Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mebroot / torpig signatures found by ISP


  • This topic is locked This topic is locked
25 replies to this topic

#1 bxharv2

bxharv2

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great State of Idaho
  • Local time:03:51 PM

Posted 29 March 2010 - 11:39 PM

I have read many posts and this organization is GREAT thumbup.gif . It is nice to see so many use their skills to help rather than hurt others.

Initally I posted on the "am i infected " forum and the administrator referred me to this forum.

The attached DDS and GMER logs are from the first of 10 PCs on my SBS 2003 Server network. My PCs run Windows XP Professional SP3. My ISP has blocked my internet access until I clean my network.

To find the infected machine I am proposing a process of elimination.

Can I or should I run DDS and GMER on my server?

Results for FCI13.FCI.local

DDS (Ver_10-03-17.01) - NTFSx86
Run by bharvey at 19:56:55.25 on Mon 03/29/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2125 [GMT -6:00]

AV: Trend Micro Client/Server Security Agent Antivirus *On-access scanning enabled* (Updated) {2C78C58A-731D-4DB7-AB8C-395DAAC30034}
FW: Trend Micro Client-Server Security Agent Firewall *disabled* {2C78C58A-731D-4DB7-AB8C-395DAAC30034}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\bharvey\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?hl=en
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1003\TmIEPlg.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [<NO NAME>]
mRun: [TpShocks] TpShocks.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [AMSG] c:\progra~1\thinkv~1\amsg\amsg.exe
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1
mRun: [OE] "c:\program files\trend micro\client server security agent\tmas_oe\TMAS_OEMon.exe"
mRun: [Mouse Suite 98 Daemon] ICO.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\client server security agent\bho\1003\TmIEPlg.dll
Notify: ACNotify - ACNotify.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli ACGina psqlpwd

============= SERVICES / DRIVERS ===============

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-9-28 19504]
R1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\drivers\SWIPsec.sys [2010-3-18 87064]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-3-12 54752]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-3-15 11152]
R2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\sonicwall\sonicwall global vpn client\SWGVCSvc.exe [2009-3-5 227352]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-3-18 50704]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\tmxpflt.sys [2008-10-29 225808]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2008-10-29 36368]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-8 569344]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2010-3-3 81280]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-10-29 339984]
R3 tmpfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\trend micro\client server security agent\TmPfw.exe [2010-3-18 497008]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\TmProxy.exe [2010-3-18 689416]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
S1 DK12DRV;DK12 WindowsNT Driver;c:\windows\system32\drivers\dk12drv.sys --> c:\windows\system32\drivers\DK12DRV.SYS [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-13 135664]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-3-12 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-3-12 8456]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\drivers\SWVNIC.sys [2009-3-4 21016]

