Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with unknown malware


  • This topic is locked This topic is locked
34 replies to this topic

#1 cjn007

cjn007

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Louisiana
  • Local time:11:29 AM

Posted 16 August 2010 - 05:17 PM

As stated in the topic description, I am infected with some unknown malware that creates scheduled tasks and then when the task runs, 2 random Internet Explorer popups open. I am able to kill the process in task manager and I have found that the file is located in the All Users\application data folder but even when I delete all the scheduled tasks and the file itself it keeps coming back. Please help! wacko.gif


DDS (Ver_10-03-17.01) - NTFSx86
Run by ClintN at 14:17:58.84 on Thu 08/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1944.945 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\DTS.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\AtService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
c:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\PaperWise Suite V6\TamManager.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray .exe
C:\Program Files\Common Files\Java\Java Update\jusched .exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\clintn.MONROE\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.tfins.com/
uInternet Settings,ProxyServer = http=tfserver:3128
uInternet Settings,ProxyOverride = https://*;webmvr.com;https://www.webmvr.com;hxxp://remotedeposit.ctbonline.com;https://remotedeposit.ctbonline.com;<local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SolidConverter PDF: {259f616c-a300-44f5-b04a-ed001a26c85c} - c:\program files\soliddocuments\solidconverterpdf\ExploreExtPDF.dll
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SolidConverter PDF: {259f616c-a300-44f5-b04a-ed001a26c85c} - c:\program files\soliddocuments\solidconverterpdf\ExploreExtPDF.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [TPFNF7] c:\progra~1\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [JobHisInit] c:\program files\rds\rmclient\JobHisInit.exe
mRun: [MplSetUp] c:\program files\rds\rmclient\MplSetUp.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AMSG] c:\progra~1\thinkv~1\amsg\Amsg.exe /startup
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [vptray] c:\progra~1\symant~1\symant~1\vptray.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~1.lnk - c:\program files\paperwise suite v6\TamManager.exe
uPolicies-explorer: NoFavoritesMenu = 1 (0x1)
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-explorer: NoTaskGrouping = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-system: HideLogonScripts = 0 (0x0)
mPolicies-system: HideLogonScripts = 0 (0x0)
mPolicies-system: MaxGPOScriptWait = 3600 (0xe10)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD} - c:\program files\imacros\imacros.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://www.appliedsystems.com/media/aw7player/awswaxd.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://eagent.farmersinsurance.com/PLA/eAgent/eAutoE/commonActiveX/smsx.cab
DPF: {16A017B9-6CB4-47C7-8E81-6E9396FAC2B6} - hxxp://tfsecurity/NSIDVRCtrlX.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} - hxxps://www.childrenview.net/rooms/smallworld/OCXChecker_6110.cab
DPF: {297AEB8E-D78B-427A-BBC2-E6496017D290} - hxxps://allapp.ahlcorp.com/DataSync/Control/AHLDSync.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227108294437
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {C11F5ACE-2471-49CE-BA64-B3A66D12C846} - hxxps://tfserver.monroe.tfins.com/RSC/invitation.aspx?getActiveX=1
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DA8484DE-52DB-4860-A986-61A8682E298A} - hxxps://www.childrenview.net/rooms/smallworld/OCXChecker_6110.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://vertaforemeetings.webex.com/client/wbs26-vzbprodcn/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5238271-D692-408F-A625-275DF49EE4E3} - hxxps://allapp.ahlcorp.com/InfoUpdate/Control/AHLInfoUpdate.CAB
DPF: {E6545011-41C1-41E8-A553-2457571D1BBC} - hxxp://localhost:25684/Sessionctl/control/SessionCtl.cab
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://www.appliedsystems.com/apps/chat/chat/uploads/XUpload.ocx
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\clintn~1.mon\applic~1\mozilla\firefox\profiles\489azkwm.default\
FF - plugin: c:\documents and settings\clintn.monroe\application data\mozilla\firefox\profiles\489azkwm.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-5-23 24304]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-5-23 13480]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-9 46144]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2010-2-5 1824064]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-5-23 132456]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2010-2-5 98304]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2010-5-23 50536]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-8-25 47640]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2003-5-2 30208]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2003-5-21 610304]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2008-8-21 53248]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-5-19 63928]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-14 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 360448]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2010-5-5 661448]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-8-21 239760]
R3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2003-5-2 224256]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100809.002\NAVENG.sys [2010-8-10 85424]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100809.002\NAVEX15.sys [2010-8-10 1362608]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2008-7-24 13408]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-5-23 45496]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2010-2-5 106496]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2010-2-5 118784]
S3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\drivers\gbridge.sys [2009-5-10 41216]
S3 hipeer20;Remobo Instant Private Network;c:\windows\system32\drivers\remobo32.sys [2009-4-22 26112]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-5-4 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-5-4 11104]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]
S4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\documents and settings\clintn.monroe\my documents\inter-tel\collaboration client 2.0\lkWebLink.exe [2007-9-20 32768]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-08-12 19:17:58 0 d-----w- c:\temp\59A.tmp
2010-08-12 19:16:41 0 ----a-w- c:\documents and settings\clintn.monroe\defogger_reenable
2010-08-12 13:40:39 0 d-----w- c:\temp\WPDNSE
2010-08-11 22:58:04 36864 ----a-w- c:\temp\wapplink.dll
2010-08-11 22:58:00 0 d-----w- c:\temp\hsperfdata_ClintN
2010-08-11 22:53:16 500 ----a-w- c:\temp\4760M704.dat
2010-08-11 22:52:36 56701 ----a-w- c:\temp\SYBOrSJN.dat
2010-08-11 22:48:46 0 d-----w- c:\temp\Desktop Authority
2010-08-11 22:45:25 0 d-----w- c:\program files\Ipswitch
2010-08-11 22:39:15 0 d-----w- c:\program files\Advanced IP Scanner
2010-08-11 22:25:33 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-08-11 22:25:29 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-08-11 22:25:29 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-08-11 22:25:13 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-08-11 22:25:13 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-08-11 22:25:13 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-08-11 22:25:13 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-08-11 22:25:12 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-11 22:25:12 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-08-11 22:24:32 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-08-11 21:56:20 0 d-----w- c:\temp\VBE
2010-08-11 21:44:51 0 d-----w- c:\temp\HostFontCache
2010-08-11 20:51:22 0 d-----w- c:\temp\VPMECTMP
2010-08-11 19:30:24 28 ----a-w- c:\temp\ExchangePerflog_8484fa319dce19ebcfcccd43.dat
2010-08-11 19:30:24 0 d-----w- c:\temp\PwOfficeTemp
2010-08-11 18:53:57 108300 ----a-w- c:\documents and settings\clintn.monroe\TRACE_BOOT+DRIVERS_1_1.BIN
2010-08-09 21:15:04 0 d-----w- c:\program files\JavaFX
2010-08-09 21:14:09 0 d-----w- c:\program files\Sun
2010-08-09 19:27:00 1392 ----a-w- c:\documents and settings\clintn.monroe\BBScreenShooter.ini
2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-26 22:17:06 0 d-----w- c:\program files\Microsoft Bootvis
2010-07-26 18:14:43 0 d-sh--w- c:\windows\ftpcache
2010-07-26 17:02:17 765 ----a-w- c:\windows\unins001.dat
2010-07-26 17:01:53 67072 ----a-w- c:\windows\system32\AKCPanel.cpl
2010-07-26 17:01:53 0 d-----w- c:\program files\Anark
2010-07-26 17:01:52 765 ----a-w- c:\windows\unins000.dat
2010-07-26 17:01:46 0 d-----w- c:\program files\Temp
2010-07-20 13:01:22 0 d-----w- C:\ScriptLogic
2010-07-14 19:44:17 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-14 18:03:45 72080 ----a-w- c:\documents and settings\clintn.monroe\g2mdlhlpx.exe

==================== Find3M ====================

2010-08-12 11:21:33 1984 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-26 17:02:17 72748 ----a-w- c:\windows\unins001.exe
2010-07-26 17:01:52 72748 ----a-w- c:\windows\unins000.exe
2010-07-17 10:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-07 17:51:54 83208 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-07-07 17:51:54 73496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\dllcache\schannel.dll
2010-06-29 16:00:23 32768 ----a-w- c:\windows\system32\TpKmpSvc.exe
2010-06-24 22:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:22:02 1210368 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:22:01 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
2010-06-24 12:22:01 5951488 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:22:01 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2010-06-24 12:21:59 25600 ----a-w- c:\windows\system32\dllcache\jsproxy.dll
2010-06-24 12:21:58 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:21:55 387584 ----a-w- c:\windows\system32\dllcache\iedkcs32.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:08:09 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-21 15:27:11 354304 ------w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03:00 80384 ------w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-06-09 13:51:38 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-09 13:51:31 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-06-09 13:51:31 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-05-27 13:50:12 2255 ----a-w- c:\windows\PmData.Dat
2010-05-23 09:19:20 531312 ------w- c:\windows\qfe8FE.tmp
2010-05-21 19:14:28 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2004-08-04 06:56:44 561179 ------w- c:\program files\common files\dao360.dll
2004-06-17 15:07:32 570128 ------w- c:\program files\common files\DAO350.DLL
2008-08-21 17:04:40 32768 -csh--w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat

============= FINISH: 14:18:12.51 ===============



BC AdBot (Login to Remove)

 


#2 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:11:29 AM

Posted 23 August 2010 - 08:01 PM

Hi cjn007,

Welcome to Bleeping Computer!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

STEP 1 - MBAM

Note: In the event that you already have MBAM installed, you do not need to reinstall it. Simply Updating it and doing a Quickscan is sufficient.

Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 2 - GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

STEP 3 - OTL

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • In the Custom Scans box, copy and paste the following:
    CODE
    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the files, and post it with your next reply.
STEP 4 - Reply

Please reply with the following logs:
  • MBAM Log
  • GMER Log
  • OTL Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#3 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:11:29 AM

Posted 30 August 2010 - 12:41 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#4 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:11:29 AM

Posted 30 August 2010 - 10:07 AM

Hi there,

Welcome back. Skip GMER for now and move onto OTL.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#5 cjn007

cjn007
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Louisiana
  • Local time:11:29 AM

Posted 30 August 2010 - 10:17 AM

I was able to run gmer finally. It took a long time to complete but it finally finished.

Here are my logs:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4469

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/24/2010 9:27:02 AM
mbam-log-2010-08-24 (09-27-02).txt

Scan type: Quick scan
Objects scanned: 184679
Time elapsed: 21 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\MS Essentials (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\ConnectionsTab (Hijack.ConnectionControl) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#6 cjn007

cjn007
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Louisiana
  • Local time:11:29 AM

