset\My Documents\registry_backup.reg[2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini[2008/04/23 21:40:33 | 00,003,140 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys[2008/04/23 21:40:33 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\F908CF7746.sys[2007/12/21 13:59:55 | 00,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI[2007/11/27 23:26:04 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini[2007/11/27 23:08:13 | 00,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys[2007/11/27 22:58:05 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll[2007/11/27 22:58:05 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll[2007/11/27 22:58:05 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll[2007/11/27 22:58:05 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll[2007/11/27 22:58:05 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll[2007/11/27 22:58:05 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll[2007/11/27 22:53:03 | 00,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll[2007/11/27 22:53:03 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll[2007/11/27 22:52:51 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll[2007/11/27 22:52:50 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll[2007/11/27 22:51:50 | 00,012,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS[2007/11/27 22:50:25 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll[2007/08/16 05:28:38 | 00,025,269 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI[2007/08/16 05:28:27 | 00,000,380 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI[2007/02/09 14:54:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini[2006/04/30 02:31:51 | 00,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI[2006/04/30 02:22:10 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini========== LOP Check ==========[2007/11/27 23:03:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland[2009/02/27 09:11:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES[2009/05/17 08:24:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo[2009/12/29 23:59:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn[2010/01/11 22:25:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF Writer[2007/11/27 23:20:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}[2007/12/30 21:00:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jay Plesset\Application Data\InterVideo[2008/11/22 09:12:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jay Plesset\Application Data\Leadertech[2009/05/17 08:24:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jay Plesset\Application Data\Lenovo[2009/12/12 08:52:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jay Plesset\Application Data\MSNInstaller[2008/08/16 06:50:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jay Plesset\Application Data\Opera[2010/01/11 22:25:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jay Plesset\Application Data\PDF Writer[2010/01/11 22:06:01 | 00,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job========== Purity Check ==================== Custom Scans ==========< %SYSTEMDRIVE%\*.exe >< MD5 for: AGP440.SYS >[2004/08/04 07:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys[2004/08/04 07:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys[2009/03/01 19:00:15 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys[2009/03/01 19:00:15 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys[2004/08/04 01:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys< MD5 for: ATAPI.SYS >[2004/08/04 07:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys[2004/08/04 07:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys[2009/03/01 19:00:15 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys[2009/03/01 19:00:15 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys[2007/04/03 05:39:42 | 00,096,384 | ---- | M] (Microsoft Corporation) MD5=2218E3FD674DC284CE98C807086CAB14 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys[2007/04/03 05:39:42 | 00,096,384 | ---- | M] (Microsoft Corporation) MD5=2218E3FD674DC284CE98C807086CAB14 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys< MD5 for: EVENTLOG.DLL >[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll[2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll< MD5 for: IASTOR.SYS >[2007/02/11 23:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\drivers\other\iastor.sys[2007/02/11 23:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SWTOOLS\DRIVERS\IMSM\iastor.sys[2007/02/12 12:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys< MD5 for: NETLOGON.DLL >[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll[2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll< MD5 for: SCECLI.DLL >[2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll< %systemroot%\*. /mp /s >< End of report > Quote Link to post Share on other sites
schrauber Posted January 13, 2010 Report Share Posted January 13, 2010 How is your browser working? The logs looking good. Can you explain that problem with the wallpaper please? Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.