=============== Created Last 30 ================

2010-03-23 23:51:37 0 d-----w- c:\docume~1\bharvey\applic~1\Office Genuine Advantage
2010-03-23 23:50:36 0 d-----w- c:\docume~1\bharvey\applic~1\Windows Search
2010-03-23 23:37:25 0 d-----w- c:\docume~1\bharvey\applic~1\Windows Desktop Search
2010-03-23 23:36:51 0 d-----w- c:\program files\Windows Desktop Search
2010-03-23 23:34:24 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2010-03-23 14:57:33 302 ----a-w- c:\program files\temp995.bat
2010-03-22 15:09:14 0 d-----w- C:\_SMA
2010-03-18 18:11:16 0 d-----w- c:\docume~1\bharvey\applic~1\SonicWALL
2010-03-18 18:06:24 87064 ----a-w- c:\windows\system32\drivers\SWIPsec.sys
2010-03-18 18:05:02 0 d-----w- c:\program files\common files\Deterministic Networks
2010-03-18 18:05:01 0 d-----w- c:\program files\SonicWALL
2010-03-18 18:00:32 0 d-----w- c:\docume~1\bharvey\applic~1\UltraVNC
2010-03-18 17:59:38 0 d-----w- c:\program files\UltraVNC
2010-03-18 16:52:20 28 ----a-w- c:\windows\pdf995.ini
2010-03-18 16:45:41 60 ----a-w- c:\windows\wpd99.drv
2010-03-18 16:45:41 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2010-03-18 16:45:41 249856 ----a-w- c:\windows\system32\pdfmona.dll
2010-03-18 16:45:41 0 d-----w- c:\docume~1\alluse~1\applic~1\pdf995
2010-03-18 16:45:39 0 d-----w- c:\program files\pdf995
2010-03-18 15:32:54 0 d-----w- C:\temp
2010-03-18 15:28:53 59920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-03-18 15:28:53 50704 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-03-18 15:28:21 0 d-----w- c:\docume~1\alluse~1\applic~1\Trend Micro
2010-03-18 15:27:47 31 ----a-w- C:\tmuninst.ini
2010-03-18 15:26:03 158224 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-03-18 15:25:58 0 d-----w- c:\windows\system32\log
2010-03-18 15:25:56 89872 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-03-17 20:29:56 0 d-----w- c:\docume~1\bharvey\applic~1\Malwarebytes
2010-03-17 20:29:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-17 20:29:51 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-17 20:29:51 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-17 20:29:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-17 17:15:47 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-03-17 17:15:47 249856 ------w- c:\windows\Setup1.exe
2010-03-17 17:11:29 0 d-----w- c:\program files\Razor Gage Parts List Processor V5.21
2010-03-17 16:34:00 0 d-----w- c:\program files\common files\supportsoft
2010-03-17 16:33:46 3833856 ----a-w- c:\windows\system32\cdintf300.dll
2010-03-17 16:33:46 1843200 ----a-w- c:\windows\system32\acXMLParser.dll
2010-03-17 16:32:27 0 d-----w- c:\program files\common files\Intuit
2010-03-17 16:32:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Intuit
2010-03-17 16:32:26 0 d-----w- c:\program files\Intuit
2010-03-17 16:29:12 0 d-----w- c:\docume~1\alluse~1\applic~1\COMMON FILES
2010-03-17 15:59:03 0 d-----w- c:\program files\Akamai
2010-03-17 15:58:37 0 d-----w- c:\program files\QuickBooks
2010-03-16 23:06:33 72016 ------w- c:\docume~1\bharvey\applic~1\GDIPFONTCACHEV1.DAT
2010-03-16 22:01:35 0 d-----w- C:\Planit_CVParts
2010-03-16 22:01:23 0 d-----w- C:\Planit_NC-Output_Fileholding
2010-03-16 22:01:12 0 d-----w- C:\Planit_CVNest
2010-03-16 22:01:03 0 d-----w- C:\Planit_CVChopSaw
2010-03-16 21:44:54 0 d-----w- c:\docume~1\alluse~1\applic~1\SafeNet Sentinel
2010-03-16 21:43:51 0 d-----w- c:\program files\common files\Planit
2010-03-16 21:43:50 0 d-----w- c:\program files\AlphaV75
2010-03-16 21:43:45 0 d-----w- c:\program files\TEC-IT
2010-03-16 21:41:46 0 d-----w- c:\program files\common files\SafeNet Sentinel
2010-03-16 21:39:01 0 d-----w- C:\Planit
2010-03-16 21:20:56 118784 ----a-w- c:\windows\system32\ACAMMDLINK.dll
2010-03-16 21:20:41 390656 ----a-w- c:\windows\system32\AlphaViewer.ocx
2010-03-16 21:12:54 18728 ----a-w- c:\windows\system32\ISHF_Ex.tlb
2010-03-16 21:12:49 693760 ----a-w- c:\windows\system32\drivers\hardlock.sys
2010-03-16 21:12:27 0 d-----w- C:\CADFILES
2010-03-16 21:12:14 0 d-----w- C:\LICOMDIR
2010-03-16 21:12:07 0 d-----w- C:\LICOMDAT
2010-03-16 21:09:38 110080 ----a-w- c:\windows\system32\xapi.dll
2010-03-16 21:08:20 0 d-----w- c:\docume~1\alluse~1\applic~1\LicomSystems
2010-03-16 21:03:57 0 d-----w- c:\program files\ALPHAV7
2010-03-16 17:38:16 0 d-----w- c:\program files\HP
2010-03-16 17:15:06 0 d--h--w- c:\program files\Avago-HP
2010-03-16 17:14:55 65536 ----a-w- c:\windows\system32\HPPLVS.dll
2010-03-16 17:14:55 284160 ----a-w- c:\windows\system32\HP1006LM.DLL
2010-03-16 17:08:11 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-03-16 17:08:11 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2010-03-15 21:22:05 1434 ----a-w- c:\windows\KEYORG.INI
2010-03-15 21:22:05 0 d-----w- c:\documents and settings\bharvey\WINDOWS
2010-03-15 21:21:48 0 d-----w- C:\KEYORG
2010-03-15 21:03:50 0 d-----w- c:\program files\common files\Merge Modules
2010-03-15 21:03:13 0 d-----w- c:\program files\common files\Business Objects
2010-03-15 21:03:13 0 d-----w- c:\program files\Business Objects
2010-03-15 15:30:26 0 d-----w- c:\documents and settings\bharvey\Tracing
2010-03-15 14:19:59 0 d-----w- c:\docume~1\bharvey\applic~1\nView_Wallpaper
2010-03-15 14:13:58 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-03-15 14:13:58 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2010-03-15 14:13:55 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-03-15 14:13:55 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-03-15 14:13:46 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-03-15 14:13:46 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-03-13 20:53:51 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-03-13 20:53:50 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-13 20:53:16 0 d-----w- c:\program files\iPod
2010-03-13 20:53:13 0 d-----w- c:\program files\iTunes
2010-03-13 20:53:13 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-13 20:53:00 0 d-----w- c:\program files\Bonjour
2010-03-13 00:12:38 14814 ----a-w- c:\windows\cfgall.ini
2010-03-13 00:09:02 516 ----a-w- c:\windows\ODBC.INI
2010-03-13 00:08:28 0 d-----w- c:\program files\Microsoft ActiveSync
2010-03-13 00:06:53 0 d-----w- c:\windows\ShellNew
2010-03-13 00:06:50 0 d-----w- c:\program files\common files\L&H
2010-03-12 23:20:09 0 d-----w- C:\regbackup
2010-03-12 23:19:02 0 d-----w- c:\program files\CCleaner
2010-03-12 22:56:46 0 d-----w- c:\program files\Trend Micro
2010-03-12 22:51:51 0 d-sh--w- c:\documents and settings\bharvey\IECompatCache
2010-03-12 22:43:17 0 d-sh--w- c:\documents and settings\bharvey\PrivacIE
2010-03-12 22:35:46 0 d-----w- c:\docume~1\bharvey\applic~1\Intel
2010-03-12 22:35:26 0 d-----w- c:\program files\Microsoft Windows Small Business Server
2010-03-12 22:35:18 0 d-----w- c:\docume~1\bharvey\applic~1\Lenovo
2010-03-12 21:18:12 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-03-12 21:18:12 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-03-12 21:18:12 1692288 ----a-w- c:\windows\system32\BootMan.exe
2010-03-12 21:18:12 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-03-12 21:18:12 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2010-03-12 21:18:07 0 d-----w- c:\program files\EASEUS
2010-03-12 21:13:29 0 d-----w- C:\utilities
2010-03-12 20:36:42 0 d-----w- c:\windows\system32\NtmsData
2010-03-12 16:11:59 122389 ----a-w- c:\windows\system32\nvModes.dat
2010-03-12 16:11:59 122389 ----a-w- c:\windows\system32\nvModes.001
2010-03-12 16:07:47 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-03-12 16:06:34 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-03-12 16:06:31 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-03-12 16:05:50 0 d-----w- c:\program files\Microsoft
2010-03-12 16:05:33 0 d-----w- c:\program files\Windows Live SkyDrive
2010-03-12 15:52:58 0 d-----w- c:\program files\common files\Windows Live
2010-03-12 15:52:18 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-03-12 15:52:08 0 d-----w- c:\windows\ie8updates
2010-03-12 15:51:50 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-03-12 15:51:49 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-12 15:50:27 0 dc-h--w- c:\windows\ie8
2010-03-12 15:46:42 37255 ----a-w- c:\windows\system32\nvwsapps.xml
2010-03-12 15:44:40 0 d-----w- c:\windows\system32\LogFiles
2010-03-12 15:27:17 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-03 21:50:57 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-03-03 21:50:57 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2010-03-03 21:50:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-03-03 21:50:45 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2010-03-03 21:34:45 0 d-----w- C:\Downloads
2010-03-03 21:33:33 0 d-----w- C:\OLD PC
2010-03-03 21:19:03 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat
2010-03-03 20:47:11 0 d-----w- c:\windows\system32\XPSViewer
2010-03-03 18:42:31 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-03-03 18:42:31 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-03-03 18:42:31 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-03-03 18:42:31 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-03-03 18:42:31 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-03-03 18:42:31 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-03-03 18:42:31 117760 ------w- c:\windows\system32\prntvpt.dll
2010-03-03 18:42:31 0 d-----w- C:\e8a1fd330552be1f68
2010-03-03 18:40:11 0 d-----w- C:\9f9ca3608261e552f35b7f94a15c9824
2010-03-03 18:40:08 0 d-----w- C:\235690450eed3527eba46e9f
2010-03-03 16:48:59 94208 ------w- c:\windows\system32\eappgnui.dll
2010-03-03 16:47:57 844314 ------w- c:\windows\system32\dllcache\msdxm.ocx
2010-03-03 16:46:59 56623 ------w- c:\windows\system32\drivers\ati1btxx.sys
2010-03-03 16:44:13 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-03-03 16:43:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-03-03 16:43:30 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-03-03 16:40:51 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-03-03 16:40:51 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-03-03 16:40:49 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-03 16:40:44 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-03-03 16:40:38 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-03-03 16:40:27 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2010-03-03 16:40:07 128512 ------w- c:\windows\system32\dllcache\dhtmled.ocx
2010-03-03 16:39:54 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-03-03 16:39:54 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-03-03 16:39:54 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-03-03 16:39:54 35328 ------w- c:\windows\system32\dllcache\sc.exe
2010-03-03 16:39:54 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-03-03 16:39:54 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-03-03 16:39:54 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-03-03 16:39:53 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-03-03 16:39:53 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-03-03 16:38:10 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-03-03 16:37:56 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2010-03-03 16:37:52 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-03-03 16:37:26 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-03 16:37:26 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-03-03 16:37:26 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-03-03 16:37:05 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-03-03 16:36:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-03-03 16:36:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-03 16:34:53 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-03-03 16:34:53 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-03-03 16:34:53 1206508 ------w- c:\windows\system32\dllcache\sysmain.sdb
2010-03-03 16:34:45 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2010-03-03 16:33:32 0 d-----w- c:\windows\system32\PreInstall
2010-03-03 16:31:28 0 d-----w- c:\windows\system32\Client Security Solution
2010-03-03 16:24:41 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-03-03 16:24:41 215920 ----a-w- c:\windows\system32\muweb.dll
2010-03-03 16:24:41 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-03-03 16:23:50 50 ----a-w- c:\windows\system32\drivers\LENOVO_6459_CTO.MRK
2010-03-03 16:23:50 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-03-03 16:23:47 0 d-----w- c:\program files\Windows Live Toolbar
2010-03-03 16:23:46 10 ----a-w- c:\windows\system32\firstboot.lgl
2010-03-03 16:23:02 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-03-03 16:04:24 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-03-03 16:02:07 61 ----a-w- c:\windows\smscfg.ini
2010-03-03 16:01:22 0 d-----w- c:\program files\common files\ThinkVantage Fingerprint Software
2010-03-03 16:01:20 0 d-----w- c:\program files\ThinkVantage Fingerprint Software
2010-03-03 16:01:13 0 d-----w- c:\docume~1\alluse~1\applic~1\UIB
2010-03-03 16:00:50 0 d-sh--r- C:\RRbackups
2010-03-03 15:58:10 129784 ----a-w- c:\windows\system32\pxafs.dll
2010-03-03 15:58:10 118520 ----a-w- c:\windows\system32\pxinsi64.exe
2010-03-03 15:58:10 115960 ----a-w- c:\windows\system32\pxcpyi64.exe
2010-03-03 15:57:56 0 d-----w- C:\SWSHARE
2010-03-03 15:57:54 33536 ----a-w- c:\windows\system32\drivers\tvtfilter.sys
2010-03-03 15:57:11 7012 ----a-w- c:\windows\system32\drivers\pmemnt.sys
2010-03-03 15:56:57 583232 ----a-w- c:\windows\system32\tvt_gina.dll
2010-03-03 15:56:57 292416 ----a-w- c:\windows\system32\tvt_gina_api.dll
2010-03-03 15:56:56 4224 ----a-w- c:\windows\system32\drivers\IBMBLDID.sys
2010-03-03 15:56:56 11520 ----a-w- c:\windows\system32\drivers\ANC.sys
2010-03-03 15:56:56 0 ----a-w- c:\windows\system32\AccConnAdvanced.html
2010-03-03 15:56:44 0 d-----w- c:\program files\Diskeeper Corporation
2010-03-03 15:56:38 0 d-----w- c:\windows\Downloaded Installations
2010-03-03 15:56:31 0 d-----w- c:\docume~1\alluse~1\applic~1\PC-Doctor
2010-03-03 15:56:03 0 d-----w- c:\program files\PCDR5
2010-03-03 15:56:00 5292056 ----a-w- c:\windows\1680_1050 Think Americas Map.bmp
2010-03-03 15:56:00 1920056 ----a-w- c:\windows\800_600 Think Americas Map.bmp
2010-03-03 15:56:00 114688 ----a-w- c:\windows\desktopset.exe
2010-03-03 15:55:59 7680056 ----a-w- c:\windows\1600_1200 Think Americas Map.bmp
2010-03-03 15:55:59 5880056 ----a-w- c:\windows\1400_1050 Think Americas Map.bmp
2010-03-03 15:55:59 5242936 ----a-w- c:\windows\1280_1024 Think Americas Map.bmp
2010-03-03 15:55:59 3145784 ----a-w- c:\windows\1024_768 Think Americas Map.bmp
2010-03-03 15:55:59 3072056 ----a-w- c:\windows\1280_800 Think Americas Map.bmp
2010-03-03 15:55:59 2949176 ----a-w- c:\windows\1280_768 Think Americas Map.bmp
2010-03-03 15:53:27 0 d-----w- c:\program files\Lenovo Registration
2010-03-03 15:53:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Lenovo
2010-03-03 15:52:35 0 d-----w- c:\program files\ThinkVantage
2010-03-03 15:52:31 0 d-----w- c:\program files\Sonic Icons for Lenovo
2010-03-03 15:52:26 0 d-----w- c:\program files\Sonic
2010-03-03 15:52:26 0 d-----w- c:\program files\common files\SureThing Shared
2010-03-03 15:52:01 0 d-----w- c:\program files\Multimedia Center for Think Offerings
2010-03-03 15:52:01 0 d-----w- c:\program files\common files\Sonic Shared
2010-03-03 15:51:33 21060 ----a-w- c:\windows\system32\drivers\iviaspi.sys
2010-03-03 15:51:05 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2010-03-03 15:51:05 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2010-03-03 15:51:05 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2010-03-03 15:51:05 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2010-03-03 15:51:04 20480 ----a-w- c:\windows\system32\IVIresize.dll
2010-03-03 15:51:04 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2010-03-03 15:51:00 0 d-----w- c:\program files\InterVideo
2010-03-03 15:50:48 0 d-----w- c:\program files\common files\InterVideo
2010-03-03 15:49:35 0 d-----w- c:\windows\system32\(null)
2010-03-03 15:49:32 0 d-----w- c:\program files\common files\Lenovo
2010-03-03 15:49:27 21376 ----a-w- c:\windows\system32\drivers\psadd.sys
2010-03-03 15:46:00 333 ----a-w- c:\windows\system32\$ncsp$.inf
2010-03-03 15:45:12 0 d-----w- c:\program files\Analog Devices
2010-03-03 15:43:23 0 d-----w- c:\program files\Digital Line Detect
2010-03-03 15:43:20 0 d-----w- c:\program files\NetWaiting
2010-03-03 15:43:11 0 d-----w- c:\program files\CONEXANT
2010-03-03 15:42:49 988800 ----a-w- c:\windows\system32\drivers\HSF_DPV.sys
2010-03-03 15:42:49 94208 ----a-w- c:\windows\system32\mdmxsdk.dll
2010-03-03 15:42:49 730112 ----a-w- c:\windows\system32\drivers\HSF_CNXT.sys
2010-03-03 15:42:49 209664 ----a-w- c:\windows\system32\drivers\HSFHWAZL.sys
2010-03-03 15:42:49 176128 ----a-w- c:\windows\system32\UCI32M16.dll
2010-03-03 15:42:49 144201 ----a-w- c:\windows\system32\drivers\HSFProf.cty
2010-03-03 15:42:49 12672 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2010-03-03 15:42:20 12848 ----a-w- c:\windows\system32\drivers\TSMAPIP.SYS
2010-03-03 15:42:20 0 d-----w- c:\program files\Lenovo
2010-03-03 15:41:40 67960 ----a-w- c:\windows\system32\drivers\btwusb.sys
2010-03-03 15:41:40 106557 ----a-w- c:\windows\system32\btw_ci.dll
2010-03-03 15:41:39 868042 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2010-03-03 15:41:15 16384 ----a-w- c:\windows\PWMBTHLP.EXE
2010-03-03 15:41:14 4442 ----a-w- c:\windows\system32\drivers\TPPWRIF.SYS
2010-03-03 15:41:14 0 d-----w- c:\program files\ThinkPad
2010-03-03 15:40:32 9598080 ----a-w- c:\windows\system32\drivers\snp2uvc.sys
2010-03-03 15:40:32 569344 ----a-w- c:\windows\vsnp2uvc.exe
2010-03-03 15:40:32 15497 ----a-w- c:\windows\snp2uvc.ini
2010-03-03 15:40:32 13022 ----a-w- c:\windows\snp2uvc.src
2010-03-03 15:40:31 53248 ----a-w- c:\windows\system32\csnp2uvc.dll
2010-03-03 15:40:31 299008 ----a-w- c:\windows\system32\vsnp2uvc.dll
2010-03-03 15:40:31 27904 ----a-w- c:\windows\system32\drivers\sncduvc.sys
2010-03-03 15:40:31 167936 ----a-w- c:\windows\system32\rsnp2uvc.dll
2010-03-03 15:40:31 0 d-----w- c:\program files\common files\snp2uvc
2010-03-03 15:39:34 0 d-----w- c:\windows\system32\ReinstallBackups
2010-03-03 15:39:33 65536 ----a-w- c:\windows\system32\SynTPFcs.dll
2010-03-03 15:39:32 77824 ----a-w- c:\windows\system32\SynTPCoI.dll
2010-03-03 15:39:32 225664 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-03-03 15:39:32 200704 ----a-w- c:\windows\system32\SynCtrl.dll
2010-03-03 15:39:32 163840 ----a-w- c:\windows\system32\SynCOM.dll
2010-03-03 15:39:32 147456 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-03-03 15:39:32 0 d-----w- c:\program files\Synaptics
2010-03-03 15:39:06 21393 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-03-03 15:39:06 21393 ----a-w- c:\windows\AegisP.sys
2010-03-03 15:39:06 13864 ----a-w- c:\windows\AegisP.inf
2010-03-03 15:39:06 10640 ----a-w- c:\windows\AegisP.cat
2010-03-03 15:38:34 684032 ----a-w- c:\windows\system32\NETw4c32.dll
2010-03-03 15:38:34 2772992 ----a-w- c:\windows\system32\NETw4r32.dll
2010-03-03 15:38:34 2206976 ----a-w- c:\windows\system32\drivers\NETw4x32.sys
2010-03-03 15:38:16 0 d-----w- c:\program files\MSXML 4.0
2010-03-03 15:35:41 28672 ----a-w- c:\windows\system32\verclsid.exe
2010-03-03 15:31:59 0 d-----w- c:\program files\Windows Media Connect 2
2010-03-03 15:31:51 0 d-----w- c:\windows\RegisteredPackages
2010-03-03 15:31:39 138 ----a-w- c:\windows\system32\Softkbd.exe.config
2010-03-03 15:28:16 10240 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys
2010-03-03 15:25:59 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys
2010-03-03 15:25:58 14208 ----a-w- c:\windows\system32\drivers\battc.sys
2010-03-03 15:25:58 13952 ----a-w- c:\windows\system32\drivers\cmbatt.sys
2010-03-03 15:25:41 7168 ----a-w- c:\windows\system32\hccoin.dll
2010-03-03 15:25:41 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-03-03 15:25:29 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2010-03-03 15:25:29 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2010-03-03 15:25:28 53376 ----a-w- c:\windows\system32\drivers\1394bus.sys
2010-03-03 15:25:18 8832 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
2010-03-03 15:24:04 7710 ----a-w- c:\windows\system32\dllcache\OEMBIOS.CAT
2010-03-03 15:24:04 4608 ----a-w- c:\windows\system32\Thumbs.db
2010-03-03 15:24:02 36400 ----a-w- c:\windows\system32\ibmpmsvc.exe
2010-03-03 15:24:02 35376 ----a-w- c:\windows\system32\tpinspm.dll
2010-03-03 15:24:02 21424 ----a-w- c:\windows\system32\drivers\ibmpmdrv.sys
2010-03-03 15:24:02 144384 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2010-03-03 15:24:01 90112 ----a-w- c:\windows\system32\snymsico.dll
2010-03-03 15:24:01 45568 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2010-03-03 15:24:01 43008 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2010-03-03 15:24:01 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys
2010-03-03 15:24:01 172032 ----a-w- c:\windows\system32\rixdicon.dll
2010-03-03 15:24:00 81280 ----a-w- c:\windows\system32\drivers\LenovoRd.sys
2010-03-03 15:23:59 66424 ----a-w- c:\windows\system32\NicEtCoE.dll
2010-03-03 15:23:59 62840 ----a-w- c:\windows\system32\NicInstE.dll
2010-03-03 15:23:59 2889 ----a-w- c:\windows\system32\e1e5132.din
2010-03-03 15:23:59 28536 ----a-w- c:\windows\system32\NicCo.dll
2010-03-03 15:23:59 252048 ----a-w- c:\windows\system32\drivers\e1e5132.sys
2010-03-03 15:23:59 179048 ----a-w- c:\windows\system32\e1000msg.dll
2010-03-03 15:23:59 154496 ----a-w- c:\windows\system32\Prounstl.exe
2010-03-03 15:23:58 98304 ----a-w- c:\windows\system32\TPMDDL.dll
2010-03-03 15:23:58 15872 ----a-w- c:\windows\system32\drivers\atmeltpm.sys
2010-03-03 15:23:56 0 d-----w- C:\drivers
2010-03-03 15:23:55 93 ------w- C:\syslevel.lgl
2010-03-03 15:17:10 0 d---a-w- C:\SWTOOLS
2010-03-03 15:14:42 0 d-----w- C:\I386