Posted 30 August 2010 - 10:19 AM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-27 21:12:04
Windows 5.1.2600 Service Pack 3
Running: kj5rfc9p.exe; Driver: c:\temp\fxtdqpob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tvtumon.sys (Windows Update Monitor Driver/Lenovo)
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \FileSystem\Fastfat \Fat 96EDFD20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat tvtumon.sys (Windows Update Monitor Driver/Lenovo)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\clintn.MONROE\Local Settings\Temporary Internet Files\Content.IE5\95O1BLYK\Ping[2].htm 3 bytes
File C:\Documents and Settings\clintn.MONROE\Local Settings\Temporary Internet Files\Content.IE5\95O1BLYK\Version[1].htm 17 bytes
File C:\Documents and Settings\clintn.MONROE\Local Settings\Temporary Internet Files\Content.IE5\ESTSILDB\GetMessages[1].asp 2 bytes
File C:\WINDOWS\Temp\~DF447F.tmp 0 bytes
File C:\WINDOWS\Temp\~DF8639.tmp 0 bytes
File C:\WINDOWS\Temp\~DF8690.tmp 32768 bytes
File C:\WINDOWS\Temp\~DF86B1.tmp 512 bytes
File C:\WINDOWS\Temp\~DF9165.tmp 16384 bytes
File C:\WINDOWS\Temp\~DF91E0.tmp 512 bytes
File C:\RRbackups\C 0 bytes
File C:\RRbackups\C\0 0 bytes
File C:\RRbackups\C\0\Data0 50003968 bytes
File C:\RRbackups\C\0\Data1 50003968 bytes
File C:\RRbackups\C\0\Data10 50003968 bytes
File C:\RRbackups\C\0\Data100 50003968 bytes
File C:\RRbackups\C\0\Data101 50003968 bytes
File C:\RRbackups\C\0\Data102 50003968 bytes
File C:\RRbackups\C\0\Data103 50003968 bytes
File C:\RRbackups\C\0\Data104 50003968 bytes
File C:\RRbackups\C\0\Data105 50003968 bytes
File C:\RRbackups\C\0\Data106 50003968 bytes
File C:\RRbackups\C\0\Data107 50003968 bytes
File C:\RRbackups\C\0\Data108 50003968 bytes
File C:\RRbackups\C\0\Data109 50003968 bytes
File C:\RRbackups\C\0\Data11 50003968 bytes
File C:\RRbackups\C\0\Data110 50003968 bytes
File C:\RRbackups\C\0\Data111 50003968 bytes
File C:\RRbackups\C\0\Data112 50003968 bytes
File C:\RRbackups\C\0\Data113 50003968 bytes
File C:\RRbackups\C\0\Data114 50003968 bytes
File C:\RRbackups\C\0\Data115 50003968 bytes
File C:\RRbackups\C\0\Data28 50003968 bytes
File C:\RRbackups\C\0\Data29 50003968 bytes
File C:\RRbackups\C\0\Data3 50003968 bytes
File C:\RRbackups\C\0\Data30 50003968 bytes
File C:\RRbackups\C\0\Data31 50003968 bytes
File C:\RRbackups\C\0\Data32 50003968 bytes
File C:\RRbackups\C\0\Data33 50003968 bytes
File C:\RRbackups\C\0\Data34 50003968 bytes
File C:\RRbackups\C\0\Data35 50003968 bytes
File C:\RRbackups\C\0\Data36 50003968 bytes
File C:\RRbackups\C\0\Data37 50003968 bytes
File C:\RRbackups\C\0\Data38 50003968 bytes
File C:\RRbackups\C\0\Data39 50003968 bytes
File C:\RRbackups\C\0\Data4 50003968 bytes
File C:\RRbackups\C\0\Data40 50003968 bytes
File C:\RRbackups\C\0\Data41 50003968 bytes
File C:\RRbackups\C\0\Data42 50003968 bytes
File C:\RRbackups\C\0\Data43 50003968 bytes
File C:\RRbackups\C\0\Data44 50003968 bytes
File C:\RRbackups\C\0\Data45 50003968 bytes
File C:\RRbackups\C\0\Data47 50003968 bytes
File C:\RRbackups\C\0\Data48 50003968 bytes
File C:\RRbackups\C\0\Data49 50003968 bytes
File C:\RRbackups\C\0\Data5 50003968 bytes
File C:\RRbackups\C\0\Data50 50003968 bytes
File C:\RRbackups\C\0\Data51 50003968 bytes
File C:\RRbackups\C\0\Data52 50003968 bytes
File C:\RRbackups\C\0\Data53 50003968 bytes
File C:\RRbackups\C\0\Data54 50003968 bytes
File C:\RRbackups\C\0\Data55 50003968 bytes
File C:\RRbackups\C\0\Data56 50003968 bytes
File C:\RRbackups\C\0\Data57 50003968 bytes
File C:\RRbackups\C\0\Data58 50003968 bytes
File C:\RRbackups\C\0\Data59 50003968 bytes
File C:\RRbackups\C\0\Data6 50003968 bytes
File C:\RRbackups\C\0\Data60 50003968 bytes
File C:\RRbackups\C\0\Data61 50003968 bytes
File C:\RRbackups\C\0\Data62 50003968 bytes
File C:\RRbackups\C\0\Data63 50003968 bytes
File C:\RRbackups\C\0\Data64 50003968 bytes
File C:\RRbackups\C\0\Data66 50003968 bytes
File C:\RRbackups\C\0\Data67 50003968 bytes
File C:\RRbackups\C\0\Data68 50003968 bytes
File C:\RRbackups\C\0\Data69 50003968 bytes
File C:\RRbackups\C\0\Data7 50003968 bytes
File C:\RRbackups\C\0\Data70 50003968 bytes
File C:\RRbackups\C\0\Data71 50003968 bytes
File C:\RRbackups\C\0\Data72 50003968 bytes
File C:\RRbackups\C\0\Data73 50003968 bytes
File C:\RRbackups\C\0\Data74 50003968 bytes
File C:\RRbackups\C\0\Data75 50003968 bytes
File C:\RRbackups\C\0\Data76 50003968 bytes
File C:\RRbackups\C\0\Data77 50003968 bytes
File C:\RRbackups\C\0\Data78 50003968 bytes
File C:\RRbackups\C\0\Data79 50003968 bytes
File C:\RRbackups\C\0\Data8 50003968 bytes
File C:\RRbackups\C\0\Data80 50003968 bytes
File C:\RRbackups\C\0\Data81 50003968 bytes
File C:\RRbackups\C\0\Data82 50003968 bytes
File C:\RRbackups\C\0\Data83 50003968 bytes
File C:\RRbackups\C\0\Data117 50003968 bytes
File C:\RRbackups\C\0\Data118 50003968 bytes
File C:\RRbackups\C\0\Data119 50003968 bytes
File C:\RRbackups\C\0\Data12 50003968 bytes
File C:\RRbackups\C\0\Data120 50003968 bytes
File C:\RRbackups\C\0\Data121 50003968 bytes
File C:\RRbackups\C\0\Data122 50003968 bytes
File C:\RRbackups\C\0\Data123 50003968 bytes
File C:\RRbackups\C\0\Data124 50003968 bytes
File C:\RRbackups\C\0\Data125 50003968 bytes
File C:\RRbackups\C\0\Data126 50003968 bytes
File C:\RRbackups\C\0\Data127 50003968 bytes
File C:\RRbackups\C\0\Data128 50003968 bytes
File C:\RRbackups\C\0\Data129 50003968 bytes
File C:\RRbackups\C\0\Data13 50003968 bytes
File C:\RRbackups\C\0\Data130 50003968 bytes
File C:\RRbackups\C\0\Data131 50003968 bytes
File C:\RRbackups\C\0\Data132 50003968 bytes
File C:\RRbackups\C\0\Data133 50003968 bytes
File C:\RRbackups\C\0\Data134 50003968 bytes
File C:\RRbackups\C\0\Data136 50003968 bytes
File C:\RRbackups\C\0\Data137 50003968 bytes
File C:\RRbackups\C\0\Data138 50003968 bytes
File C:\RRbackups\C\0\Data139 50003968 bytes
File C:\RRbackups\C\0\Data14 50003968 bytes
File C:\RRbackups\C\0\Data140 50003968 bytes
File C:\RRbackups\C\0\Data141 50003968 bytes
File C:\RRbackups\C\0\Data142 50003968 bytes
File C:\RRbackups\C\0\Data143 50003968 bytes
File C:\RRbackups\C\0\Data144 50003968 bytes
File C:\RRbackups\C\0\Data145 50003968 bytes
File C:\RRbackups\C\0\Data146 50003968 bytes
File C:\RRbackups\C\0\Data147 50003968 bytes
File C:\RRbackups\C\0\Data148 50003968 bytes
File C:\RRbackups\C\0\Data149 50003968 bytes
File C:\RRbackups\C\0\Data15 50003968 bytes
File C:\RRbackups\C\0\Data150 50003968 bytes
File C:\RRbackups\C\0\Data151 50003968 bytes
File C:\RRbackups\C\0\Data152 50003968 bytes
File C:\RRbackups\C\0\Data153 50003968 bytes
File C:\RRbackups\C\0\Data155 50003968 bytes
File C:\RRbackups\C\0\Data156 50003968 bytes
File C:\RRbackups\C\0\Data157 50003968 bytes
File C:\RRbackups\C\0\Data158 50003968 bytes
File C:\RRbackups\C\0\Data159 50003968 bytes
File C:\RRbackups\C\0\Data16 50003968 bytes
File C:\RRbackups\C\0\Data160 50003968 bytes
File C:\RRbackups\C\0\Data161 50003968 bytes
File C:\RRbackups\C\0\Data162 50003968 bytes
File C:\RRbackups\C\0\Data163 50003968 bytes
File C:\RRbackups\C\0\Data164 50003968 bytes
File C:\RRbackups\C\0\Data165 50003968 bytes
File C:\RRbackups\C\0\Data166 50003968 bytes
File C:\RRbackups\C\0\Data167 50003968 bytes
File C:\RRbackups\C\0\Data168 50003968 bytes
File C:\RRbackups\C\0\Data169 50003968 bytes
File C:\RRbackups\C\0\Data17 50003968 bytes
File C:\RRbackups\C\0\Data170 50003968 bytes
File C:\RRbackups\C\0\Data171 50003968 bytes
File C:\RRbackups\C\0\Data172 50003968 bytes
File C:\RRbackups\C\0\Data116 50003968 bytes
File C:\RRbackups\C\0\Data135 50003968 bytes
File C:\RRbackups\C\0\Data154 50003968 bytes
File C:\RRbackups\C\0\Data173 50003968 bytes
File C:\RRbackups\C\0\Data192 50003968 bytes
File C:\RRbackups\C\0\Data210 50003968 bytes
File C:\RRbackups\C\0\Data27 50003968 bytes
File C:\RRbackups\C\0\Data46 50003968 bytes
File C:\RRbackups\C\0\Data65 50003968 bytes
File C:\RRbackups\C\0\Data84 50003968 bytes
File C:\RRbackups\C\0\Data174 50003968 bytes
File C:\RRbackups\C\0\Data175 50003968 bytes
File C:\RRbackups\C\0\Data176 50003968 bytes
File C:\RRbackups\C\0\Data177 50003968 bytes
File C:\RRbackups\C\0\Data178 50003968 bytes
File C:\RRbackups\C\0\Data179 50003968 bytes
File C:\RRbackups\C\0\Data18 50003968 bytes
File C:\RRbackups\C\0\Data180 50003968 bytes
File C:\RRbackups\C\0\Data181 50003968 bytes
File C:\RRbackups\C\0\Data182 50003968 bytes
File C:\RRbackups\C\0\Data183 50003968 bytes
File C:\RRbackups\C\0\Data184 50003968 bytes
File C:\RRbackups\C\0\Data185 50003968 bytes
File C:\RRbackups\C\0\Data186 50003968 bytes
File C:\RRbackups\C\0\Data187 50003968 bytes
File C:\RRbackups\C\0\Data188 50003968 bytes
File C:\RRbackups\C\0\Data189 50003968 bytes
File C:\RRbackups\C\0\Data19 50003968 bytes
File C:\RRbackups\C\0\Data190 50003968 bytes
File C:\RRbackups\C\0\Data191 50003968 bytes
File C:\RRbackups\C\0\Data193 50003968 bytes
File C:\RRbackups\C\0\Data194 50003968 bytes
File C:\RRbackups\C\0\Data195 50003968 bytes
File C:\RRbackups\C\0\Data196 50003968 bytes
File C:\RRbackups\C\0\Data197 50003968 bytes
File C:\RRbackups\C\0\Data198 50003968 bytes
File C:\RRbackups\C\0\Data199 50003968 bytes
File C:\RRbackups\C\0\Data2 50003968 bytes
File C:\RRbackups\C\0\Data20 50003968 bytes
File C:\RRbackups\C\0\Data200 50003968 bytes
File C:\RRbackups\C\0\Data201 50003968 bytes
File C:\RRbackups\C\0\Data202 50003968 bytes
File C:\RRbackups\C\0\Data203 50003968 bytes
File C:\RRbackups\C\0\Data204 50003968 bytes
File C:\RRbackups\C\0\Data205 50003968 bytes
File C:\RRbackups\C\0\Data206 50003968 bytes
File C:\RRbackups\C\0\Data207 50003968 bytes
File C:\RRbackups\C\0\Data208 50003968 bytes
File C:\RRbackups\C\0\Data209 50003968 bytes
File C:\RRbackups\C\0\Data21 50003968 bytes
File C:\RRbackups\C\0\Data211 50003968 bytes
File C:\RRbackups\C\0\Data212 50003968 bytes
File C:\RRbackups\C\0\Data213 50003968 bytes
File C:\RRbackups\C\0\Data214 50003968 bytes
File C:\RRbackups\C\0\Data215 50003968 bytes
File C:\RRbackups\C\0\Data216 50003968 bytes
File C:\RRbackups\C\0\Data217 50003968 bytes
File C:\RRbackups\C\0\Data218 50003968 bytes
File C:\RRbackups\C\0\Data219 50003968 bytes
File C:\RRbackups\C\0\Data22 50003968 bytes
File C:\RRbackups\C\0\Data220 50003968 bytes
File C:\RRbackups\C\0\Data221 50003968 bytes
File C:\RRbackups\C\0\Data222 50003968 bytes
File C:\RRbackups\C\0\Data223 50003968 bytes
File C:\RRbackups\C\0\Data224 50003968 bytes
File C:\RRbackups\C\0\Data225 50003968 bytes
File C:\RRbackups\C\0\Data226 50003968 bytes
File C:\RRbackups\C\0\Data227 50003968 bytes
File C:\RRbackups\C\0\Data228 50003968 bytes
File C:\RRbackups\C\0\Data229 50003968 bytes
File C:\RRbackups\C\0\Data23 50003968 bytes
File C:\RRbackups\C\0\Data230 50003968 bytes
File C:\RRbackups\C\0\Data231 50003968 bytes
File C:\RRbackups\C\0\Data232 50003968 bytes
File C:\RRbackups\C\0\Data233 50003968 bytes
File C:\RRbackups\C\0\Data234 50003968 bytes
File C:\RRbackups\C\0\Data235 50003968 bytes
File C:\RRbackups\C\0\Data236 50003968 bytes
File C:\RRbackups\C\0\Data237 50003968 bytes
File C:\RRbackups\C\0\Data238 50003968 bytes
File C:\RRbackups\C\0\Data239 50003968 bytes
File C:\RRbackups\C\0\Data24 50003968 bytes
File C:\RRbackups\C\0\Data240 50003968 bytes
File C:\RRbackups\C\0\Data241 50003968 bytes
File C:\RRbackups\C\0\Data242 50003968 bytes
File C:\RRbackups\C\0\Data243 50003968 bytes
File C:\RRbackups\C\0\Data244 50003968 bytes
File C:\RRbackups\C\0\Data245 50003968 bytes
File C:\RRbackups\C\0\Data246 15342805 bytes
File C:\RRbackups\C\0\Data25 50003968 bytes
File C:\RRbackups\C\0\Data26 50003968 bytes
File C:\RRbackups\C\0\Data85 50003968 bytes
File C:\RRbackups\C\0\Data86 50003968 bytes
File C:\RRbackups\C\0\Data87 50003968 bytes
File C:\RRbackups\C\0\Data88 50003968 bytes
File C:\RRbackups\C\0\Data89 50003968 bytes
File C:\RRbackups\C\0\Data9 50003968 bytes
File C:\RRbackups\C\0\Data90 50003968 bytes
File C:\RRbackups\C\0\Data91 50003968 bytes
File C:\RRbackups\C\0\Data92 50003968 bytes
File C:\RRbackups\C\0\Data93 50003968 bytes
File C:\RRbackups\C\0\Data94 50003968 bytes
File C:\RRbackups\C\0\Data95 50003968 bytes
File C:\RRbackups\C\0\Data96 50003968 bytes
File C:\RRbackups\C\0\Data97 50003968 bytes
File C:\RRbackups\C\0\Data98 50003968 bytes
File C:\RRbackups\C\0\Data99 50003968 bytes
File C:\RRbackups\C\0\dats 0 bytes
File C:\RRbackups\C\0\EFSFile 0 bytes
File C:\RRbackups\C\0\HashFile 827286 bytes
File C:\RRbackups\C\0\Info 756 bytes
File C:\RRbackups\C\0\TOCFile 84107410 bytes
File C:\RRbackups\C\1 0 bytes
File C:\RRbackups\C\1\Data0 50003968 bytes
File C:\RRbackups\C\1\Data1 50003968 bytes
File C:\RRbackups\C\1\Data2 50003968 bytes
File C:\RRbackups\C\1\Data3 50003968 bytes
File C:\RRbackups\C\1\Data4 50003968 bytes
File C:\RRbackups\C\1\Data5 50003968 bytes
File C:\RRbackups\C\1\Data6 50003968 bytes
File C:\RRbackups\C\1\Data7 40332524 bytes
File C:\RRbackups\C\1\dats 0 bytes
File C:\RRbackups\C\1\EFSFile 0 bytes
File C:\RRbackups\C\1\HashFile 836322 bytes
File C:\RRbackups\C\1\Info 756 bytes
File C:\RRbackups\C\1\TOCFile 85026070 bytes
File C:\RRbackups\C\2 0 bytes
File C:\RRbackups\C\2\Data27 50003968 bytes
File C:\RRbackups\C\2\Data0 50003968 bytes
File C:\RRbackups\C\2\Data1 50003968 bytes
File C:\RRbackups\C\2\Data10 50003968 bytes
File C:\RRbackups\C\2\Data11 50003968 bytes
File C:\RRbackups\C\2\Data12 50003968 bytes
File C:\RRbackups\C\2\Data13 50003968 bytes
File C:\RRbackups\C\2\Data14 50003968 bytes
File C:\RRbackups\C\2\Data15 50003968 bytes
File C:\RRbackups\C\2\Data16 50003968 bytes
File C:\RRbackups\C\2\Data17 50003968 bytes
File C:\RRbackups\C\2\Data18 50003968 bytes
File C:\RRbackups\C\2\Data19 50003968 bytes
File C:\RRbackups\C\2\Data2 50003968 bytes
File C:\RRbackups\C\2\Data20 50003968 bytes
File C:\RRbackups\C\2\Data21 50003968 bytes
File C:\RRbackups\C\2\Data22 50003968 bytes
File C:\RRbackups\C\2\Data23 50003968 bytes
File C:\RRbackups\C\2\Data24 50003968 bytes
File C:\RRbackups\C\2\Data25 50003968 bytes
File C:\RRbackups\C\2\Data26 50003968 bytes
File C:\RRbackups\C\2\Data28 50003968 bytes
File C:\RRbackups\C\2\Data29 50003968 bytes
File C:\RRbackups\C\2\Data3 50003968 bytes
File C:\RRbackups\C\2\Data30 50003968 bytes
File C:\RRbackups\C\2\Data31 50003968 bytes
File C:\RRbackups\C\2\Data32 50003968 bytes
File C:\RRbackups\C\2\Data33 50003968 bytes
File C:\RRbackups\C\2\Data34 50003968 bytes
File C:\RRbackups\C\2\Data35 50003968 bytes
File C:\RRbackups\C\2\Data36 50003968 bytes
File C:\RRbackups\C\2\Data37 50003968 bytes
File C:\RRbackups\C\2\Data38 50003968 bytes
File C:\RRbackups\C\2\Data39 50003968 bytes
File C:\RRbackups\C\2\Data4 50003968 bytes
File C:\RRbackups\C\2\Data40 50003968 bytes
File C:\RRbackups\C\2\Data41 50003968 bytes
File C:\RRbackups\C\2\Data42 50003968 bytes
File C:\RRbackups\C\2\Data43 50003968 bytes
File C:\RRbackups\C\2\Data44 50003968 bytes
File C:\RRbackups\C\2\Data45 50003968 bytes
File C:\RRbackups\C\2\Data46 50003968 bytes
File C:\RRbackups\C\2\Data47 50003968 bytes
File C:\RRbackups\C\2\Data48 50003968 bytes
File C:\RRbackups\C\2\Data49 50003968 bytes
File C:\RRbackups\C\2\Data5 50003968 bytes
File C:\RRbackups\C\2\Data50 50003968 bytes
File C:\RRbackups\C\2\Data51 50003968 bytes
File C:\RRbackups\C\2\Data52 50003968 bytes
File C:\RRbackups\C\2\Data53 50003968 bytes
File C:\RRbackups\C\2\Data54 50003968 bytes
File C:\RRbackups\C\2\Data55 17036367 bytes
File C:\RRbackups\C\2\Data6 50003968 bytes
File C:\RRbackups\C\2\Data7 50003968 bytes
File C:\RRbackups\C\2\Data8 50003968 bytes
File C:\RRbackups\C\2\Data9 50003968 bytes
File C:\RRbackups\C\2\dats 0 bytes
File C:\RRbackups\C\2\EFSFile 0 bytes
File C:\RRbackups\C\2\HashFile 1098480 bytes
File C:\RRbackups\C\2\Info 756 bytes
File C:\RRbackups\C\2\TOCFile 111678800 bytes
File C:\RRbackups\common 0 bytes
File C:\RRbackups\common\backups.dat 8192 bytes
File C:\RRbackups\common\bt0.dat 32256 bytes
File C:\RRbackups\common\bt1.dat 32256 bytes
File C:\RRbackups\common\bt2.dat 32256 bytes
File C:\RRbackups\common\css.dat 8192 bytes
File C:\RRbackups\common\hints.dat 8192 bytes
File C:\RRbackups\common\mnd.dat 8192 bytes
File C:\RRbackups\common\regcerts.dat 8192 bytes
File C:\RRbackups\common\restore.log 110 bytes
File C:\RRbackups\common\rr.log 69374 bytes
File C:\RRbackups\common\SAM 36864 bytes
File C:\RRbackups\common\seccache.dat 8192 bytes
File C:\RRbackups\common\secpolicy.dat 94208 bytes
File C:\RRbackups\common\settings.dat 32768 bytes
File C:\RRbackups\common\system.dat 12288 bytes
File C:\RRbackups\common\tvtcmn.dat 8192 bytes
File C:\RRbackups\common\tvtns.bin 23 bytes
File C:\RRbackups\common\usersids.dat 16640 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo\Client Security Solution\enroll.ini 50 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-189568971-861879217-1150294117-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-189568971-861879217-1150294117-500\8f71098770f72c7a67cd8f1151619865_70c7fdd3-bd1e-440e-beae-131562cd809f 54 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-189568971-861879217-1150294117-500\a18ca4003deb042bbee7a40f15e1970b_70c7fdd3-bd1e-440e-beae-131562cd809f 2490 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-189568971-861879217-1150294117-500\dd508fb67e3df5d722d6ce98ff404371_70c7fdd3-bd1e-440e-beae-131562cd809f 63 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST 160 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1272929676-1340377640-1196476801-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1272929676-1340377640-1196476801-500\8e0a74bf-c7db-4a8b-93b1-46f34270ba7c 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1272929676-1340377640-1196476801-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-189568971-861879217-1150294117-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-189568971-861879217-1150294117-500\50174358-dfdc-4ee2-9084-7569b6995a5d 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-189568971-861879217-1150294117-500\9bfeb446-bfa2-49cd-bea7-daad608365a0 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-189568971-861879217-1150294117-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3207265893-1155654073-3713458819-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3207265893-1155654073-3713458819-500\160b61c9-2239-4328-ace8-1c3877b63a0b 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3207265893-1155654073-3713458819-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3595599034-140548454-3276399739-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3595599034-140548454-3276399739-500\ee665973-380a-41df-bf9a-640ce0f7f55f 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3595599034-140548454-3276399739-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE 0 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE\Application Data\Lenovo\Client Security Solution\enroll.ini 50 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-500 0 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-500\6b29ae44e85efac3c72ff4d1865d73f1_70c7fdd3-bd1e-440e-beae-131562cd809f 53 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-500\8f71098770f72c7a67cd8f1151619865_70c7fdd3-bd1e-440e-beae-131562cd809f 54 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE\Application Data\Microsoft\Protect\S-1-5-21-1272929676-1340377640-1196476801-500 0 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE\Application Data\Microsoft\Protect\S-1-5-21-1272929676-1340377640-1196476801-500\8e0a74bf-c7db-4a8b-93b1-46f34270ba7c 388 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE\Application Data\Microsoft\Protect\S-1-5-21-1272929676-1340377640-1196476801-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE\Application Data\Microsoft\Protect\S-1-5-21-2017193482-4019031684-3957989790-500 0 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE\Application Data\Microsoft\Protect\S-1-5-21-2017193482-4019031684-3957989790-500\28e452f6-cbe9-4f55-9654-f8e75a11d776 664 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE\Application Data\Microsoft\Protect\S-1-5-21-2017193482-4019031684-3957989790-500\7d33d9c2-4933-4c97-8285-92cffb5bac6f 664 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE\Application Data\Microsoft\Protect\S-1-5-21-2017193482-4019031684-3957989790-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE\Application Data\Microsoft\Protect\S-1-5-21-3207265893-1155654073-3713458819-500 0 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE\Application Data\Microsoft\Protect\S-1-5-21-3207265893-1155654073-3713458819-500\160b61c9-2239-4328-ace8-1c3877b63a0b 388 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE\Application Data\Microsoft\Protect\S-1-5-21-3207265893-1155654073-3713458819-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE\Application Data\Microsoft\Protect\S-1-5-21-3595599034-140548454-3276399739-500 0 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE\Application Data\Microsoft\Protect\S-1-5-21-3595599034-140548454-3276399739-500\ee665973-380a-41df-bf9a-640ce0f7f55f 388 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE\Application Data\Microsoft\Protect\S-1-5-21-3595599034-140548454-3276399739-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\administrator.MONROE\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\All Users 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1db659545d5f9b46322b0ecd48efe8fe_70c7fdd3-bd1e-440e-beae-131562cd809f 1305 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\430fa89c0608869e1cd44c73faf04ad3_70c7fdd3-bd1e-440e-beae-131562cd809f 2073 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7a436fe806e483969f48a894af2fe9a1_70c7fdd3-bd1e-440e-beae-131562cd809f 1727 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9049c9db3bdf6bd1b8c74f80e87520a3_70c7fdd3-bd1e-440e-beae-131562cd809f 1305 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a077ead69703e3bf1fd373a3c9376faa_70c7fdd3-bd1e-440e-beae-131562cd809f 901 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b5ac14129bedced3dd73836f4ac5abc7_70c7fdd3-bd1e-440e-beae-131562cd809f 1305 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c2319c42033a5ca7f44e731bfd3fa2b5_70c7fdd3-bd1e-440e-beae-131562cd809f 1746 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_70c7fdd3-bd1e-440e-beae-131562cd809f 52 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_70c7fdd3-bd1e-440e-beae-131562cd809f 57 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\672ab19f66dcb037f2fa0bfca8c556ec_70c7fdd3-bd1e-440e-beae-131562cd809f 2527 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6b29ae44e85efac3c72ff4d1865d73f1_70c7fdd3-bd1e-440e-beae-131562cd809f 53 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_70c7fdd3-bd1e-440e-beae-131562cd809f 47 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\83aa4cc77f591dfc2374580bbd95f6ba_70c7fdd3-bd1e-440e-beae-131562cd809f 45 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_70c7fdd3-bd1e-440e-beae-131562cd809f 54 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\a010475a1fffbf7127e2158c2fcb2cef_70c7fdd3-bd1e-440e-beae-131562cd809f 1307 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\b9f66aac460f2e7067bfc013de66afe9_70c7fdd3-bd1e-440e-beae-131562cd809f 62 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_70c7fdd3-bd1e-440e-beae-131562cd809f 893 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\dd508fb67e3df5d722d6ce98ff404371_70c7fdd3-bd1e-440e-beae-131562cd809f 63 bytes
File C:\RRbackups\Documents and Settings\clintn 0 bytes
File C:\RRbackups\Documents and Settings\clintn\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\clintn\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\clintn\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\clintn\Application Data\Lenovo\Client Security Solution\enroll.ini 50 bytes
File C:\RRbackups\Documents and Settings\clintn\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\clintn\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\clintn\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\clintn\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\clintn\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\clintn\Application Data\Microsoft\Protect\S-1-5-21-1272929676-1340377640-1196476801-500 0 bytes
File C:\RRbackups\Documents and Settings\clintn\Application Data\Microsoft\Protect\S-1-5-21-1272929676-1340377640-1196476801-500\8e0a74bf-c7db-4a8b-93b1-46f34270ba7c 388 bytes
File C:\RRbackups\Documents and Settings\clintn\Application Data\Microsoft\Protect\S-1-5-21-1272929676-1340377640-1196476801-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\clintn\Application Data\Microsoft\Protect\S-1-5-21-2017193482-4019031684-3957989790-1612 0 bytes
File C:\RRbackups\Documents and Settings\clintn\Application Data\Microsoft\Protect\S-1-5-21-2017193482-4019031684-3957989790-1612\2edaeb7a-bfe8-4ff7-b428-d8c50339b9b3 664 bytes
File C:\RRbackups\Documents and Settings\clintn\Application Data\Microsoft\Protect\S-1-5-21-2017193482-4019031684-3957989790-1612\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\clintn\Application Data\Microsoft\Protect\S-1-5-21-3207265893-1155654073-3713458819-500 0 bytes
File C:\RRbackups\Documents and Settings\clintn\Application Data\Microsoft\Protect\S-1-5-21-3207265893-1155654073-3713458819-500\160b61c9-2239-4328-ace8-1c3877b63a0b 388 bytes
File C:\RRbackups\Documents and Settings\clintn\Application Data\Microsoft\Protect\S-1-5-21-3207265893-1155654073-3713458819-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\clintn\Application Data\Microsoft\Protect\S-1-5-21-3595599034-140548454-3276399739-500 0 bytes
File C:\RRbackups\Documents and Settings\clintn\Application Data\Microsoft\Protect\S-1-5-21-3595599034-140548454-3276399739-500\ee665973-380a-41df-bf9a-640ce0f7f55f 388 bytes
File C:\RRbackups\Documents and Settings\clintn\Application Data\Microsoft\Protect\S-1-5-21-3595599034-140548454-3276399739-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\clintn\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\clintn\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\clintn\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\clintn\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\clintn\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE 0 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Lenovo\Client Security Solution\enroll.ini 50 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-1616 0 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-1616\637094b848b53858c699f2ce880165d5_70c7fdd3-bd1e-440e-beae-131562cd809f 53 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-1616\036a7eec3306c98be7315eb63f105752_70c7fdd3-bd1e-440e-beae-131562cd809f 79 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-1616\123d83febac6df405ab8577e744831bd_70c7fdd3-bd1e-440e-beae-131562cd809f 1332 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-1616\34992320e9dd22d954400910ce819223_70c7fdd3-bd1e-440e-beae-131562cd809f 79 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-1616\3a8064d9d210b21fc8840e1563ee0a6d_70c7fdd3-bd1e-440e-beae-131562cd809f 1332 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-1616\4e730319cc2f7c1cba91310588870dc7_70c7fdd3-bd1e-440e-beae-131562cd809f 1310 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-1616\5f767154b98a86907b6dd63f45b2a241_70c7fdd3-bd1e-440e-beae-131562cd809f 79 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-1616\6b29ae44e85efac3c72ff4d1865d73f1_70c7fdd3-bd1e-440e-beae-131562cd809f 53 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-1616\76e676505c357a0c5f1ecd59e1ac0519_70c7fdd3-bd1e-440e-beae-131562cd809f 1332 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-1616\7abbaad8de3ead5584005e499261226f_70c7fdd3-bd1e-440e-beae-131562cd809f 1332 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-1616\83aa4cc77f591dfc2374580bbd95f6ba_70c7fdd3-bd1e-440e-beae-131562cd809f 45 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-1616\8f71098770f72c7a67cd8f1151619865_70c7fdd3-bd1e-440e-beae-131562cd809f 54 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-1616\932a2db58c237abd381d22df4c63a04a_70c7fdd3-bd1e-440e-beae-131562cd809f 87 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-1616\a8b18f82a9ef7e4619d0c08926538bf3_70c7fdd3-bd1e-440e-beae-131562cd809f 2483 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-1616\cbcca9edaa7cb8b49f55ff74ea51f6a2_70c7fdd3-bd1e-440e-beae-131562cd809f 1283 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-1616\dd508fb67e3df5d722d6ce98ff404371_70c7fdd3-bd1e-440e-beae-131562cd809f 63 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-1616\e1a0a4d2bac6c852408cde62a5a68348_70c7fdd3-bd1e-440e-beae-131562cd809f 1310 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-1616\fc18fee1a3c34156184c76fe26419dc1_70c7fdd3-bd1e-440e-beae-131562cd809f 923 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-1616\fe6ca3276f7babeada1134d7abe8bd95_70c7fdd3-bd1e-440e-beae-131562cd809f 1305 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Protect\CREDHIST 24 bytes