==================== Find3M ====================

2010-03-16 21:38:04 15596 ----a-w- c:\windows\fonts\3of9.ttf
2010-03-16 21:38:03 84544 ----a-w- c:\windows\fonts\EMPRNTN.TTF
2010-03-16 21:38:03 43792 ----a-w- c:\windows\fonts\DAUPHINN.TTF
2010-03-16 21:38:03 41788 ----a-w- c:\windows\fonts\TECHNCLI.TTF
2010-03-16 21:38:03 39852 ----a-w- c:\windows\fonts\TECHNCLN.TTF
2010-03-16 21:38:03 27016 ----a-w- c:\windows\fonts\usg_arch.ttf
2010-03-03 15:57:45 36624 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-01-05 10:00:21 133120 ----a-w- c:\windows\system32\dllcache\extmgr.dll
2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe

============= FINISH: 19:57:16.68 ===============


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-29 21:53:05
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\bharvey\LOCALS~1\Temp\fgtdypod.sys


---- System - GMER 1.0.15 ----

SSDT 8947AD60 ZwCreateKey
SSDT 8947BF00 ZwCreateMutant
SSDT 8947A260 ZwCreateProcess
SSDT 8947A520 ZwCreateProcessEx
SSDT 8947BBC0 ZwCreateThread
SSDT 8947B2E0 ZwDeleteKey
SSDT 8947B5A0 ZwDeleteValueKey
SSDT 8947BD60 ZwLoadDriver
SSDT 8947A7E0 ZwOpenProcess
SSDT 8947C0A0 ZwSetSystemInformation
SSDT 8947B020 ZwSetValueKey
SSDT 8947AAA0 ZwTerminateProcess
SSDT 8947BA20 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \FileSystem\Fastfat \Fat TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Files - GMER 1.0.15 ----