File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Protect\S-1-5-21-1272929676-1340377640-1196476801-500 0 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Protect\S-1-5-21-1272929676-1340377640-1196476801-500\8e0a74bf-c7db-4a8b-93b1-46f34270ba7c 388 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Protect\S-1-5-21-1272929676-1340377640-1196476801-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Protect\S-1-5-21-2017193482-4019031684-3957989790-1616 0 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Protect\S-1-5-21-2017193482-4019031684-3957989790-1616\0E9AAAC8-A2C0-4145-8DC5-19B1F107A9B7 388 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Protect\S-1-5-21-2017193482-4019031684-3957989790-1616\33a86a1d-53b4-4e41-97aa-84e61d47f16a 664 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Protect\S-1-5-21-2017193482-4019031684-3957989790-1616\668ac065-a81d-4d46-a7b7-3be4bdefcf7d 664 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Protect\S-1-5-21-2017193482-4019031684-3957989790-1616\6d0c6a72-6154-436f-87e1-1b3bb4ba9434 664 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Protect\S-1-5-21-2017193482-4019031684-3957989790-1616\e77bfc6c-6ab7-4714-8dbf-d9d61c8d3211 664 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Protect\S-1-5-21-2017193482-4019031684-3957989790-1616\f5eeee71-fafa-4e18-b741-e02f3a03510d 664 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Protect\S-1-5-21-2017193482-4019031684-3957989790-1616\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Protect\S-1-5-21-3207265893-1155654073-3713458819-500 0 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Protect\S-1-5-21-3207265893-1155654073-3713458819-500\160b61c9-2239-4328-ace8-1c3877b63a0b 388 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Protect\S-1-5-21-3207265893-1155654073-3713458819-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Protect\S-1-5-21-3595599034-140548454-3276399739-500 0 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Protect\S-1-5-21-3595599034-140548454-3276399739-500\ee665973-380a-41df-bf9a-640ce0f7f55f 388 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Protect\S-1-5-21-3595599034-140548454-3276399739-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\SystemCertificates\My\Certificates\0D438BB3FA3110E009DB7CAC03EABFD39ABC3BA6 822 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\SystemCertificates\My\Keys 0 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\SystemCertificates\My\Keys\BAB2AEB7298B4C946DE511147C86CF554B14A3E8 240 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\SystemCertificates\Request 0 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\SystemCertificates\Request\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\SystemCertificates\Request\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\clintn.MONROE\Application Data\Microsoft\SystemCertificates\Request\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo\Client Security Solution\enroll.ini 50 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1272929676-1340377640-1196476801-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1272929676-1340377640-1196476801-500\8e0a74bf-c7db-4a8b-93b1-46f34270ba7c 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1272929676-1340377640-1196476801-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3207265893-1155654073-3713458819-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3207265893-1155654073-3713458819-500\160b61c9-2239-4328-ace8-1c3877b63a0b 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3207265893-1155654073-3713458819-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3595599034-140548454-3276399739-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3595599034-140548454-3276399739-500\ee665973-380a-41df-bf9a-640ce0f7f55f 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3595599034-140548454-3276399739-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\joef 0 bytes
File C:\RRbackups\Documents and Settings\joef\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\joef\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\joef\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\joef\Application Data\Lenovo\Client Security Solution\enroll.ini 50 bytes
File C:\RRbackups\Documents and Settings\joef\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\joef\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\joef\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\joef\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\joef\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\joef\Application Data\Microsoft\Protect\S-1-5-21-1272929676-1340377640-1196476801-500 0 bytes
File C:\RRbackups\Documents and Settings\joef\Application Data\Microsoft\Protect\S-1-5-21-1272929676-1340377640-1196476801-500\8e0a74bf-c7db-4a8b-93b1-46f34270ba7c 388 bytes
File C:\RRbackups\Documents and Settings\joef\Application Data\Microsoft\Protect\S-1-5-21-1272929676-1340377640-1196476801-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\joef\Application Data\Microsoft\Protect\S-1-5-21-2017193482-4019031684-3957989790-1160 0 bytes
File C:\RRbackups\Documents and Settings\joef\Application Data\Microsoft\Protect\S-1-5-21-2017193482-4019031684-3957989790-1160\7b6fdf22-ccf9-4f8f-8db3-0f7c864e3fbe 664 bytes
File C:\RRbackups\Documents and Settings\joef\Application Data\Microsoft\Protect\S-1-5-21-2017193482-4019031684-3957989790-1160\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\joef\Application Data\Microsoft\Protect\S-1-5-21-3207265893-1155654073-3713458819-500 0 bytes
File C:\RRbackups\Documents and Settings\joef\Application Data\Microsoft\Protect\S-1-5-21-3207265893-1155654073-3713458819-500\160b61c9-2239-4328-ace8-1c3877b63a0b 388 bytes
File C:\RRbackups\Documents and Settings\joef\Application Data\Microsoft\Protect\S-1-5-21-3207265893-1155654073-3713458819-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\joef\Application Data\Microsoft\Protect\S-1-5-21-3595599034-140548454-3276399739-500 0 bytes
File C:\RRbackups\Documents and Settings\joef\Application Data\Microsoft\Protect\S-1-5-21-3595599034-140548454-3276399739-500\ee665973-380a-41df-bf9a-640ce0f7f55f 388 bytes
File C:\RRbackups\Documents and Settings\joef\Application Data\Microsoft\Protect\S-1-5-21-3595599034-140548454-3276399739-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\joef\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\joef\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\joef\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\joef\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\joef\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Michelle 0 bytes
File C:\RRbackups\Documents and Settings\Michelle\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Michelle\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Michelle\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Michelle\Application Data\Lenovo\Client Security Solution\enroll.ini 50 bytes
File C:\RRbackups\Documents and Settings\Michelle\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Michelle\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Michelle\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Michelle\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Michelle\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Michelle\Application Data\Microsoft\Protect\S-1-5-21-1272929676-1340377640-1196476801-500 0 bytes
File C:\RRbackups\Documents and Settings\Michelle\Application Data\Microsoft\Protect\S-1-5-21-1272929676-1340377640-1196476801-500\8e0a74bf-c7db-4a8b-93b1-46f34270ba7c 388 bytes
File C:\RRbackups\Documents and Settings\Michelle\Application Data\Microsoft\Protect\S-1-5-21-1272929676-1340377640-1196476801-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Michelle\Application Data\Microsoft\Protect\S-1-5-21-189568971-861879217-1150294117-1008 0 bytes
File C:\RRbackups\Documents and Settings\Michelle\Application Data\Microsoft\Protect\S-1-5-21-189568971-861879217-1150294117-1008\f5a13d25-f81b-430e-a768-9680ffb709eb 388 bytes
File C:\RRbackups\Documents and Settings\Michelle\Application Data\Microsoft\Protect\S-1-5-21-189568971-861879217-1150294117-1008\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Michelle\Application Data\Microsoft\Protect\S-1-5-21-3207265893-1155654073-3713458819-500 0 bytes
File C:\RRbackups\Documents and Settings\Michelle\Application Data\Microsoft\Protect\S-1-5-21-3207265893-1155654073-3713458819-500\160b61c9-2239-4328-ace8-1c3877b63a0b 388 bytes
File C:\RRbackups\Documents and Settings\Michelle\Application Data\Microsoft\Protect\S-1-5-21-3207265893-1155654073-3713458819-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Michelle\Application Data\Microsoft\Protect\S-1-5-21-3595599034-140548454-3276399739-500 0 bytes
File C:\RRbackups\Documents and Settings\Michelle\Application Data\Microsoft\Protect\S-1-5-21-3595599034-140548454-3276399739-500\ee665973-380a-41df-bf9a-640ce0f7f55f 388 bytes
File C:\RRbackups\Documents and Settings\Michelle\Application Data\Microsoft\Protect\S-1-5-21-3595599034-140548454-3276399739-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Michelle\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Michelle\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Michelle\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Michelle\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Michelle\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\michelles 0 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Lenovo\Client Security Solution\enroll.ini 50 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-1183 0 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-1183\6b29ae44e85efac3c72ff4d1865d73f1_70c7fdd3-bd1e-440e-beae-131562cd809f 53 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-1183\8f71098770f72c7a67cd8f1151619865_70c7fdd3-bd1e-440e-beae-131562cd809f 54 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-1183\932a2db58c237abd381d22df4c63a04a_70c7fdd3-bd1e-440e-beae-131562cd809f 87 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-1183\cafe354d4bd2a5d43d1bf0259e9dd1ae_70c7fdd3-bd1e-440e-beae-131562cd809f 2486 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Microsoft\Protect\S-1-5-21-1272929676-1340377640-1196476801-500 0 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Microsoft\Protect\S-1-5-21-1272929676-1340377640-1196476801-500\8e0a74bf-c7db-4a8b-93b1-46f34270ba7c 388 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Microsoft\Protect\S-1-5-21-1272929676-1340377640-1196476801-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Microsoft\Protect\S-1-5-21-2017193482-4019031684-3957989790-1183 0 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Microsoft\Protect\S-1-5-21-2017193482-4019031684-3957989790-1183\2293c94e-b44a-4bb7-b34c-727fc5b8d9a3 664 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Microsoft\Protect\S-1-5-21-2017193482-4019031684-3957989790-1183\68e246fd-7282-4c4c-8fcc-cb43354ab580 664 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Microsoft\Protect\S-1-5-21-2017193482-4019031684-3957989790-1183\a52fe354-d6b7-405e-93c3-c3a284875849 664 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Microsoft\Protect\S-1-5-21-2017193482-4019031684-3957989790-1183\bdf9f93f-7074-4c4c-bf86-54cc7e0d62e3 664 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Microsoft\Protect\S-1-5-21-2017193482-4019031684-3957989790-1183\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Microsoft\Protect\S-1-5-21-3207265893-1155654073-3713458819-500 0 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Microsoft\Protect\S-1-5-21-3207265893-1155654073-3713458819-500\160b61c9-2239-4328-ace8-1c3877b63a0b 388 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Microsoft\Protect\S-1-5-21-3207265893-1155654073-3713458819-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Microsoft\Protect\S-1-5-21-3595599034-140548454-3276399739-500 0 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Microsoft\Protect\S-1-5-21-3595599034-140548454-3276399739-500\ee665973-380a-41df-bf9a-640ce0f7f55f 388 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Microsoft\Protect\S-1-5-21-3595599034-140548454-3276399739-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\michelles\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20\94498385663a229a93d423c6d144ae0b_70c7fdd3-bd1e-440e-beae-131562cd809f 2519 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\8758847c-9267-4718-9277-ed15a72d077f 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\0ac2523b-2473-40b6-8c88-12ec9af84de1 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\0e9aaac8-a2c0-4145-8dc5-19b1f107a9b7 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\0efa31ef-4aeb-4b0e-af98-bc0440cf2fe7 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\2a093178-846d-4e37-b55e-54ef4360be4d 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\491e7911-de61-4570-a85e-b1e188773461 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\6b0d95be-605c-4cc2-a624-7f6193750a4f 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\7f062856-d9c3-4919-a6db-39552a40ec71 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\8bae6694-cfee-4c85-8804-3f6cd99bf384 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\8d8650df-9767-4b25-a000-6b2670cf5ac6 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\9678aa73-7162-4ab0-a800-4bd75eec9fbf 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\9bbfb98a-dbfc-4884-b543-380e3e36e994 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\9d0bb994-fd72-47c3-a7bd-c536cdd9c30a 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\ac8150e8-b603-4cad-abc7-b983668469c6 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\afb80c2e-441e-4815-9be9-7a8cb2c23430 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\bebb0e28-44bd-4d44-a4bb-36c459f04a37 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\ef701f41-b20d-4dbf-9a01-46740e39d45c 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\f961ee01-9755-4d31-842a-1cf7a190f819 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\fa26589f-ee2f-4fa0-8a04-bb25dc710ca7 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\rhondag 0 bytes
File C:\RRbackups\Documents and Settings\rhondag\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\rhondag\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\rhondag\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\rhondag\Application Data\Lenovo\Client Security Solution\enroll.ini 50 bytes
File C:\RRbackups\Documents and Settings\rhondag\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\rhondag\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\rhondag\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\rhondag\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-1519 0 bytes
File C:\RRbackups\Documents and Settings\rhondag\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-1519\d8b7f5c3e9e7177cf80f5ecdb4bb34cd_70c7fdd3-bd1e-440e-beae-131562cd809f 48 bytes
File C:\RRbackups\Documents and Settings\rhondag\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2017193482-4019031684-3957989790-1519\dd508fb67e3df5d722d6ce98ff404371_70c7fdd3-bd1e-440e-beae-131562cd809f 63 bytes
File C:\RRbackups\Documents and Settings\rhondag\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\rhondag\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\rhondag\Application Data\Microsoft\Protect\S-1-5-21-1272929676-1340377640-1196476801-500 0 bytes
File C:\RRbackups\Documents and Settings\rhondag\Application Data\Microsoft\Protect\S-1-5-21-1272929676-1340377640-1196476801-500\8e0a74bf-c7db-4a8b-93b1-46f34270ba7c 388 bytes
File C:\RRbackups\Documents and Settings\rhondag\Application Data\Microsoft\Protect\S-1-5-21-1272929676-1340377640-1196476801-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\rhondag\Application Data\Microsoft\Protect\S-1-5-21-2017193482-4019031684-3957989790-1519 0 bytes
File C:\RRbackups\Documents and Settings\rhondag\Application Data\Microsoft\Protect\S-1-5-21-2017193482-4019031684-3957989790-1519\019bf163-1e05-4c0b-bf23-c1b6ef89ea61 664 bytes
File C:\RRbackups\Documents and Settings\rhondag\Application Data\Microsoft\Protect\S-1-5-21-2017193482-4019031684-3957989790-1519\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\rhondag\Application Data\Microsoft\Protect\S-1-5-21-3207265893-1155654073-3713458819-500 0 bytes
File C:\RRbackups\Documents and Settings\rhondag\Application Data\Microsoft\Protect\S-1-5-21-3207265893-1155654073-3713458819-500\160b61c9-2239-4328-ace8-1c3877b63a0b 388 bytes
File C:\RRbackups\Documents and Settings\rhondag\Application Data\Microsoft\Protect\S-1-5-21-3207265893-1155654073-3713458819-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\rhondag\Application Data\Microsoft\Protect\S-1-5-21-3595599034-140548454-3276399739-500 0 bytes
File C:\RRbackups\Documents and Settings\rhondag\Application Data\Microsoft\Protect\S-1-5-21-3595599034-140548454-3276399739-500\ee665973-380a-41df-bf9a-640ce0f7f55f 388 bytes
File C:\RRbackups\Documents and Settings\rhondag\Application Data\Microsoft\Protect\S-1-5-21-3595599034-140548454-3276399739-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\rhondag\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\rhondag\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\rhondag\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\rhondag\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\rhondag\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\FR 0 bytes
File C:\RRbackups\FR\KernelFileDigest.dat 17562 bytes
File C:\RRbackups\FR\UF 0 bytes
File C:\RRbackups\FR\UF\boot.ini 211 bytes
File C:\RRbackups\FR\UF\documents and settings 0 bytes
File C:\RRbackups\FR\UF\documents and settings\default user 0 bytes
File C:\RRbackups\FR\UF\documents and settings\default user\ntuser.dat 1048576 bytes
File C:\RRbackups\FR\UF\NTDETECT.COM 47564 bytes
File C:\RRbackups\FR\UF\NTLDR 250048 bytes
File C:\RRbackups\FR\UF\WINDOWS 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\explorer.exe 1033728 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\Fonts 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\Fonts\mangal.ttf 143864 bytes
File C:\RRbackups\FR\UF\WINDOWS\Fonts\marlett.ttf 24124 bytes
File C:\RRbackups\FR\UF\WINDOWS\Fonts\micross.ttf 461672 bytes
File C:\RRbackups\FR\UF\WINDOWS\Fonts\mvboli.ttf 40500 bytes