File C:\RRbackups\common 0 bytes
File C:\RRbackups\common\backups.dat 8192 bytes
File C:\RRbackups\common\css.dat 12288 bytes
File C:\RRbackups\common\hints.dat 8192 bytes
File C:\RRbackups\common\mnd.dat 8192 bytes
File C:\RRbackups\common\regcerts.dat 8192 bytes
File C:\RRbackups\common\restore.log 110 bytes
File C:\RRbackups\common\rr.log 5169 bytes
File C:\RRbackups\common\SAM 262144 bytes
File C:\RRbackups\common\seccache.dat 8192 bytes
File C:\RRbackups\common\secpolicy.dat 53248 bytes
File C:\RRbackups\common\settings.dat 28672 bytes
File C:\RRbackups\common\system.dat 12288 bytes
File C:\RRbackups\common\tvtcmn.dat 8192 bytes
File C:\RRbackups\common\tvtns.bin 23 bytes
File C:\RRbackups\common\usersids.dat 17680 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1058714780-3117422740-1102063588-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1058714780-3117422740-1102063588-500\c0245923-314a-4b57-a5d1-936fddee8a70 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1058714780-3117422740-1102063588-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-908820952-3365813215-1211490332-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-908820952-3365813215-1211490332-500\bd4d6a9d-ec3f-4b6a-9068-4c864ec3111d 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-908820952-3365813215-1211490332-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\All Users 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\encobject.dat 1608 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\hwkeys.dat 4248 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\symkeys.dat 656 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_0472d167-b286-473c-82cf-e1b3d23d3500 52 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_0472d167-b286-473c-82cf-e1b3d23d3500 57 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_0472d167-b286-473c-82cf-e1b3d23d3500 54 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_0472d167-b286-473c-82cf-e1b3d23d3500 893 bytes
File C:\RRbackups\Documents and Settings\bharvey 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Lenovo\Client Security Solution\bharvey.pwm 1214 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Lenovo\Client Security Solution\config.ini 61 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Lenovo\Client Security Solution\cssversion.dat 1908 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Lenovo\Client Security Solution\encobject.dat 14472 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Lenovo\Client Security Solution\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Lenovo\Client Security Solution\hwkeys.dat 8496 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Lenovo\Client Security Solution\pwmaction.dat 60 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Lenovo\Client Security Solution\symkeys.dat 1968 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2674364843-294889289-3141611571-1138 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2674364843-294889289-3141611571-1138\444dba55a32c0b69e494046827dbda56_0472d167-b286-473c-82cf-e1b3d23d3500 48 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2674364843-294889289-3141611571-1138\49ac1cf87687c5a4c794042acbff288e_0472d167-b286-473c-82cf-e1b3d23d3500 2075 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2674364843-294889289-3141611571-1138\533145ef011ddf5ca3983e2545a902b4_0472d167-b286-473c-82cf-e1b3d23d3500 2075 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2674364843-294889289-3141611571-1138\6b29ae44e85efac3c72ff4d1865d73f1_0472d167-b286-473c-82cf-e1b3d23d3500 53 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2674364843-294889289-3141611571-1138\8f71098770f72c7a67cd8f1151619865_0472d167-b286-473c-82cf-e1b3d23d3500 54 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Protect\S-1-5-21-1058714780-3117422740-1102063588-500 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Protect\S-1-5-21-1058714780-3117422740-1102063588-500\c0245923-314a-4b57-a5d1-936fddee8a70 388 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Protect\S-1-5-21-1058714780-3117422740-1102063588-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Protect\S-1-5-21-2674364843-294889289-3141611571-1138 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Protect\S-1-5-21-2674364843-294889289-3141611571-1138\c7c86e8f-e4a3-4698-9e7f-e967b67f7bec 664 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Protect\S-1-5-21-2674364843-294889289-3141611571-1138\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Protect\S-1-5-21-908820952-3365813215-1211490332-500 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Protect\S-1-5-21-908820952-3365813215-1211490332-500\bd4d6a9d-ec3f-4b6a-9068-4c864ec3111d 388 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Protect\S-1-5-21-908820952-3365813215-1211490332-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1058714780-3117422740-1102063588-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1058714780-3117422740-1102063588-500\c0245923-314a-4b57-a5d1-936fddee8a70 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1058714780-3117422740-1102063588-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-908820952-3365813215-1211490332-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-908820952-3365813215-1211490332-500\bd4d6a9d-ec3f-4b6a-9068-4c864ec3111d 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-908820952-3365813215-1211490332-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\user 0 bytes
File C:\RRbackups\Documents and Settings\user\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1650460308-2882109139-513504003-1005 0 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1650460308-2882109139-513504003-1005\6b29ae44e85efac3c72ff4d1865d73f1_0472d167-b286-473c-82cf-e1b3d23d3500 53 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1650460308-2882109139-513504003-1005\83aa4cc77f591dfc2374580bbd95f6ba_0472d167-b286-473c-82cf-e1b3d23d3500 45 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-1058714780-3117422740-1102063588-500 0 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-1058714780-3117422740-1102063588-500\c0245923-314a-4b57-a5d1-936fddee8a70 388 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-1058714780-3117422740-1102063588-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-1650460308-2882109139-513504003-1005 0 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-1650460308-2882109139-513504003-1005\3abb6c61-2626-4276-b731-e2ad42825ec4 388 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-1650460308-2882109139-513504003-1005\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-908820952-3365813215-1211490332-500 0 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-908820952-3365813215-1211490332-500\bd4d6a9d-ec3f-4b6a-9068-4c864ec3111d 388 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-908820952-3365813215-1211490332-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes

---- EOF - GMER 1.0.15 ----




BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:51 PM

Posted 02 April 2010 - 02:53 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 bxharv2

bxharv2
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great State of Idaho
  • Local time:03:51 PM

Posted 05 April 2010 - 12:26 PM

Thank you for working with me.

I am currently running gmer scan

I have been working with ISP to isolate which computer is the source of the problem.

I have ruled out my server. I do think it is the pc I am currently scanning

I will reply shortly, I just wanted to demonstrate that I still need your help.

Thank you.

PS- I lived in Saarbrueken in the early 90s. I do miss the Saarland

#4 bxharv2

bxharv2
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great State of Idaho
  • Local time:03:51 PM

Posted 05 April 2010 - 02:10 PM

New DDS and GMER Logs

DDS (Ver_10-03-17.01) - NTFSx86
Run by bharvey at 9:23:16.12 on Mon 04/05/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2096 [GMT -6:00]

AV: Trend Micro Client/Server Security Agent Antivirus *On-access scanning enabled* (Updated) {2C78C58A-731D-4DB7-AB8C-395DAAC30034}
FW: Trend Micro Client-Server Security Agent Firewall *disabled* {2C78C58A-731D-4DB7-AB8C-395DAAC30034}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Documents and Settings\bharvey\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?hl=en
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1003\TmIEPlg.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [<NO NAME>]
mRun: [TpShocks] TpShocks.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [AMSG] c:\progra~1\thinkv~1\amsg\amsg.exe
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1
mRun: [OE] "c:\program files\trend micro\client server security agent\tmas_oe\TMAS_OEMon.exe"
mRun: [Mouse Suite 98 Daemon] ICO.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\client server security agent\bho\1003\TmIEPlg.dll
Notify: ACNotify - ACNotify.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli ACGina psqlpwd

============= SERVICES / DRIVERS ===============

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-9-28 19504]
R1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\drivers\SWIPsec.sys [2010-3-18 87064]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-3-12 54752]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-3-15 11152]
R2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\sonicwall\sonicwall global vpn client\SWGVCSvc.exe [2009-3-5 227352]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-3-18 50704]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\tmxpflt.sys [2008-10-29 225808]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2008-10-29 36368]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-8 569344]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2010-3-3 81280]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-10-29 339984]
R3 tmpfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\trend micro\client server security agent\TmPfw.exe [2010-3-18 497008]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\TmProxy.exe [2010-3-18 689416]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
S1 DK12DRV;DK12 WindowsNT Driver;c:\windows\system32\drivers\dk12drv.sys --> c:\windows\system32\drivers\DK12DRV.SYS [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-13 135664]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-3-12 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-3-12 8456]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\drivers\SWVNIC.sys [2009-3-4 21016]

=============== Created Last 30 ================

2010-04-01 18:00:53 0 d-----w- c:\docume~1\bharvey\applic~1\Facebook
2010-03-23 23:51:37 0 d-----w- c:\docume~1\bharvey\applic~1\Office Genuine Advantage
2010-03-23 23:50:36 0 d-----w- c:\docume~1\bharvey\applic~1\Windows Search
2010-03-23 23:37:25 0 d-----w- c:\docume~1\bharvey\applic~1\Windows Desktop Search
2010-03-23 23:36:51 0 d-----w- c:\program files\Windows Desktop Search
2010-03-23 23:34:24 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2010-03-23 14:57:33 302 ----a-w- c:\program files\temp995.bat
2010-03-22 15:09:14 0 d-----w- C:\_SMA
2010-03-18 18:11:16 0 d-----w- c:\docume~1\bharvey\applic~1\SonicWALL
2010-03-18 18:06:24 87064 ----a-w- c:\windows\system32\drivers\SWIPsec.sys
2010-03-18 18:05:02 0 d-----w- c:\program files\common files\Deterministic Networks
2010-03-18 18:05:01 0 d-----w- c:\program files\SonicWALL
2010-03-18 18:00:32 0 d-----w- c:\docume~1\bharvey\applic~1\UltraVNC
2010-03-18 17:59:38 0 d-----w- c:\program files\UltraVNC
2010-03-18 16:52:20 28 ----a-w- c:\windows\pdf995.ini
2010-03-18 16:45:41 60 ----a-w- c:\windows\wpd99.drv
2010-03-18 16:45:41 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2010-03-18 16:45:41 249856 ----a-w- c:\windows\system32\pdfmona.dll
2010-03-18 16:45:41 0 d-----w- c:\docume~1\alluse~1\applic~1\pdf995
2010-03-18 16:45:39 0 d-----w- c:\program files\pdf995
2010-03-18 15:32:54 0 d-----w- C:\temp
2010-03-18 15:28:53 59920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-03-18 15:28:53 50704 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-03-18 15:28:21 0 d-----w- c:\docume~1\alluse~1\applic~1\Trend Micro
2010-03-18 15:27:47 31 ----a-w- C:\tmuninst.ini
2010-03-18 15:26:03 158224 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-03-18 15:25:58 0 d-----w- c:\windows\system32\log
2010-03-18 15:25:56 89872 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-03-17 20:29:56 0 d-----w- c:\docume~1\bharvey\applic~1\Malwarebytes
2010-03-17 20:29:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-17 20:29:51 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-17 20:29:51 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-17 20:29:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-17 17:15:47 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-03-17 17:15:47 249856 ------w- c:\windows\Setup1.exe
2010-03-17 17:11:29 0 d-----w- c:\program files\Razor Gage Parts List Processor V5.21
2010-03-17 16:34:00 0 d-----w- c:\program files\common files\supportsoft
2010-03-17 16:33:46 3833856 ----a-w- c:\windows\system32\cdintf300.dll
2010-03-17 16:33:46 1843200 ----a-w- c:\windows\system32\acXMLParser.dll
2010-03-17 16:32:27 0 d-----w- c:\program files\common files\Intuit
2010-03-17 16:32:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Intuit
2010-03-17 16:32:26 0 d-----w- c:\program files\Intuit
2010-03-17 16:29:12 0 d-----w- c:\docume~1\alluse~1\applic~1\COMMON FILES
2010-03-17 15:59:03 0 d-----w- c:\program files\Akamai
2010-03-17 15:58:37 0 d-----w- c:\program files\QuickBooks
2010-03-16 23:06:33 72016 ------w- c:\docume~1\bharvey\applic~1\GDIPFONTCACHEV1.DAT
2010-03-16 22:01:35 0 d-----w- C:\Planit_CVParts
2010-03-16 22:01:23 0 d-----w- C:\Planit_NC-Output_Fileholding
2010-03-16 22:01:12 0 d-----w- C:\Planit_CVNest
2010-03-16 22:01:03 0 d-----w- C:\Planit_CVChopSaw
2010-03-16 21:44:54 0 d-----w- c:\docume~1\alluse~1\applic~1\SafeNet Sentinel
2010-03-16 21:43:51 0 d-----w- c:\program files\common files\Planit
2010-03-16 21:43:50 0 d-----w- c:\program files\AlphaV75
2010-03-16 21:43:45 0 d-----w- c:\program files\TEC-IT
2010-03-16 21:41:46 0 d-----w- c:\program files\common files\SafeNet Sentinel
2010-03-16 21:39:01 0 d-----w- C:\Planit
2010-03-16 21:20:56 118784 ----a-w- c:\windows\system32\ACAMMDLINK.dll
2010-03-16 21:20:41 390656 ----a-w- c:\windows\system32\AlphaViewer.ocx
2010-03-16 21:12:54 18728 ----a-w- c:\windows\system32\ISHF_Ex.tlb
2010-03-16 21:12:49 693760 ----a-w- c:\windows\system32\drivers\hardlock.sys
2010-03-16 21:12:27 0 d-----w- C:\CADFILES
2010-03-16 21:12:14 0 d-----w- C:\LICOMDIR
2010-03-16 21:12:07 0 d-----w- C:\LICOMDAT
2010-03-16 21:09:38 110080 ----a-w- c:\windows\system32\xapi.dll
2010-03-16 21:08:20 0 d-----w- c:\docume~1\alluse~1\applic~1\LicomSystems
2010-03-16 21:03:57 0 d-----w- c:\program files\ALPHAV7
2010-03-16 17:38:16 0 d-----w- c:\program files\HP
2010-03-16 17:15:06 0 d--h--w- c:\program files\Avago-HP
2010-03-16 17:14:55 65536 ----a-w- c:\windows\system32\HPPLVS.dll
2010-03-16 17:14:55 284160 ----a-w- c:\windows\system32\HP1006LM.DLL
2010-03-16 17:08:11 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-03-16 17:08:11 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2010-03-15 21:22:05 1434 ----a-w- c:\windows\KEYORG.INI
2010-03-15 21:22:05 0 d-----w- c:\documents and settings\bharvey\WINDOWS
2010-03-15 21:21:48 0 d-----w- C:\KEYORG
2010-03-15 21:03:50 0 d-----w- c:\program files\common files\Merge Modules
2010-03-15 21:03:13 0 d-----w- c:\program files\common files\Business Objects
2010-03-15 21:03:13 0 d-----w- c:\program files\Business Objects
2010-03-15 15:30:26 0 d-----w- c:\documents and settings\bharvey\Tracing
2010-03-15 14:19:59 0 d-----w- c:\docume~1\bharvey\applic~1\nView_Wallpaper
2010-03-15 14:13:58 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-03-15 14:13:58 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2010-03-15 14:13:55 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-03-15 14:13:55 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-03-15 14:13:46 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-03-15 14:13:46 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-03-13 20:53:51 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-03-13 20:53:50 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-13 20:53:16 0 d-----w- c:\program files\iPod
2010-03-13 20:53:13 0 d-----w- c:\program files\iTunes
2010-03-13 20:53:13 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-13 20:53:00 0 d-----w- c:\program files\Bonjour
2010-03-13 00:12:38 14814 ----a-w- c:\windows\cfgall.ini
2010-03-13 00:09:02 516 ----a-w- c:\windows\ODBC.INI
2010-03-13 00:08:28 0 d-----w- c:\program files\Microsoft ActiveSync
2010-03-13 00:06:53 0 d-----w- c:\windows\ShellNew
2010-03-13 00:06:50 0 d-----w- c:\program files\common files\L&H
2010-03-12 23:20:09 0 d-----w- C:\regbackup
2010-03-12 23:19:02 0 d-----w- c:\program files\CCleaner
2010-03-12 22:56:46 0 d-----w- c:\program files\Trend Micro
2010-03-12 22:51:51 0 d-sh--w- c:\documents and settings\bharvey\IECompatCache
2010-03-12 22:43:17 0 d-sh--w- c:\documents and settings\bharvey\PrivacIE
2010-03-12 22:35:46 0 d-----w- c:\docume~1\bharvey\applic~1\Intel
2010-03-12 22:35:26 0 d-----w- c:\program files\Microsoft Windows Small Business Server
2010-03-12 22:35:18 0 d-----w- c:\docume~1\bharvey\applic~1\Lenovo
2010-03-12 21:18:12 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-03-12 21:18:12 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-03-12 21:18:12 1692288 ----a-w- c:\windows\system32\BootMan.exe
2010-03-12 21:18:12 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-03-12 21:18:12 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2010-03-12 21:18:07 0 d-----w- c:\program files\EASEUS
2010-03-12 21:13:29 0 d-----w- C:\utilities
2010-03-12 20:36:42 0 d-----w- c:\windows\system32\NtmsData
2010-03-12 16:11:59 122389 ----a-w- c:\windows\system32\nvModes.dat
2010-03-12 16:11:59 122389 ----a-w- c:\windows\system32\nvModes.001
2010-03-12 16:07:47 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-03-12 16:06:34 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-03-12 16:06:31 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-03-12 16:05:50 0 d-----w- c:\program files\Microsoft
2010-03-12 16:05:33 0 d-----w- c:\program files\Windows Live SkyDrive
2010-03-12 15:52:58 0 d-----w- c:\program files\common files\Windows Live
2010-03-12 15:52:18 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-03-12 15:52:08 0 d-----w- c:\windows\ie8updates
2010-03-12 15:51:50 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-03-12 15:51:49 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-12 15:50:27 0 dc-h--w- c:\windows\ie8
2010-03-12 15:46:42 37255 ----a-w- c:\windows\system32\nvwsapps.xml
2010-03-12 15:44:40 0 d-----w- c:\windows\system32\LogFiles
2010-03-12 15:27:17 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

==================== Find3M ====================

2010-03-16 21:38:04 15596 ----a-w- c:\windows\fonts\3of9.ttf
2010-03-16 21:38:03 84544 ----a-w- c:\windows\fonts\EMPRNTN.TTF
2010-03-16 21:38:03 43792 ----a-w- c:\windows\fonts\DAUPHINN.TTF
2010-03-16 21:38:03 41788 ----a-w- c:\windows\fonts\TECHNCLI.TTF
2010-03-16 21:38:03 39852 ----a-w- c:\windows\fonts\TECHNCLN.TTF
2010-03-16 21:38:03 27016 ----a-w- c:\windows\fonts\usg_arch.ttf
2010-03-03 16:23:50 50 ----a-w- c:\windows\system32\drivers\LENOVO_6459_CTO.MRK
2010-03-03 15:57:54 33536 ----a-w- c:\windows\system32\drivers\tvtfilter.sys
2010-03-03 15:57:45 36624 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-03-03 15:57:45 129784 ----a-w- c:\windows\system32\pxafs.dll
2010-03-03 15:57:45 118520 ----a-w- c:\windows\system32\pxinsi64.exe
2010-03-03 15:57:44 115960 ----a-w- c:\windows\system32\pxcpyi64.exe
2010-03-03 15:57:09 7012 ----a-w- c:\windows\system32\drivers\pmemnt.sys
2010-03-03 15:39:06 21393 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-03-03 15:39:06 21393 ----a-w- c:\windows\AegisP.sys

============= FINISH: 9:23:37.24 ===============



GMER run in safe mode
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-05 12:51:22
Windows 5.1.2600 Service Pack 3
Running: f2xtgb7.exe; Driver: C:\DOCUME~1\bharvey\LOCALS~1\Temp\fgtdypod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \FileSystem\Cdfs \Cdfs B99ED400

---- EOF - GMER 1.0.15 ----


#5 bxharv2

bxharv2
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great State of Idaho
  • Local time:03:51 PM

Posted 05 April 2010 - 07:05 PM

My second GMER log ran while in safe mode seemed incomplete compared for my first run.

The following is GMER run after normal boot and without network access.

Further, my computer is deifintely slower and locks up repeatedly. I think that my PC is the infected one on the network. I will confirm tomorrow with new report from ISP.