File C:\RRbackups\FR\UF\WINDOWS\Fonts\vgaoem.fon 5168 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\advapi32.dll 617472 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\advpack.dll 128512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\authz.dll 62464 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\autochk.exe 588800 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\basesrv.dll 52736 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\bootvid.dll 12288 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\browseui.dll 1025024 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\chkdsk.exe 11776 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\cmd.exe 389120 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\comctl32.dll 617472 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\comdlg32.dll 276992 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\config 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\default 1835008 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\SAM 36864 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\SECURITY 262144 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\software 61865984 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\system 7864320 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\userdiff 262144 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\crypt32.dll 599040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\cryptdll.dll 33280 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\cryptui.dll 512512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\cscdll.dll 101888 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\csrsrv.dll 33280 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\csrss.exe 6144 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\c_1252.nls 66082 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\c_936.nls 196642 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\dnsapi.dll 147968 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\doskey.exe 10752 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\dpcdll.dll 102912 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\acpi.sys 187776 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\acpiec.sys 11648 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\afd.sys 138496 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\amdk6.sys 37376 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\amdk7.sys 37760 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\arp1394.sys 60800 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\asyncmac.sys 14336 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atapi.sys 96512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atmarpc.sys 59904 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atmepvc.sys 31360 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atmlane.sys 55808 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atmuni.sys 352256 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\audstub.sys 3072 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\beep.sys 4224 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\bridge.sys 71552 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cbidf2k.sys 13952 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cdaudio.sys 18688 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cdfs.sys 63744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cdrom.sys 62976 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\classpnp.sys 49536 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cpqdap01.sys 11776 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\crusoe.sys 36736 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\disk.sys 36352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\diskdump.sys 14208 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dmboot.sys 799744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dmio.sys 153344 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dmload.sys 5888 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dxapi.sys 10496 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dxg.sys 71168 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dxgthk.sys 3328 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fastfat.sys 143744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fdc.sys 27392 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fips.sys 44544 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\flpydisk.sys 20480 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fltMgr.sys 129792 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fsvga.sys 12160 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fs_rec.sys 7936 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ftdisk.sys 125056 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\hidclass.sys 36864 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\hidparse.sys 24960 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\hidusb.sys 10368 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\http.sys 265728 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\i8042prt.sys 52480 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\imapi.sys 42112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\intelppm.sys 36352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ip6fw.sys 36608 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ipfltdrv.sys 32896 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ipinip.sys 20864 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ipnat.sys 152832 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ipsec.sys 75264 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\irenum.sys 11264 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\isapnp.sys 37248 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\kbdclass.sys 24576 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ks.sys 141056 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ksecdd.sys 92928 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mcd.sys 7680 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mnmdd.sys 4224 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\modem.sys 30080 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mouclass.sys 23040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mouhid.sys 12160 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mountmgr.sys 42368 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mrxdav.sys 180608 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mrxsmb.sys 455680 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\msfs.sys 19072 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\msgpc.sys 35072 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mssmbios.sys 15488 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mup.sys 105344 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndis.sys 182656 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndistapi.sys 10112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndisuio.sys 14592 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndiswan.sys 91520 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndproxy.sys 40576 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\netbios.sys 34688 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\netbt.sys 162816 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nikedrv.sys 12032 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nmnt.sys 40320 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\npfs.sys 30848 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ntfs.sys 574976 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\null.sys 2944 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnkflt.sys 12416 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnkfwd.sys 32512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnkipx.sys 88320 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnknb.sys 63232 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnkspx.sys 55936 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\oprghdlr.sys 3456 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\p3.sys 42752 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\parport.sys 80128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\partmgr.sys 19712 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\parvdm.sys 6784 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\pci.sys 68224 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\pciide.sys 3328 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\pciidex.sys 24960 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\processr.sys 35840 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\psched.sys 69120 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ptilink.sys 17792 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rasacd.sys 8832 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rasl2tp.sys 51328 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\raspppoe.sys 41472 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\raspptp.sys 48384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\raspti.sys 16512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rawwan.sys 34432 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rdbss.sys 175744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rdpcdd.sys 4224 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rdpdr.sys 196224 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rdpwd.sys 139656 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\redbook.sys 57600 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rio8drv.sys 12032 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\riodrv.sys 12032 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\RMCast.sys 203136 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rndismp.sys 30592 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rootmdm.sys 5888 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cinemst2.sys 262528 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\gm.dls 3440660 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mf.sys 63744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nic1394.sys 61824 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\pcmcia.sys 120192 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\scsiport.sys 96384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tdtcp.sys 21896 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sdbus.sys 80384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\secdrv.sys 20480 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\serenum.sys 15744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\serial.sys 64512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sffdisk.sys 11904 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sffp_sd.sys 11008 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sfloppy.sys 11392 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\smclib.sys 14592 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sonydcam.sys 25344 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sr.sys 73472 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\srv.sys 354304 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\stream.sys 49408 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\swenum.sys 4352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\syntp.sys 230832 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tape.sys 14976 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tcpip.sys 361600 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tcpip6.sys 226880 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tdi.sys 19072 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tdpipe.sys 12040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\termdd.sys 40840 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tosdvd.sys 51712 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tsbvcap.sys 21376 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tunmp.sys 12288 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\udfs.sys 66048 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\update.sys 384768 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usb8023.sys 12800 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbcamd.sys 25600 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbcamd2.sys 25728 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbd.sys 4736 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbehci.sys 30208 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbhub.sys 59520 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbintel.sys 15872 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbport.sys 144128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbstor.sys 26368 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbuhci.sys 20608 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\vdmindvd.sys 58112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\vga.sys 20992 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\videoprt.sys 81664 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\volsnap.sys 52352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\wanarp.sys 34560 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\wmilib.sys 4352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ws2ifsl.sys 12032 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\duser.dll 304128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\eventlog.dll 56320 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\faultrep.dll 80384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\feclient.dll 21504 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\filemgmt.dll 337920 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fldrclnr.dll 87552 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fltlib.dll 16896 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fmifs.dll 16384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fontext.dll 382976 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fontsub.dll 81920 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\framebuf.dll 9344 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fsusd.dll 81408 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fwcfg.dll 60416 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\gdi32.dll 286720 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\hal.dll 134400 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\imagehlp.dll 144384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\imm32.dll 110080 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\iphlpapi.dll 94720 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\kdcom.dll 7040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\kernel32.dll 989696 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\licdll.dll 423936 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\locale.nls 265948 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\logonui.exe 514560 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\lsasrv.dll 730112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\lsass.exe 13312 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\lz32.dll 2560 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\l_intl.nls 7046 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\mfc42.dll 1028096 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\mfc42u.dll 981760 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\mmc.exe 1414656 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\mobsync.dll 207360 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msasn1.dll 58880 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msgina.dll 997376 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msimg32.dll 4608 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msprivs.dll 48128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msv1_0.dll 136192 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msvcp60.dll 413696 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msvcrt.dll 343040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ncobjapi.dll 36352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\nddeapi.dll 17920 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\netapi32.dll 337408 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\netrap.dll 11776 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\notepad.exe 69120 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ntdll.dll 714752 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ntdsapi.dll 67072 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ntoskrnl.exe 2146304 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ntsdexts.dll 36864 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\odbc32.dll 249856 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\odbcint.dll 94208 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\oembios.dat 4547 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\oembios.sig 7208 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\ole32.dll 1287168 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\oleacc.dll 220160 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\oleaccrc.dll 20480 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\oleaut32.dll 551936 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\profmap.dll 27648 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\psapi.dll 23040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\regapi.dll 49664 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\rpcrt4.dll 585216 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\rpcss.dll 401408 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\rsaenh.dll 208384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\rundll32.exe 33280 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\samlib.dll 64000 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\samsrv.dll 415744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\scesrv.dll 314880 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\secupd.dat 4569 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\secupd.sig 7208 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\services.exe 110592 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\setupapi.dll 985088 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\sfc.dll 5120 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\sfc_os.dll 140288 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shdocvw.dll 1509888 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shell32.dll 8462336 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shfolder.dll 25088 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shgina.dll 68096 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shlwapi.dll 474112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shsvcs.dll 135168 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\smss.exe 50688 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\sortkey.nls 262148 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\sorttbls.nls 23044 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\svchost.exe 14336 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\sxs.dll 713216 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\umpnpmgr.dll 123392 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\unicode.nls 89588 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\usbmon.dll 16896 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ctype.nls 8386 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\ftsrch.dll 176128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\mpr.dll 59904 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\oembios.bin 13107200 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\secur32.dll 56832 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\usbui.dll 74240 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\user32.dll 578560 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\userenv.dll 727040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\userinit.exe 26112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\uxtheme.dll 218624 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\version.dll 18944 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\vga.dll 9344 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\vga.drv 2176 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\watchdog.sys 17664 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\win32k.sys 1851904 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\wininet.dll 916480 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winlogon.exe 507904 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winmm.dll 176128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winspool.drv 146432 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winspool.exe 2112 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\winsrv.dll 293376 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winsta.dll 53760 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winstrm.dll 18944 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\wintrust.dll 177664 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\wldap32.dll 172032 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ws2help.dll 19968 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ws2_32.dll 82432 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\wsock32.dll 22528 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.cat 7232 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.Manifest 1819 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.cat 7238 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.Manifest 1784 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.cat 7433 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest 1862 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.Manifest 494 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9.cat 7433 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9.Manifest 500 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.cat 7236 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.Manifest 391 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82.cat 7431 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82.Manifest 397 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.cat 10678 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.cat 10678 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.Manifest 1187 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.cat 7236 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.Manifest 640 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.cat 10680 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.Manifest 1237 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.cat 7238 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.Manifest 1883 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.2600.2180.cat 7431 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.2600.2180.Policy 605 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.cat 10680 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.Policy 625 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.cat 10678 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.Policy 641 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.cat 10678 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.Policy 641 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.cat 7429 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.Policy 621 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\7.0.2600.2180.cat 7433 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\7.0.2600.2180.Policy 623 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\atl.dll 74802 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42.dll 995383 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42u.dll 995384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\msvcp60.dll 401462 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll 921088 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 1050624 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcirt.dll 50688 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcirt.dll 54784 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll 343040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll 1700352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll 1712128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll 853504 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll 991232 bytes executable
File C:\RRbackups\FR\UpdatingFiles.dat 17 bytes
File C:\RRbackups\SIS 0 bytes
File C:\RRbackups\SIS\C 0 bytes
File C:\RRbackups\SIS\C\0 0 bytes
File C:\RRbackups\SIS\C\0\Data0 27241 bytes
File C:\RRbackups\SIS\C\0\HashFile 6 bytes
File C:\RRbackups\SIS\C\0\TOCFile 610 bytes