Thanks again for looking at my issue.

bxharv2

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-05 17:47:23
Windows 5.1.2600 Service Pack 3
Running: f2xtgb7.exe; Driver: C:\DOCUME~1\bharvey\LOCALS~1\Temp\fgtdypod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \FileSystem\Fastfat \Fat TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Files - GMER 1.0.15 ----

File C:\RRbackups\common 0 bytes
File C:\RRbackups\common\backups.dat 8192 bytes
File C:\RRbackups\common\css.dat 12288 bytes
File C:\RRbackups\common\hints.dat 8192 bytes
File C:\RRbackups\common\mnd.dat 8192 bytes
File C:\RRbackups\common\regcerts.dat 8192 bytes
File C:\RRbackups\common\restore.log 110 bytes
File C:\RRbackups\common\rr.log 6382 bytes
File C:\RRbackups\common\SAM 262144 bytes
File C:\RRbackups\common\seccache.dat 8192 bytes
File C:\RRbackups\common\secpolicy.dat 53248 bytes
File C:\RRbackups\common\settings.dat 28672 bytes
File C:\RRbackups\common\system.dat 12288 bytes
File C:\RRbackups\common\tvtcmn.dat 8192 bytes
File C:\RRbackups\common\tvtns.bin 23 bytes
File C:\RRbackups\common\usersids.dat 17680 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1058714780-3117422740-1102063588-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1058714780-3117422740-1102063588-500\c0245923-314a-4b57-a5d1-936fddee8a70 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1058714780-3117422740-1102063588-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-908820952-3365813215-1211490332-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-908820952-3365813215-1211490332-500\bd4d6a9d-ec3f-4b6a-9068-4c864ec3111d 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-908820952-3365813215-1211490332-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\All Users 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\encobject.dat 1608 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\hwkeys.dat 4248 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\symkeys.dat 656 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_0472d167-b286-473c-82cf-e1b3d23d3500 52 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_0472d167-b286-473c-82cf-e1b3d23d3500 57 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_0472d167-b286-473c-82cf-e1b3d23d3500 54 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_0472d167-b286-473c-82cf-e1b3d23d3500 893 bytes
File C:\RRbackups\Documents and Settings\bharvey 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Lenovo\Client Security Solution\bharvey.pwm 1214 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Lenovo\Client Security Solution\config.ini 61 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Lenovo\Client Security Solution\cssversion.dat 1908 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Lenovo\Client Security Solution\encobject.dat 14472 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Lenovo\Client Security Solution\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Lenovo\Client Security Solution\hwkeys.dat 8496 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Lenovo\Client Security Solution\pwmaction.dat 60 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Lenovo\Client Security Solution\symkeys.dat 1968 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2674364843-294889289-3141611571-1138 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2674364843-294889289-3141611571-1138\444dba55a32c0b69e494046827dbda56_0472d167-b286-473c-82cf-e1b3d23d3500 48 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2674364843-294889289-3141611571-1138\49ac1cf87687c5a4c794042acbff288e_0472d167-b286-473c-82cf-e1b3d23d3500 2075 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2674364843-294889289-3141611571-1138\533145ef011ddf5ca3983e2545a902b4_0472d167-b286-473c-82cf-e1b3d23d3500 2075 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2674364843-294889289-3141611571-1138\6b29ae44e85efac3c72ff4d1865d73f1_0472d167-b286-473c-82cf-e1b3d23d3500 53 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2674364843-294889289-3141611571-1138\8f71098770f72c7a67cd8f1151619865_0472d167-b286-473c-82cf-e1b3d23d3500 54 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Protect\S-1-5-21-1058714780-3117422740-1102063588-500 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Protect\S-1-5-21-1058714780-3117422740-1102063588-500\c0245923-314a-4b57-a5d1-936fddee8a70 388 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Protect\S-1-5-21-1058714780-3117422740-1102063588-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Protect\S-1-5-21-2674364843-294889289-3141611571-1138 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Protect\S-1-5-21-2674364843-294889289-3141611571-1138\c7c86e8f-e4a3-4698-9e7f-e967b67f7bec 664 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Protect\S-1-5-21-2674364843-294889289-3141611571-1138\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Protect\S-1-5-21-908820952-3365813215-1211490332-500 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Protect\S-1-5-21-908820952-3365813215-1211490332-500\bd4d6a9d-ec3f-4b6a-9068-4c864ec3111d 388 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\Protect\S-1-5-21-908820952-3365813215-1211490332-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\bharvey\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1058714780-3117422740-1102063588-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1058714780-3117422740-1102063588-500\c0245923-314a-4b57-a5d1-936fddee8a70 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1058714780-3117422740-1102063588-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-908820952-3365813215-1211490332-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-908820952-3365813215-1211490332-500\bd4d6a9d-ec3f-4b6a-9068-4c864ec3111d 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-908820952-3365813215-1211490332-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\user 0 bytes
File C:\RRbackups\Documents and Settings\user\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1650460308-2882109139-513504003-1005 0 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1650460308-2882109139-513504003-1005\6b29ae44e85efac3c72ff4d1865d73f1_0472d167-b286-473c-82cf-e1b3d23d3500 53 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1650460308-2882109139-513504003-1005\83aa4cc77f591dfc2374580bbd95f6ba_0472d167-b286-473c-82cf-e1b3d23d3500 45 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-1058714780-3117422740-1102063588-500 0 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-1058714780-3117422740-1102063588-500\c0245923-314a-4b57-a5d1-936fddee8a70 388 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-1058714780-3117422740-1102063588-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-1650460308-2882109139-513504003-1005 0 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-1650460308-2882109139-513504003-1005\3abb6c61-2626-4276-b731-e2ad42825ec4 388 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-1650460308-2882109139-513504003-1005\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-908820952-3365813215-1211490332-500 0 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-908820952-3365813215-1211490332-500\bd4d6a9d-ec3f-4b6a-9068-4c864ec3111d 388 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-908820952-3365813215-1211490332-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\user\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes

---- EOF - GMER 1.0.15 ----


#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:51 PM

Posted 06 April 2010 - 02:16 PM

Hello, bxharv2
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.



QUOTE
PS- I lived in Saarbrueken in the early 90s. I do miss the Saarland


Where in Saarbruecken? I live 10 kilometers away from Saarbruecken smile.gif



Download and run HAMeb_check.exe
Post the contents of the resulting log.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 bxharv2

bxharv2
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great State of Idaho
  • Local time:03:51 PM

Posted 06 April 2010 - 02:37 PM


Thomas,

Ich war da auf mission fuer meine Kirche. Mein Deutsch ist lange heir verloren. Ich kann noch viel verstehen und lesen aber gar nicht mehr sprechen.

Das is aber schoen das Sie so ein gutes Englisch koennen.

Sehen Sie mal das Folgende.

Brandon


C:\Documents and Settings\bharvey\Desktop\HAMeb_check.exe
Tue 04/06/2010 at 13:25:17.22

Full Name Remote Desktop Help Assistant Account
Account active No
Local Group Memberships

~~ Checking profile list ~~

No HelpAssistant profile in List

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~


#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:51 PM

Posted 06 April 2010 - 03:09 PM

Hi smile.gif

Your german is really fine smile.gif



Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 bxharv2

bxharv2
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great State of Idaho
  • Local time:03:51 PM

Posted 06 April 2010 - 03:45 PM

Thomas

Here is the ComboFix.txt from C:\Schrauber\ComboFix.txt

There was no file at C:\ComboFix.txt



ComboFix 10-04-05.06 - bharvey 04/06/2010 14:22:56.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2381 [GMT -6:00]
Running from: C:\Documents and Settings\bharvey\Desktop\Schrauber.exe
AV: Trend Micro Client/Server Security Agent Antivirus *On-access scanning disabled* (Outdated) {2C78C58A-731D-4DB7-AB8C-395DAAC30034}
FW: Trend Micro Client-Server Security Agent Firewall *disabled* {2C78C58A-731D-4DB7-AB8C-395DAAC30034}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

When the PC rebooted, it allowed me to login then it blue screened and reboot by itself again allowing me to login. The serious issue report is as follows


Error Signature
BCCode : 1000000a BCP1 : 00000016 BCP2 : 0000001C BCP3 : 00000000
BCP4 : 804FA276 OSVer : 5_1_2600 SP : 3_0 Product : 256_1

These files will be included in report

C:\DOCUME~1\bharvey\LOCALS~1\Temp\WERd7dd.dir00\Mini040610-01.dmp
C:\DOCUME~1\bharvey\LOCALS~1\Temp\WERd7dd.dir00\sysdata.xml

Thomas, are we any closer??

Brandon

#10 bxharv2

bxharv2
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great State of Idaho
  • Local time:03:51 PM

Posted 06 April 2010 - 05:25 PM

Tom,

As I look at others combofix.txt logs, it would seem that it was unable to compile the combofix.txt log on restart. When it automatically restarted, the Combofix window came up and said that it was completing its task. Then the machine bluescreened.





#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:51 PM

Posted 08 April 2010 - 12:09 PM

Hi,

No logfile at C:\Combofix.txt?

  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#12 bxharv2

bxharv2
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great State of Idaho
  • Local time:03:51 PM

Posted 08 April 2010 - 12:27 PM

My SonicWALL Gateway Anti-Virus Service Blocked the download.

How do I enable download?

#13 bxharv2

bxharv2
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great State of Idaho
  • Local time:03:51 PM

Posted 08 April 2010 - 12:47 PM

I got passed my SonicWALL and got OTL to run

Here are the logs. However, TrendMicro blocked unauthorized changes throughout scan.


OTL logfile created on: 4/8/2010 11:34:08 AM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\bharvey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.94 Gb Total Space | 102.33 Gb Free Space | 69.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 144.95 Gb Total Space | 144.42 Gb Free Space | 99.63% Space Free | Partition Type: NTFS
Drive G: | 174.28 Gb Total Space | 85.48 Gb Free Space | 49.05% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 174.28 Gb Total Space | 85.48 Gb Free Space | 49.05% Space Free | Partition Type: NTFS
Drive P: | 58.59 Gb Total Space | 26.68 Gb Free Space | 45.53% Space Free | Partition Type: NTFS

Computer Name: FCI13
Current User Name: bharvey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/08 11:32:44 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bharvey\Desktop\OTL.exe
PRC - [2010/03/18 09:21:56 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
PRC - [2009/10/08 11:35:52 | 000,943,400 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
PRC - [2009/09/30 16:09:20 | 001,337,488 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
PRC - [2009/09/30 16:07:10 | 001,299,752 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
PRC - [2009/09/16 18:33:46 | 000,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/09/16 17:22:08 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/07/15 17:39:06 | 000,497,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
PRC - [2009/07/15 17:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
PRC - [2009/07/06 08:19:04 | 000,345,352 | ---- | M] () -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/05 23:57:56 | 000,227,352 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
PRC - [2009/02/06 19:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2008/07/04 00:17:00 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/28 06:14:00 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2008/04/14 07:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2007/09/28 18:29:00 | 000,037,424 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2007/09/28 15:28:40 | 000,181,544 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2007/08/03 18:42:08 | 000,927,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
PRC - [2007/08/03 18:35:38 | 002,630,968 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
PRC - [2007/08/03 18:19:08 | 000,722,232 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2007/08/03 18:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/07/05 17:05:04 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007/07/05 17:04:18 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007/07/05 17:03:32 | 000,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007/07/05 16:58:40 | 000,413,696 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007/07/05 16:51:48 | 000,126,976 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007/05/31 04:02:06 | 000,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2007/04/26 11:10:00 | 000,120,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2007/04/16 13:33:18 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/04/16 13:21:20 | 000,983,040 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/04/16 13:14:24 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/04/09 12:03:00 | 000,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2007/04/09 01:23:56 | 001,015,808 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/03/28 11:32:00 | 000,243,248 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2007/03/08 23:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007/03/07 22:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007/02/27 19:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2007/02/08 15:11:32 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/02/08 15:09:58 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2007/02/08 15:00:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2007/02/08 13:40:16 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2007/02/01 12:00:01 | 000,419,376 | ---- | M] (LENOVO) -- C:\Program Files\ThinkVantage\AMSG\Amsg.exe
PRC - [2007/01/29 21:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/07 04:51:40 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006/11/03 20:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/09/06 01:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2006/05/23 23:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/05/18 18:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006/02/02 07:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/09/09 15:18:48 | 000,135,168 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\PELMICED.EXE
PRC - [2004/07/27 18:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\Installshield\UpdateService\issch.exe
PRC - [2004/07/14 15:36:54 | 000,057,344 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe


========== Modules (SafeList) ==========

MOD - [2010/04/08 11:32:44 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bharvey\Desktop\OTL.exe
MOD - [2009/01/15 02:37:00 | 001,486,848 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2009/01/15 02:37:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll
MOD - [2008/04/14 07:42:12 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll
MOD - [2008/04/14 07:42:10 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/14 01:07:58 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2007/08/03 18:42:18 | 000,660,792 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
MOD - [2007/08/03 18:42:16 | 000,738,616 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_keyboard_hook.dll
MOD - [2007/08/03 18:42:10 | 002,094,392 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvt_passwordmanager.dll
MOD - [2007/08/03 18:28:10 | 001,324,344 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_dlgcustompolicy.dll
MOD - [2007/08/03 18:28:06 | 000,714,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_banner.dll
MOD - [2007/08/03 18:28:04 | 005,211,448 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_think_res.dll
MOD - [2007/08/03 18:27:46 | 001,910,072 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\csswait.dll
MOD - [2007/08/03 18:27:42 | 000,800,056 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\cssuserdatadispatcher.dll
MOD - [2007/08/03 18:19:10 | 000,664,888 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\tcsrpc.dll
MOD - [2007/08/03 18:19:06 | 000,386,360 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\tvttsp.dll
MOD - [2007/08/03 18:09:56 | 000,066,872 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_think_res.dll
MOD - [2007/01/25 00:25:52 | 000,069,720 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/09/30 16:09:20 | 001,337,488 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe -- (tmlisten)
SRV - [2009/09/30 16:07:10 | 001,299,752 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe -- (ntrtscan)
SRV - [2009/09/16 17:22:08 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/15 17:39:06 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe -- (tmpfw)
SRV - [2009/07/15 17:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
SRV - [2009/07/06 08:19:04 | 000,345,352 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/05 23:57:56 | 000,227,352 | ---- | M] (SonicWALL, Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe -- (SWGVCSvc)
SRV - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007/09/28 18:29:00 | 000,037,424 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2007/08/03 18:19:08 | 000,722,232 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2007/08/03 18:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/07/05 17:05:04 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007/07/05 17:03:32 | 000,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007/05/31 04:02:06 | 000,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/04/16 13:33:18 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/04/16 13:21:20 | 000,983,040 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/04/16 13:14:24 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/02/27 19:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007/02/08 15:11:32 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/02/08 15:09:58 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2007/02/08 13:40:16 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007/01/29 21:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/05/23 23:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/11/14 03:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\Client Server Security Agent\bho\1003\FirefoxExtension [2010/03/18 11:30:00 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/04/06 14:31:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1003\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = FCI.local
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1003\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 01:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/04/29 18:12:49 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 14 Days ==========

[2010/04/08 11:32:37 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bharvey\Desktop\OTL.exe
[2010/04/06 15:44:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/06 14:48:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bharvey\My Documents\SafeNet Sentinel
[2010/04/06 14:21:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/06 14:20:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/06 14:20:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/06 14:20:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/06 14:20:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/06 14:20:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/06 14:20:27 | 000,000,000 | --SD | C] -- C:\Schrauber
[2010/04/06 14:19:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/01 12:00:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bharvey\Application Data\Facebook
[2010/03/25 17:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bharvey\Desktop\gmer
[2010/03/23 17:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/03/18 08:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2010/03/15 15:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/03/13 23:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/03/12 17:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2010/03/03 10:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/03 09:55:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/03 09:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2010/03/03 09:40:31 | 000,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2010/03/03 09:40:31 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2006/04/29 18:20:44 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/04/29 18:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/04/08 11:32:44 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bharvey\Desktop\OTL.exe
[2010/04/08 11:29:03 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\bharvey\NTUSER.DAT
[2010/04/08 10:39:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/08 10:01:27 | 000,014,814 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2010/04/08 09:39:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/08 08:58:03 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job
[2010/04/07 17:59:30 | 000,000,059 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2010/04/07 15:47:21 | 000,001,923 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/06 14:36:23 | 000,565,872 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/06 14:36:23 | 000,474,062 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/06 14:36:23 | 000,082,346 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/06 14:34:49 | 000,122,389 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/04/06 14:34:35 | 000,037,255 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2010/04/06 14:34:23 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/04/06 14:33:44 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/06 14:33:43 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2010/04/06 14:33:01 | 000,025,269 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2010/04/06 14:31:58 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2010/04/06 14:31:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/06 14:31:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/06 14:31:51 | 3219,435,520 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/06 14:31:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/06 14:27:15 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\bharvey\ntuser.ini
[2010/04/06 14:21:25 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/06 14:18:35 | 003,908,251 | R--- | M] () -- C:\Documents and Settings\bharvey\Desktop\Schrauber.exe
[2010/04/06 13:25:15 | 000,485,704 | ---- | M] () -- C:\Documents and Settings\bharvey\Desktop\HAMeb_check.exe
[2010/04/01 15:02:39 | 000,000,644 | -H-- | M] () -- C:\Documents and Settings\bharvey\My Documents\SWWATER.INI
[2010/03/31 18:22:31 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\bharvey\Desktop\SPAM.url
[2010/03/31 15:41:47 | 000,670,072 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\bharvey\Desktop\autoruns.exe
[2010/03/31 15:41:47 | 000,559,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\bharvey\Desktop\autorunsc.exe
[2010/03/31 15:41:47 | 000,048,904 | ---- | M] () -- C:\Documents and Settings\bharvey\Desktop\autoruns.chm
[2010/03/31 15:39:55 | 000,001,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/03/30 16:35:24 | 000,000,190 | ---- | M] () -- C:\Documents and Settings\bharvey\Desktop\Microtech.url
[2010/03/30 09:36:22 | 000,122,389 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/25 17:20:17 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\bharvey\Desktop\gmer.zip
[2010/03/25 16:50:34 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\bharvey\Desktop\dds.scr
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/07 15:47:21 | 000,001,923 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/06 14:44:37 | 000,000,320 | ---- | C] () -- C:\WINDOWS\tasks\HP WEP.job
[2010/04/06 14:21:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/06 14:21:23 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/06 14:20:34 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/06 14:20:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/06 14:20:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/06 14:20:34 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/06 14:20:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/06 14:18:23 | 003,908,251 | R--- | C] () -- C:\Documents and Settings\bharvey\Desktop\Schrauber.exe
[2010/04/06 13:25:07 | 000,485,704 | ---- | C] () -- C:\Documents and Settings\bharvey\Desktop\HAMeb_check.exe
[2010/04/05 13:03:21 | 3219,435,520 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/01 15:02:39 | 000,000,644 | -H-- | C] () -- C:\Documents and Settings\bharvey\My Documents\SWWATER.INI
[2010/03/31 18:22:21 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\bharvey\Desktop\SPAM.url
[2010/03/30 16:32:18 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\bharvey\Desktop\Microtech.url
[2010/03/29 13:05:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\bharvey\rg4sfay.txt
[2010/03/25 17:20:14 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\bharvey\Desktop\gmer.zip
[2010/03/25 16:50:26 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\bharvey\Desktop\dds.scr
[2010/03/23 08:57:33 | 000,000,302 | ---- | C] () -- C:\Program Files\temp995.bat
[2010/03/19 17:39:13 | 000,037,798 | ---- | C] () -- C:\Documents and Settings\bharvey\Application Data\Comma Separated Values (Windows).ADR
[2010/03/18 10:52:20 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2010/03/18 10:45:41 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/03/18 10:45:41 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/03/18 09:28:53 | 000,059,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2010/03/18 09:28:53 | 000,050,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2010/03/18 09:26:03 | 000,158,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/03/16 15:09:38 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\xapi.dll
[2010/03/16 11:14:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2010/03/15 15:22:05 | 000,001,434 | ---- | C] () -- C:\WINDOWS\KEYORG.INI
[2010/03/13 17:26:18 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\bharvey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/12 18:12:38 | 000,014,814 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2010/03/12 18:10:58 | 000,011,696 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/03/12 18:09:02 | 000,000,516 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/03/12 16:35:18 | 002,883,584 | -H-- | C] () -- C:\Documents and Settings\bharvey\NTUSER.DAT
[2010/03/12 16:35:18 | 000,032,768 | -H-- | C] () -- C:\Documents and Settings\bharvey\ntuser.dat.LOG
[2010/03/12 16:35:18 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\bharvey\ntuser.ini
[2010/03/12 15:18:12 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/03/12 15:18:12 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/03/12 15:18:12 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/03/03 10:23:23 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/03/03 10:23:23 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2010/03/03 10:02:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/03/03 09:56:56 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2010/03/03 09:52:24 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/03/03 09:51:05 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/03/03 09:51:05 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/03/03 09:51:05 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/03/03 09:51:05 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/03/03 09:51:04 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/03/03 09:51:04 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/03/03 09:45:39 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/03/03 09:45:39 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/03/03 09:45:39 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/03/03 09:45:38 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/03/03 09:42:20 | 000,012,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2010/03/03 09:41:14 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010/03/03 09:40:32 | 009,598,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010/03/03 09:40:32 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2010/03/03 09:39:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/02/19 15:18:00 | 003,817,472 | ---- | C] () -- C:\WINDOWS\System32\SketchUpReader.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/27 00:37:40 | 000,025,269 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2007/07/27 00:37:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2007/02/27 19:48:38 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/27 19:29:32 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2007/01/16 09:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/05 16:20:36 | 000,079,400 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2006/04/30 01:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 01:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/02/17 13:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 13:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2002/02/27 10:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 10:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 10:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1998/09/14 21:43:16 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\eztw32.dll
[1996/11/18 00:00:00 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[1996/01/16 12:53:08 | 000,007,684 | ---- | C] () -- C:\WINDOWS\System32\SCP.DLL
[1996/01/16 12:53:06 | 000,024,410 | ---- | C] () -- C:\WINDOWS\System32\OLE2PROX.DLL