---- EOF - GMER 1.0.15 ----

OTL logfile created on: 8/30/2010 9:12:07 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\clintn.MONROE\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.30 Gb Total Space | 77.48 Gb Free Space | 54.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 61.34 Gb Total Space | 4.05 Gb Free Space | 6.60% Space Free | Partition Type: NTFS
Drive G: | 61.34 Gb Total Space | 4.05 Gb Free Space | 6.60% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 61.34 Gb Total Space | 4.05 Gb Free Space | 6.60% Space Free | Partition Type: NTFS
Drive P: | 191.22 Gb Total Space | 81.69 Gb Free Space | 42.72% Space Free | Partition Type: NTFS

Computer Name: CLINTN
Current User Name: ClintN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe File not found
PRC - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe File not found
PRC - C:\Documents and Settings\clintn.MONROE\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\TpKmpSvc.exe ()
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )
PRC - C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\WINDOWS\system32\DTS.exe ()
PRC - C:\WINDOWS\system32\AtService.exe (AuthenTec, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\TpShocks.exe (Lenovo.)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo.)
PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\Program Files\PaperWise Suite V6\TamManager.exe (PaperWise, Inc.)
PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe ()
PRC - f:\WINTAM\HOMEBASE.EXE (Applied Systems, Inc.)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Opera\opera.exe (Opera Software)
PRC - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (Lenovo)
PRC - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - F:\WINTAM\UTILMGR.EXE (Applied Systems, Inc.)
PRC - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\WINDOWS\system32\ntvdm.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\clintn.MONROE\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netui1.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netui0.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ntlanman.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netrap.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\drprov.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\davclnt.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)
MOD - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe ()
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (DozeSvc) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
SRV - (LENOVO.CAMMUTE) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (FingerprintServer) -- C:\WINDOWS\system32\FpLogonServ.exe (AuthenTec,Inc)
SRV - (dtsvc) -- C:\WINDOWS\system32\DTS.exe ()
SRV - (ADMonitor) -- C:\WINDOWS\system32\ADMonitor.exe ()
SRV - (ATService) -- C:\WINDOWS\system32\AtService.exe (AuthenTec, Inc.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo.)
SRV - (TPHDEXLGSVC) -- C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (TVT_UpdateMonitor) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (TSSCoreService) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (Lenovo)
SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (MSFtpsvc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (LkWebLink) -- C:\Documents and Settings\clintn.MONROE\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe (Inter-Tel (Delaware), Inc)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (Norton AntiVirus Server) -- c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100829.004\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100829.004\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- c:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (radpms) -- C:\WINDOWS\system32\drivers\radpms.sys (LogMeIn, Inc.)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (DozeHDD) -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys (Lenovo.)
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS ()
DRV - (CnxtHdAudService) -- C:\WINDOWS\system32\drivers\CHDAU32.sys (Conexant Systems Inc.)
DRV - (pwdrvio) -- C:\WINDOWS\system32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\WINDOWS\system32\pwdspio.sys ()
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (NETw5x32) Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (ATSwpWDF) -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.)
DRV - (Shockprf) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HECI) Intel® -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (gbridge) -- C:\WINDOWS\system32\drivers\gbridge.sys (Gbridge LLC)
DRV - (hipeer20) -- C:\WINDOWS\system32\drivers\remobo32.sys (Windows ® Codename Longhorn DDK provider)
DRV - (e1yexpress) Intel® -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (tvtfilter) -- C:\WINDOWS\system32\drivers\tvtfilter.sys (Lenovo)
DRV - (pmem) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (tvtumon) -- C:\WINDOWS\system32\drivers\tvtumon.sys (Lenovo)
DRV - (TPHKDRV) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys (Lenovo Group Limited)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (lenovo.smi) -- C:\WINDOWS\system32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (tpm) -- C:\WINDOWS\system32\drivers\tpm.sys (Intel Corporation)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (NAVAPEL) -- c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys (Symantec Corporation)
DRV - (NAVAP) -- c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys (Symantec Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tfins.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = https://*;webmvr.com;https://www.webmvr.com;http://remotedeposit.ctbonline.com;https://remotedeposit.ctbonline.com;https://amig.com;https://modernlink.amig.com;https://*.amig.com;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=tfserver:3128

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:6.7.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/02 13:25:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/02 13:25:09 | 000,000,000 | ---D | M]