========== LOP Check ==========

[2010/03/17 10:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/03/12 18:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2010/03/16 15:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LicomSystems
[2010/03/03 09:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2010/04/07 17:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/03/16 15:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2010/03/03 10:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2010/03/13 14:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/04/01 12:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bharvey\Application Data\Facebook
[2010/03/13 17:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bharvey\Application Data\InterVideo
[2010/03/18 16:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bharvey\Application Data\Lenovo
[2010/04/06 14:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bharvey\Application Data\nView_Wallpaper
[2010/03/18 10:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bharvey\Application Data\pdf995
[2010/03/23 17:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bharvey\Application Data\Windows Desktop Search
[2010/03/23 17:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bharvey\Application Data\Windows Search
[2010/04/06 14:34:23 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 07:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 07:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 02:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 02:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 07:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 07:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2007/04/03 04:39:42 | 000,096,384 | ---- | M] (Microsoft Corporation) MD5=2218E3FD674DC284CE98C807086CAB14 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/14 02:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 02:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2007/03/15 00:20:18 | 000,033,280 | ---- | M] (UPEK Inc.) MD5=683FB3F8B7B40317BE7362CF86BFA998 -- C:\Program Files\ThinkVantage Fingerprint Software\eventlog.dll
[2008/04/14 07:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 07:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/02/11 22:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\drivers\other\iastor.sys
[2007/02/11 22:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SWTOOLS\DRIVERS\IMSM\iastor.sys
[2007/02/12 11:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 07:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 07:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 07:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 07:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 05:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 05:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/07/06 08:11:50 | 000,059,920 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tmactmon.sys
[2009/07/06 08:11:12 | 000,158,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tmcomm.sys
[2009/07/06 08:11:46 | 000,050,704 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tmevtmgr.sys

< %systemroot%\System32\config\*.sav >
[2006/04/29 18:03:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/04/29 18:03:02 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/04/29 18:03:02 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >



OTL Extras logfile created on: 4/8/2010 11:34:08 AM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\bharvey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.94 Gb Total Space | 102.33 Gb Free Space | 69.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 144.95 Gb Total Space | 144.42 Gb Free Space | 99.63% Space Free | Partition Type: NTFS
Drive G: | 174.28 Gb Total Space | 85.48 Gb Free Space | 49.05% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 174.28 Gb Total Space | 85.48 Gb Free Space | 49.05% Space Free | Partition Type: NTFS
Drive P: | 58.59 Gb Total Space | 26.68 Gb Free Space | 45.53% Space Free | Partition Type: NTFS

Computer Name: FCI13
Current User Name: bharvey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"5900:TCP" = 5900:TCP:*:Enabled:vnc5900
"5800:TCP" = 5800:TCP:*:Enabled:vnc5800
"50800:TCP" = 50800:TCP:*:Enabled:Trend Micro Client/Server Security Agent Listener

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"50800:TCP" = 50800:TCP:*:Enabled:Trend Micro Client/Server Security Agent Listener

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\AlphaV75\ACAM.EXE" = C:\Program Files\AlphaV75\ACAM.EXE:*:Enabled:Alphacam -- (Licom Systems Ltd)
"C:\Program Files\AlphaV75\AEDIT.EXE" = C:\Program Files\AlphaV75\AEDIT.EXE:*:Enabled:Alphaedit -- (Licom Systems Ltd)
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\UltraVNC\winvnc.exe" = C:\Program Files\UltraVNC\winvnc.exe:*:Enabled:winvnc.exe -- (UltraVNC)
"C:\Program Files\UltraVNC\vncviewer.exe" = C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVC.exe" = C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVC.exe:*:Enabled:SonicWALL Global VPN Client -- (SonicWALL, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0F4E0339-21CA-4776-B115-FCC643022254}" = SetupAPC1033English
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 18
"{2DB17450-C3CA-11D4-B786-00C0DF227F4A}" = VBA (3821h)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3D025DB6-C0E5-4889-B573-E8C875A9F582}" = S2M Center 2.2
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40624553-811E-400E-B69B-38D8926A66BD}" = SonicWALL Global VPN Client
"{41894269-0DD1-4C85-B3DD-1EB41B07621D}" = ThinkVantage Fingerprint Software 5.6
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{546DACD8-9A8F-40C8-836C-868628501027}" = SetupMFC
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{62B74257-2E1B-48FB-843C-0FBA43FE1327}" = Sentinel System Driver Installer 7.4.0
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7505DE9C-4E85-4636-82F0-50F38077B900}" = Crystal Reports XI
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite
"{7A19CF50-5CEB-4575-9568-BF85C96FB791}" = SetupAPCCore
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90F50409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications ® Core
"{90F60409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications ® Core - English
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D0394C-C009-4EF0-983E-6905FDFC04A4}" = Alphacam Productivity Pack
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E37E351B-8976-4A51-9A95-6B19EF566C20}" = Solid 5.0
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE605C70-78B0-45B1-AD70-DF205DE654AB}" = SetupATL
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AlphaCAMDeInstKey" = Alphacam V75
"AwayTask" = Maintenance Manager
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 5.0.1 Home Edition
"Google Chrome" = Google Chrome
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{3D025DB6-C0E5-4889-B573-E8C875A9F582}" = S2M Center 2.2
"InstallShield_{E37E351B-8976-4A51-9A95-6B19EF566C20}" = Solid 5.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Mouse Suite
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeScanNT" = Trend Micro Client/Server Security Agent
"OnScreenDisplay" = On Screen Display
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Pdf995" = Pdf995
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"PUBLISHERR" = Microsoft Office Publisher 2007
"Remove Multimedia Center" = Remove Multimedia Center
"ST6UNST #1" = Razor Gage Parts List Processor V5.21
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Ultravnc2_is1" = UltraVNC 1.0.8.2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/6/2010 4:25:15 PM | Computer Name = FCI13 | Source = Application Error | ID = 1000
Description = Faulting application bttray.exe, version 5.1.0.3100, faulting module
unknown, version 0.0.0.0, fault address 0x00c98ff0.

Error - 4/6/2010 4:25:15 PM | Computer Name = FCI13 | Source = Application Error | ID = 1000
Description = Faulting application ctfmon.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x10078ff0.

Error - 4/6/2010 4:25:18 PM | Computer Name = FCI13 | Source = Application Error | ID = 1000
Description = Faulting application dkicon.exe, version 9.0.541.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000004.

Error - 4/6/2010 4:26:18 PM | Computer Name = FCI13 | Source = Application Error | ID = 1000
Description = Faulting application pelmiced.exe, version 1.1.0.4, faulting module
unknown, version 0.0.0.0, fault address 0x00968ff0.

Error - 4/6/2010 4:26:18 PM | Computer Name = FCI13 | Source = Application Error | ID = 1000
Description = Faulting application dlg.exe, version 1.0.0.2, faulting module unknown,
version 0.0.0.0, fault address 0x00be8ff0.

Error - 4/6/2010 4:27:03 PM | Computer Name = FCI13 | Source = nview_info | ID = 11141121
Description =

Error - 4/7/2010 7:45:06 PM | Computer Name = FCI13 | Source = QuickBooks | ID = 4
Description =

Error - 4/7/2010 7:45:06 PM | Computer Name = FCI13 | Source = QuickBooks | ID = 4
Description =

Error - 4/7/2010 7:45:06 PM | Computer Name = FCI13 | Source = QuickBooks | ID = 4
Description =

Error - 4/7/2010 7:51:05 PM | Computer Name = FCI13 | Source = QuickBooks | ID = 4
Description =

[ System Events ]
Error - 3/19/2010 12:02:53 AM | Computer Name = FCI13 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 3/21/2010 7:19:58 PM | Computer Name = FCI13 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain FCI due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 3/21/2010 7:20:06 PM | Computer Name = FCI13 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 3/21/2010 7:20:06 PM | Computer Name = FCI13 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 3/21/2010 7:20:08 PM | Computer Name = FCI13 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 3/21/2010 7:20:08 PM | Computer Name = FCI13 | Source = Service Control Manager | ID = 7001
Description = The Sentinel service depends on the Parallel port driver service which
failed to start because of the following error: %%1058

Error - 3/21/2010 7:28:44 PM | Computer Name = FCI13 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 3/21/2010 7:43:47 PM | Computer Name = FCI13 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 3/21/2010 8:13:49 PM | Computer Name = FCI13 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 3/22/2010 9:24:51 AM | Computer Name = FCI13 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.


< End of report >


#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:51 PM

Posted 08 April 2010 - 03:27 PM

Hi,

Please update your version of Malwarebytes and run a quick scan, post back with the content of the logfile.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 bxharv2

bxharv2
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great State of Idaho
  • Local time:03:51 PM

Posted 08 April 2010 - 07:35 PM


Tom,

Here is my mbam log.

thanks
Brandon


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3970

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/8/2010 6:32:06 PM
mbam-log-2010-04-08 (18-32-06).txt

Scan type: Quick scan
Objects scanned: 122807
Time elapsed: 5 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users