[2009/12/18 16:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clintn.MONROE\Application Data\Mozilla\Extensions
[2009/12/18 16:41:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\clintn.MONROE\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/08/27 08:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clintn.MONROE\Application Data\Mozilla\Firefox\Profiles\489azkwm.default\extensions
[2010/08/04 16:00:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\clintn.MONROE\Application Data\Mozilla\Firefox\Profiles\489azkwm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/04 16:00:36 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\clintn.MONROE\Application Data\Mozilla\Firefox\Profiles\489azkwm.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2010/06/21 17:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clintn.MONROE\Application Data\Mozilla\Firefox\Profiles\489azkwm.default\extensions\LogMeInClient@logmein.com
[2010/03/17 09:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clintn.MONROE\Application Data\Mozilla\Firefox\Profiles\489azkwm.default\extensions\toolbar@ask.com
[2010/08/25 14:14:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/29 11:39:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/11 14:26:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/08/16 17:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2008/08/16 17:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2008/08/16 17:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2008/05/21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
[2008/05/21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
[2008/05/21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/17 08:58:49 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2008/08/16 17:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2008/08/16 17:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2010/07/07 16:21:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SolidConverter PDF) - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\ExploreExtPDF.dll (VoyagerSoft, LLC)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (SolidConverter PDF) - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\ExploreExtPDF.dll (VoyagerSoft, LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe File not found
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe ()
O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
O4 - HKLM..\Run: [B2BMC_STARTER] C:\Fipsco Life Portraits\AHL\B2BMC-Starter.exe File not found
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe File not found
O4 - HKLM..\Run: [EncMov32] File not found
O4 - HKLM..\Run: [EncMove] C:\Program Files\EncompassInsurance\Encompass Optimization Install\EncompassMove.exe File not found
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe ()
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe File not found
O4 - HKLM..\Run: [JobHisInit] C:\Program Files\RDS\RMClient\JobHisInit.exe File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [MplSetUp] C:\Program Files\RDS\RMClient\MplSetUp.exe File not found
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe File not found
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe File not found
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe File not found
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [Spiceworks] C:\Program Files\Spiceworks\bin\spicetray_silent.exe File not found
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\ccleaner.exe File not found
O4 - HKCU..\Run: [Gbridge] C:\Program Files\Gbridge LLC\Gbridge\pstartw.exe File not found
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe File not found
O4 - HKCU..\Run: [RIMDeviceManager] C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe File not found
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe File not found
O4 - HKCU..\Run: [SplitScreen] C:\Program Files\SplitView 2008\SplitScr.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to TamManager.lnk = C:\Program Files\PaperWise Suite V6\TamManager.exe (PaperWise, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 3600
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll (iOpus Software GmbH)
O9 - Extra 'Tools' menuitem : iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Value error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O15 - HKLM\..Trusted Domains: travelers.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: travelers.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: travelerspc.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: travelerspc.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: allstate.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: allstate.com ([ehg] * in Trusted sites)
O15 - HKCU\..Trusted Domains: allstate.com ([login] * in Trusted sites)
O15 - HKCU\..Trusted Domains: allstatehelp.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: Deerbrook.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: Deerbrook.com ([interlink] * in Trusted sites)
O15 - HKCU\..Trusted Domains: encompassinsurance.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: encompassinsurance.com ([billing] * in Trusted sites)
O15 - HKCU\..Trusted Domains: encompassinsurance.com ([forms] * in Trusted sites)
O15 - HKCU\..Trusted Domains: encompassinsurance.com ([iabi] * in Trusted sites)
O15 - HKCU\..Trusted Domains: encompassinsurance.com ([infoview] * in Trusted sites)
O15 - HKCU\..Trusted Domains: encompassinsurance.com ([interlink] * in Trusted sites)
O15 - HKCU\..Trusted Domains: encompassinsurance.com ([motorclub] * in Trusted sites)
O15 - HKCU\..Trusted Domains: encompassinsurance.com ([policy] * in Trusted sites)
O15 - HKCU\..Trusted Domains: gotoassist.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: interlinkhelp.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: travelers.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: travelers.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: travelerspc.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: travelerspc.com ([]https in Trusted sites)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://www.appliedsystems.com/media/aw7player/awswaxd.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://eagent.farmersinsurance.com/PLA/eAg...ctiveX/smsx.cab (MeadCo ScriptX)
O16 - DPF: {16A017B9-6CB4-47C7-8E81-6E9396FAC2B6} http://tfsecurity/NSIDVRCtrlX.ocx (IDVRCtrlX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} https://www.childrenview.net/rooms/smallwor...hecker_6110.cab (OCXDownloadChecker Control)
O16 - DPF: {297AEB8E-D78B-427A-BBC2-E6496017D290} https://allapp.ahlcorp.com/DataSync/Control/AHLDSync.cab (AHLDSync.ctlDataSync)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1227108294437 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C11F5ACE-2471-49CE-BA64-B3A66D12C846} https://tfserver.monroe.tfins.com/RSC/invit...px?getActiveX=1 (RMClientInstallerCtrl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA8484DE-52DB-4860-A986-61A8682E298A} https://www.childrenview.net/rooms/smallwor...hecker_6110.cab (LiveX_v7.0.2.0)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://vertaforemeetings.webex.com/client/...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {E5238271-D692-408F-A625-275DF49EE4E3} https://allapp.ahlcorp.com/InfoUpdate/Contr...LInfoUpdate.CAB (AHLInfoUpdate.Login)
O16 - DPF: {E6545011-41C1-41E8-A553-2457571D1BBC} http://localhost:25684/Sessionctl/control/SessionCtl.cab (TimeDlgBox Class)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://www.appliedsystems.com/apps/chat/ch...ads/XUpload.ocx (Persits Software XUpload)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MONROE.TFINS.COM
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (ATGinaHook.dll) - C:\WINDOWS\System32\ATGinaHook.dll (AuthenTec, Inc.)
O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - c:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\1440x900-Swoosh.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\1440x900-Swoosh.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 02:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/30 08:24:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\clintn.MONROE\Recent
[2010/08/27 14:35:18 | 000,000,000 | ---D | C] -- C:\Program Files\EncompassInsurance
[2010/08/27 13:08:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\clintn.MONROE\Desktop\OTL.exe
[2010/08/27 11:57:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\clintn.MONROE\Desktopboot.images
[2010/08/26 10:56:09 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxCoIn_v5248.dll
[2010/08/25 15:33:42 | 000,000,000 | ---D | C] -- C:\IVANS
[2010/08/25 15:33:19 | 000,000,000 | ---D | C] -- C:\TM.NET Setup
[2010/08/13 14:27:30 | 000,000,000 | ---D | C] -- C:\ScriptLogic
[2010/08/11 17:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\Ipswitch
[2010/08/11 17:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced IP Scanner
[2010/08/11 17:25:33 | 000,354,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/08/11 17:25:29 | 002,066,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/08/11 17:25:29 | 002,024,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/08/11 17:25:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/08/11 17:25:13 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/08/11 17:25:12 | 001,986,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/08/11 17:25:12 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/08/11 17:24:32 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/08/11 14:26:09 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/11 14:26:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/11 14:26:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/09 16:15:04 | 000,000,000 | ---D | C] -- C:\Program Files\JavaFX
[2010/08/09 16:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/07/06 13:41:17 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2009/12/03 18:30:46 | 000,570,128 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\DAO350.DLL
[2009/12/03 18:30:46 | 000,561,179 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\dao360.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/30 08:16:53 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/30 08:14:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/30 08:14:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/28 10:37:06 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/27 14:33:56 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\clintn.MONROE\pool.bin
[2010/08/27 13:07:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\clintn.MONROE\Desktop\OTL.exe
[2010/08/27 12:53:15 | 000,000,185 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2010/08/27 12:07:44 | 011,272,192 | ---- | M] () -- C:\Documents and Settings\clintn.MONROE\NTUSER.DAT
[2010/08/27 12:07:24 | 004,237,044 | -H-- | M] () -- C:\Documents and Settings\clintn.MONROE\Local Settings\Application Data\IconCache.db
[2010/08/27 11:39:55 | 000,000,683 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/27 11:39:55 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/27 11:39:55 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/27 10:53:09 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\clintn.MONROE\ntuser.ini
[2010/08/27 08:46:23 | 000,002,742 | RHS- | M] () -- C:\Documents and Settings\clintn.MONROE\ntuser.pol
[2010/08/25 15:09:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Print to PaperWise
[2010/08/24 11:37:43 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\clintn.MONROE\Desktop\kj5rfc9p.exe
[2010/08/24 08:35:01 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/13 15:57:15 | 002,330,112 | ---- | M] () -- C:\Documents and Settings\clintn.MONROE\Desktop\Xl0000002.xls
[2010/08/13 15:18:00 | 000,872,875 | ---- | M] () -- C:\Documents and Settings\clintn.MONROE\Desktop\TW - Incoming Review.xlsm
[2010/08/12 14:20:20 | 000,004,861 | ---- | M] () -- C:\Documents and Settings\clintn.MONROE\Desktop\Attach.zip
[2010/08/12 14:17:34 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\clintn.MONROE\Desktop\dds.scr
[2010/08/12 14:16:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\clintn.MONROE\defogger_reenable
[2010/08/12 14:16:25 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\clintn.MONROE\Desktop\Defogger.exe
[2010/08/12 11:22:39 | 000,001,726 | -H-- | M] () -- C:\Documents and Settings\clintn.MONROE\My Documents\Default.rdp
[2010/08/11 17:47:55 | 000,325,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/11 17:39:32 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\clintn.MONROE\Desktop\Advanced IP Scanner.lnk
[2010/08/11 17:33:49 | 000,518,934 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/11 17:33:49 | 000,454,166 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/11 17:33:49 | 000,075,422 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/11 16:44:42 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Internet Explorer\Quick Launch\Query.lnk
[2010/08/11 13:53:58 | 000,108,300 | ---- | M] () -- C:\Documents and Settings\clintn.MONROE\TRACE_BOOT+DRIVERS_1_1.BIN
[2010/08/09 14:27:00 | 000,001,392 | ---- | M] () -- C:\Documents and Settings\clintn.MONROE\BBScreenShooter.ini
[2010/08/09 10:46:17 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Internet Explorer\Quick Launch\The Agency Manager.lnk
[2010/08/09 09:57:05 | 000,000,197 | ---- | M] () -- C:\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Internet Explorer\Quick Launch\TimeClock Login.url
[2010/08/03 11:59:47 | 000,079,657 | ---- | M] () -- C:\Documents and Settings\clintn.MONROE\Desktop\Activity Report all dates.pdf
[2010/08/03 10:11:33 | 000,435,712 | ---- | M] () -- C:\Documents and Settings\clintn.MONROE\Desktop\30809263.XLS
[2010/08/02 21:12:43 | 000,234,069 | ---- | M] () -- C:\Documents and Settings\clintn.MONROE\Desktop\LETTER.DBF
[2010/08/02 21:12:37 | 000,458,539 | ---- | M] () -- C:\Documents and Settings\clintn.MONROE\Desktop\FLDS.DBF
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/27 11:39:54 | 000,001,765 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/08/27 11:39:54 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2010/08/27 11:39:54 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to TamManager.lnk
[2010/08/27 11:39:54 | 000,000,643 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2010/08/24 11:37:40 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\clintn.MONROE\Desktop\kj5rfc9p.exe
[2010/08/24 08:35:01 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/23 08:12:45 | 000,186,696 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/13 15:57:14 | 002,330,112 | ---- | C] () -- C:\Documents and Settings\clintn.MONROE\Desktop\Xl0000002.xls
[2010/08/13 15:18:47 | 000,872,875 | ---- | C] () -- C:\Documents and Settings\clintn.MONROE\Desktop\TW - Incoming Review.xlsm
[2010/08/12 14:21:22 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\clintn.MONROE\Desktop\gmer.exe
[2010/08/12 14:20:20 | 000,004,861 | ---- | C] () -- C:\Documents and Settings\clintn.MONROE\Desktop\Attach.zip
[2010/08/12 14:17:34 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\clintn.MONROE\Desktop\dds.scr
[2010/08/12 14:16:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\clintn.MONROE\defogger_reenable
[2010/08/12 14:16:25 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\clintn.MONROE\Desktop\Defogger.exe
[2010/08/11 17:39:32 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\clintn.MONROE\Desktop\Advanced IP Scanner.lnk
[2010/08/11 16:44:42 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Internet Explorer\Quick Launch\Query.lnk
[2010/08/11 13:53:57 | 000,108,300 | ---- | C] () -- C:\Documents and Settings\clintn.MONROE\TRACE_BOOT+DRIVERS_1_1.BIN
[2010/08/09 14:27:00 | 000,001,392 | ---- | C] () -- C:\Documents and Settings\clintn.MONROE\BBScreenShooter.ini
[2010/08/03 11:59:48 | 000,079,657 | ---- | C] () -- C:\Documents and Settings\clintn.MONROE\Desktop\Activity Report all dates.pdf
[2010/08/03 11:19:06 | 000,234,069 | ---- | C] () -- C:\Documents and Settings\clintn.MONROE\Desktop\LETTER.DBF
[2010/08/03 11:18:42 | 000,458,539 | ---- | C] () -- C:\Documents and Settings\clintn.MONROE\Desktop\FLDS.DBF
[2010/08/03 09:40:47 | 000,435,712 | ---- | C] () -- C:\Documents and Settings\clintn.MONROE\Desktop\30809263.XLS
[2010/07/07 12:55:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2010/07/01 15:58:33 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\clintn.MONROE\Local Settings\Application Data\fusioncache.dat
[2010/05/27 08:50:38 | 000,000,226 | ---- | C] () -- C:\WINDOWS\PMJobCli.ini
[2010/05/27 08:50:35 | 000,012,309 | ---- | C] () -- C:\WINDOWS\PMRicMb.ini
[2010/05/27 08:50:35 | 000,007,873 | ---- | C] () -- C:\WINDOWS\PMRicPMb.ini
[2010/05/27 08:50:35 | 000,005,390 | ---- | C] () -- C:\WINDOWS\PMPrtMb.ini
[2010/05/27 08:50:35 | 000,004,644 | ---- | C] () -- C:\WINDOWS\PMRicFMb.ini
[2010/05/27 08:50:35 | 000,003,149 | ---- | C] () -- C:\WINDOWS\PMDvPrn.ini
[2010/05/27 08:50:35 | 000,002,102 | ---- | C] () -- C:\WINDOWS\PMDvDev.ini
[2010/05/27 08:50:35 | 000,002,047 | ---- | C] () -- C:\WINDOWS\PMDIOMb.ini
[2010/05/27 08:50:35 | 000,002,036 | ---- | C] () -- C:\WINDOWS\PMHostMb.ini
[2010/05/27 08:50:35 | 000,001,885 | ---- | C] () -- C:\WINDOWS\PMPSIOMb.ini
[2010/05/27 08:50:35 | 000,001,727 | ---- | C] () -- C:\WINDOWS\PMRicSMb.ini
[2010/05/27 08:50:35 | 000,001,706 | ---- | C] () -- C:\WINDOWS\PMRicCMb.ini
[2010/05/27 08:50:35 | 000,001,494 | ---- | C] () -- C:\WINDOWS\PMMib2Mb.ini
[2010/05/27 08:50:35 | 000,001,168 | ---- | C] () -- C:\WINDOWS\PMDvFax.ini
[2010/05/27 08:50:35 | 000,001,143 | ---- | C] () -- C:\WINDOWS\PMDPIMb.ini
[2010/05/27 08:50:35 | 000,001,094 | ---- | C] () -- C:\WINDOWS\PMAxsMb.ini
[2010/05/27 08:50:35 | 000,000,842 | ---- | C] () -- C:\WINDOWS\PMDvScan.ini
[2010/05/27 08:50:35 | 000,000,423 | ---- | C] () -- C:\WINDOWS\PMDvCopy.ini
[2010/05/27 08:50:35 | 000,000,332 | ---- | C] () -- C:\WINDOWS\PMSnmpMb.ini
[2010/05/27 08:50:34 | 000,000,035 | ---- | C] () -- C:\WINDOWS\RidocPrn.ini
[2010/05/27 08:50:28 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\rtcpf.dll
[2010/05/27 08:50:27 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\rpnv2ui.dll
[2010/05/27 08:50:27 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RLPR.dll
[2010/05/27 08:50:22 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\PMObservps.dll
[2010/05/27 08:47:04 | 000,000,034 | ---- | C] () -- C:\WINDOWS\NIBSetup.ini
[2010/05/04 09:47:11 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2010/05/04 09:47:11 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2010/04/29 15:40:41 | 000,057,016 | ---- | C] () -- C:\WINDOWS\System32\imsys.dll
[2010/04/29 15:40:40 | 000,343,224 | ---- | C] () -- C:\WINDOWS\System32\iimds.dll
[2010/04/29 15:40:40 | 000,233,144 | ---- | C] () -- C:\WINDOWS\System32\IMImage.dll
[2010/04/29 15:40:40 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\iimir.dll
[2010/04/29 13:54:22 | 000,000,327 | ---- | C] () -- C:\WINDOWS\Gbridge.INI
[2010/03/26 13:51:12 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2010/03/26 13:51:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2010/03/24 15:54:17 | 000,327,168 | ---- | C] () -- C:\WINDOWS\System32\cutil32.dll
[2010/03/23 08:48:06 | 000,000,185 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2010/02/25 09:54:51 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2010/02/25 09:54:50 | 000,009,391 | ---- | C] () -- C:\WINDOWS\System32\dymourl.ini
[2010/02/25 09:54:50 | 000,000,056 | ---- | C] () -- C:\WINDOWS\Addrfixr.ini
[2010/02/25 09:53:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL
[2010/02/09 09:47:34 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\AppulatePort.dll
[2010/01/26 16:24:59 | 000,004,585 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2010/01/26 16:21:12 | 000,000,033 | ---- | C] () -- C:\WINDOWS\BiMonitor.ini
[2010/01/26 16:20:49 | 000,028,787 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/12/14 10:38:06 | 000,000,300 | ---- | C] () -- C:\WINDOWS\3DHOME.INI
[2009/11/30 12:27:02 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/11/30 12:27:02 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2009/11/12 17:49:26 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\TX32.DLL
[2009/11/12 17:49:24 | 000,000,478 | ---- | C] () -- C:\WINDOWS\System32\IC32.INI
[2009/10/21 11:26:33 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\LiveClient_7000.dll
[2009/10/21 11:26:33 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\GvCrypto.dll
[2009/09/29 11:18:07 | 000,000,117 | ---- | C] () -- C:\WINDOWS\System32\csrss_tc.ini
[2009/09/29 11:17:52 | 000,000,329 | -H-- | C] () -- C:\Documents and Settings\clintn.MONROE\Application Data\pctlb32
[2009/09/16 09:40:46 | 000,000,437 | ---- | C] () -- C:\Documents and Settings\clintn.MONROE\Application Data\PrimoPDFSet.xml
[2009/09/16 09:40:44 | 000,000,222 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\PrimoPDFSet.xml
[2009/09/16 09:38:58 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/09/16 09:30:49 | 000,000,139 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI
[2009/09/16 09:18:33 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/08/27 09:47:40 | 000,000,231 | ---- | C] () -- C:\WINDOWS\Awshkwv.ini
[2009/08/25 17:26:06 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/08/25 17:26:06 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/09 07:26:25 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\ASLotus.dll
[2009/07/09 07:21:05 | 000,000,099 | ---- | C] () -- C:\WINDOWS\bi_group.ini
[2009/05/14 15:29:30 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2008/12/12 10:28:51 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2008/12/12 10:28:50 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ASAPI.dll
[2008/11/24 11:17:21 | 000,000,436 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2008/11/24 11:16:09 | 000,049,002 | ---- | C] () -- C:\WINDOWS\RicDB.ini
[2008/11/06 19:26:16 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/11/06 08:55:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/10 12:00:54 | 000,350,720 | ---- | C] () -- C:\WINDOWS\ReadReg.dll
[2008/08/21 12:32:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/08/21 12:16:40 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2008/08/21 12:15:49 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2008/08/21 12:12:32 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/08/21 12:10:13 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/08/21 12:10:13 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/08/21 12:10:13 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/08/21 12:10:13 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/08/21 12:10:13 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/08/21 12:10:13 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/08/21 12:01:22 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll
[2008/08/21 11:58:26 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2008/08/21 11:55:58 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2008/03/28 07:51:36 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2006/04/30 02:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 02:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/16 14:53:04 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\rf2vbax.dll
[2005/02/17 14:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 14:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003/05/21 00:19:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2001/11/14 15:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/09/28 15:44:58 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll
[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/06/14 13:35:23 | 000,001,024 | ---- | M] () -- C:\.rnd
[2006/04/30 02:13:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/29 11:33:53 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/27 11:39:55 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/07/07 16:27:46 | 000,041,877 | ---- | M] () -- C:\ComboFix.txt
[2006/04/30 02:13:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/02/05 10:44:21 | 000,002,212 | ---- | M] () -- C:\dynamic.csv
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2009/10/30 11:10:21 | 000,017,490 | ---- | M] () -- C:\install.log
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2006/04/30 02:13:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/23 04:16:53 | 000,113,958 | ---- | M] () -- C:\Log.txt
[2010/06/01 16:45:21 | 000,000,485 | ---- | M] () -- C:\logfile
[2009/12/04 15:06:11 | 004,938,902 | ---- | M] () -- C:\logger.txt
[2006/04/30 02:13:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/11/19 10:07:08 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2010/08/30 08:14:48 | 2036,281,344 | -HS- | M] () -- C:\pagefile.sys
[2010/04/29 16:23:09 | 000,003,047 | ---- | M] () -- C:\pcwdbg.log
[2010/06/28 07:51:59 | 000,236,514 | ---- | M] () -- C:\PE-Files.txt
[2010/08/25 17:48:41 | 000,010,194 | ---- | M] () -- C:\ra_master.log
[2009/12/10 12:00:27 | 000,051,119 | ---- | M] () -- C:\ra_slave.log
[2008/08/21 11:58:37 | 000,000,086 | ---- | M] () -- C:\setup.log
[2010/08/30 08:15:15 | 001,667,212 | ---- | M] () -- C:\sysiclog.txt
[2010/02/01 09:37:21 | 028,525,794 | ---- | M] () -- C:\sysiclog.txt.bak
[2008/08/21 11:37:02 | 000,000,083 | ---- | M] () -- C:\syslevel.lgl
[2009/10/30 11:10:17 | 000,000,452 | ---- | M] () -- C:\uninstall.log
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2010/06/29 12:57:51 | 000,000,137 | ---- | M] () -- C:\VundoFix.txt
[2010/06/28 07:07:11 | 000,236,514 | ---- | M] () -- C:\Win-Files.txt
[2010/08/11 14:27:25 | 000,023,045 | -H-- | M] () -- C:\_NavCClt.Log

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/07/07 16:34:14 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2004/03/16 20:01:32 | 000,015,016 | ---- | M] (Black Ice Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\BiCProNT.dll
[2004/03/16 20:03:56 | 000,015,016 | ---- | M] (Black Ice Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\BiMProNT.dll
[2008/01/02 09:53:34 | 000,025,928 | ---- | M] (Black Ice Software, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\BuMProNT.dll
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/06/20 13:24:58 | 000,066,048 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xy.DLL
[2010/06/09 08:51:36 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
[2007/02/14 02:10:50 | 000,022,016 | ---- | M] (RICOH COMPANY, LTD.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\RC00C1B0.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/04/29 19:03:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/04/29 19:03:02 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/04/29 19:03:02 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/11/19 10:10:28 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-23 18:58:12

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\TpKmpSvc.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\clintn.MONROE\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf:SummaryInformation
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:351B5DA2
< End of report >
OTL Extras logfile created on: 8/30/2010 9:12:07 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\clintn.MONROE\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.30 Gb Total Space | 77.48 Gb Free Space | 54.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 61.34 Gb Total Space | 4.05 Gb Free Space | 6.60% Space Free | Partition Type: NTFS
Drive G: | 61.34 Gb Total Space | 4.05 Gb Free Space | 6.60% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 61.34 Gb Total Space | 4.05 Gb Free Space | 6.60% Space Free | Partition Type: NTFS
Drive P: | 191.22 Gb Total Space | 81.69 Gb Free Space | 42.72% Space Free | Partition Type: NTFS

Computer Name: CLINTN
Current User Name: ClintN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"110:TCP" = 110:TCP:*:Enabled:incoming
"25:TCP" = 25:TCP:*:Enabled:outgoing
"99:TCP" = 99:TCP:*:Enabled:SL
"4873:TCP" = 4873:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Documents and Settings\michelles\Local Settings\Temp\Master.exe" = C:\Documents and Settings\michelles\Local Settings\Temp\Master.exe:*:Enabled:Master -- File not found
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Remote-Anything\Master.exe" = C:\Program Files\Remote-Anything\Master.exe:*:Enabled:Master -- (TWD Industries SAS)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Fipsco Life Portraits\AHL\AHLWebServer.exe" = C:\Fipsco Life Portraits\AHL\AHLWebServer.exe:*:Enabled:AHLWebServer -- File not found
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\ITEL Inc\ipView\System\ipView.exe" = C:\Program Files\ITEL Inc\ipView\System\ipView.exe:*:Enabled:Soft Wallboard -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"\\tfserver\data\WINTAM\TAMMSG.EXE" = \\tfserver\data\WINTAM\TAMMSG.EXE:*:Enabled:TAMMSG
"\\tfserver\data\WINTAM\HOMEBASE.EXE" = \\tfserver\data\WINTAM\HOMEBASE.EXE:*:Enabled:The Agency Manager Home Base
"C:\Program Files\Spiceworks\httpd\bin\spiceworks-httpd.exe" = C:\Program Files\Spiceworks\httpd\bin\spiceworks-httpd.exe:*:Enabled:Spiceworks Desktop Webserver by Apache -- (Apache Software Foundation)
"C:\Program Files\Spiceworks\bin\spiceworks-finder.exe" = C:\Program Files\Spiceworks\bin\spiceworks-finder.exe:*:Enabled:spiceworks-finder -- ()
"C:\Program Files\Spiceworks\bin\spiceworks.exe" = C:\Program Files\Spiceworks\bin\spiceworks.exe:*:Enabled:spiceworks -- ()
"C:\Program Files\Gbridge LLC\Gbridge\Gbridge.exe" = C:\Program Files\Gbridge LLC\Gbridge\Gbridge.exe:*:Enabled:GBridge -- File not found
"C:\Program Files\Gbridge LLC\Gbridge\gbwinvnc.exe" = C:\Program Files\Gbridge LLC\Gbridge\gbwinvnc.exe:*:Enabled:Gbwinvnc -- File not found
"C:\Program Files\Gbridge LLC\Gbridge\gbvncviewer.exe" = C:\Program Files\Gbridge LLC\Gbridge\gbvncviewer.exe:*:Enabled:Gbvncviewer -- File not found
"C:\Program Files\Remobo\Remobo.exe" = C:\Program Files\Remobo\Remobo.exe:*:Enabled:Remobo -- File not found
"C:\Program Files\Remobo\plugins\remobotorrent\remobo_client.exe" = C:\Program Files\Remobo\plugins\remobotorrent\remobo_client.exe:*:Enabled:remobo_client -- File not found
"C:\Program Files\Remobo\plugins\remobotorrent\remobo_tracker.exe" = C:\Program Files\Remobo\plugins\remobotorrent\remobo_tracker.exe:*:Enabled:remobo_tracker -- File not found
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Skype\Phone\Skype .exe" = C:\Program Files\Skype\Phone\Skype .exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Steam\steamapps\common\overlord ii\Overlord2.exe" = C:\Program Files\Steam\steamapps\common\overlord ii\Overlord2.exe:*:Enabled:Overlord II -- ()
"C:\Program Files\Steam\steamapps\common\overlord ii\Config.exe" = C:\Program Files\Steam\steamapps\common\overlord ii\Config.exe:*:Enabled:Overlord II -- ()
"C:\Program Files\Steam\steamapps\common\dragon age origins\bin_ship\DAOrigins.exe" = C:\Program Files\Steam\steamapps\common\dragon age origins\bin_ship\DAOrigins.exe:*:Enabled:Dragon Age: Origins -- (BioWare)
"C:\Program Files\Steam\steamapps\common\dragon age origins\DAOriginsLauncher.exe" = C:\Program Files\Steam\steamapps\common\dragon age origins\DAOriginsLauncher.exe:*:Enabled:Dragon Age: Origins -- (BioWare)
"C:\Program Files\Steam\steamapps\common\dragon age origins\docs\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Program Files\Steam\steamapps\common\dragon age origins\docs\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Dragon Age: Origins -- ()
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spiceworks\httpd\bin\spiceworks-httpd.exe" = C:\Program Files\Spiceworks\httpd\bin\spiceworks-httpd.exe:*:Enabled:Spiceworks Desktop Webserver by Apache -- (Apache Software Foundation)
"C:\Program Files\Spiceworks\bin\spiceworks-finder.exe" = C:\Program Files\Spiceworks\bin\spiceworks-finder.exe:*:Enabled:spiceworks-finder -- ()
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{047815FB-4E38-42D5-95CB-8A131DDD8668}" = Microsoft Windows Theme Nunavut
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04f6ffea-6702-11dc-8314-0800200c9a66}" = Inter-Tel Collaboration Client 2.0
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0CB3C535-1171-4A20-B549-E2CB5DEB9723}" = MySQL Connector/ODBC 3.51
"{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1219497F-FA96-4D8E-9571-9C27A2A66B38}" = Opera 9.51
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"{1448F57C-23C6-4E84-9A5C-DAE7CE09A740}" = Encompass Optimization Install
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{24A1A4CD-D469-4B99-B64D-A05EB27AA2EF}" = PaperWise Enterprise Client
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 21
"{27D0C7AB-59F1-4D4D-A0BB-05A31AC919EA}" = Windows XP Winter Fun Pack Screensavers
"{287CDCFB-36A4-44A4-9B49-26A95C85B4AD}" = Transfer Manager.NET
"{2EB44B16-05EF-42FD-9300-A85CDEF60864}" = Free Word Excel Password Wizard
"{2FAAD1C5-2D9D-4EDB-BCD1-FF6573986439}" = Mobile Broadband Connect
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32110BFE-FF6A-40C4-8B62-018FE66E2A62}" = ConneXion-ClassLibrary
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{32A3A4F4-B792-11D6-A78A-00B0D0160200}" = Java™ SE Development Kit 6 Update 20
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}" = Citrix XenApp Plugin for Hosted Apps
"{3D591B75-B674-4074-972E-779646153F58}" = Ipswitch WhatsUp Gold Engineer's Toolkit v1.0
"{3D8994A3-02A8-45B5-B955-53E608BC69ED}" = Lenovo Fingerprint Software
"{3F963A06-7C18-4039-9789-9644B3266AE7}" = Verizon Wireless BroadbandAccess Self Activation
"{40F5753A-F27A-4840-B339-87502A62A66A}" = InstallationKit
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5aa47dba-b584-4d47-a626-76e53f010300}" = JavaFX™ 1.3 SDK
"{61761600-2799-4CBC-B7AF-881C3B527FBD}" = BlackBerry JDE 6.0.0
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{657D16DF-BAE3-4481-8BFE-D3E6A85434A0}" = ScanSoft PaperPort 10
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{71B90506-005A-4F6C-AAAC-AC8F9CEC1F86}" = Business Series Terminals Desktop Assistant v 1.4
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78E83B4F-7230-4F0B-B1AD-8DDF05473D6F}" = Intel® PROSet/Wireless WiFi Software
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKSTD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKSTD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKSTD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKSTD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKSTD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00E0-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{90120000-00E0-0000-0000-0000000FF1CE}_OUTLOOKSTD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00E0-0000-0000-0000000FF1CE}_OUTLOOKSTD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKSTD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9757283E-3FCA-4F3D-9257-928859318E55}" = Microsoft Windows Theme Ontario
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A6A8F17-6E83-48EC-B35F-5D8968411AA8}" = fax@vantage
"{9BC76CCE-A9EC-4A3A-9B51-D823805E1D1F}" = SolidConverterPDF
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{9F0DAC9E-2E4A-48F6-A85E-6886FE964089}" = MySQL Server 4.1
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A638EC76-65C3-4F82-BA68-D105DDA393E7}" = FileOpen Plug-in for Adobe Acrobat® and Acrobat Reader®
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.3
"{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6CEAC47-E909-4AC2-A077-0EFCFECBD6D5}" = DameWare Mini Remote Control
"{B7DEBEE7-0EE8-46F7-B7E8-E8EEA983037F}" = fax@vantage Print Driver Installation
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C138D676-4F0F-4FDE-8BE5-26CFD3566DCD}" = DeskTopBinder - SmartDeviceMonitor for Client
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D8A9F957-23C6-4198-885A-A3FE2CB72467}" = Appulate Uplink
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E8964572-1F5B-4D32-80BA-F2D81E592A8D}" = SmartDeviceMonitor for Admin
"{EA98753C-CB1C-4216-AC09-7EC3D3F62BAF}" = DameWare NT Utilities
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{FD118ADC-A682-407C-9EC9-7FEB1AA55C63}" = Reporting for Contact Center
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0481B164C8D1D26C560D6A5E717C5920D4362D60" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (01/14/2010 8.6.0.13)
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced IP Scanner v1.5" = Advanced IP Scanner v1.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Amazing Windows XP Screen Saver_is1" = Amazing Windows XP Screen Saver 1.2
"AnarkClient" = Anark Client 1.0
"AutoItv3" = AutoIt v3.3.6.1
"BlackBerry_{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"CCleaner" = CCleaner (remove only)
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Foxit Creator" = Foxit Creator
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"GoToAssist" = GoToAssist Corporate
"HDMI" = Intel® Graphics Media Accelerator Driver
"HECI" = Intel® Management Engine Interface
"Holiday Snowflakes Screen Saver_is1" = Holiday Snowflakes Screen Saver 1.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IIM5_is1" = iMacros V6.80
"InstallShield_{71B90506-005A-4F6C-AAAC-AC8F9CEC1F86}" = Nortel Networks Desktop Assistant v 1.4
"InstallShield_{FD118ADC-A682-407C-9EC9-7FEB1AA55C63}" = Reporting for Contact Center
"Intelore - Word Password Recovery" = Word Password Recovery v1.0M (remove only)
"IrfanView" = IrfanView (remove only)
"ITPM" = Intel® Trusted Platform Module
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnScreenDisplay" = On Screen Display
"OUTLOOKSTD" = Microsoft Office Outlook 2007
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel® Network Connections Drivers
"Recuva" = Recuva
"Spiceworks" = Spiceworks
"Steam App 12810" = Overlord II
"Steam App 17450" = Dragon Age: Origins
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"TeamViewer 5" = TeamViewer 5
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TUGZip_is1" = TUGZip 3.5
"UBCD4Win_is1" = UBCD4Win 3.50
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f2e99d9a857b362b" = Encompass Insurance
"GoToMeeting" = GoToMeeting 4.5.0.457
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/30/2010 9:25:31 AM | Computer Name = CLINTN | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Trojan.Gen in File: C:\Program Files\Lenovo\Client
Security Solution\cssauth.exe by: Defwatch scan. Action: Leave Alone succeeded
:

Error - 8/30/2010 9:25:33 AM | Computer Name = CLINTN | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Trojan.Gen in File: C:\Program Files\Common
Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe by: Defwatch scan. Action:
Leave Alone succeeded :

Error - 8/30/2010 9:25:34 AM | Computer Name = CLINTN | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Trojan.Gen in File: C:\Program Files\EncompassInsurance\Encompass
Optimization Install\EncompassMove.exe by: Defwatch scan. Action: Leave Alone
succeeded :

Error - 8/30/2010 9:25:35 AM | Computer Name = CLINTN | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Trojan.Gen in File: C:\Program Files\Common
Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe by: Defwatch scan. Action:
Leave Alone succeeded :

Error - 8/30/2010 9:25:36 AM | Computer Name = CLINTN | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Trojan.Gen in File: C:\Program Files\Common
Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe by: Defwatch scan.
Action: Leave Alone succeeded :

Error - 8/30/2010 9:25:36 AM | Computer Name = CLINTN | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Trojan.Gen in File: C:\Program Files\Common
Files\Installshield\UpdateService\ISUSPM.exe by: Defwatch scan. Action: Leave
Alone succeeded :

Error - 8/30/2010 9:25:37 AM | Computer Name = CLINTN | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Trojan.Gen in File: C:\Program Files\CCleaner\ccleaner.exe
by: Defwatch scan. Action: Leave Alone succeeded :

Error - 8/30/2010 9:25:37 AM | Computer Name = CLINTN | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Bloodhound.MalPE in File: C:\System Volume
Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP26\A0004743.dll by:
Defwatch scan. Action: Leave Alone succeeded :

Error - 8/30/2010 9:25:38 AM | Computer Name = CLINTN | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Bloodhound.MalPE in File: C:\System Volume
Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP26\A0004744.dll by:
Defwatch scan. Action: Leave Alone succeeded :

Error - 8/30/2010 9:25:39 AM | Computer Name = CLINTN | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Bloodhound.MalPE in File: C:\System Volume
Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP26\A0004745.com by:
Defwatch scan. Action: Leave Alone succeeded :

[ Lenovo-Message Center Plus/Admin Events ]
Error - 8/28/2010 12:41:51 AM | Computer Name = CLINTN | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = Relevancy program timed out for message 'MCPToLTT_ROW': LTTCheck.exe

Error - 8/28/2010 4:42:22 AM | Computer Name = CLINTN | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = Relevancy program timed out for message 'MCPToLTT2': LTTCheck.exe

Error - 8/28/2010 4:45:42 AM | Computer Name = CLINTN | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = Relevancy program timed out for message 'MCPToLTT_ROW': LTTCheck.exe

Error - 8/28/2010 9:00:34 AM | Computer Name = CLINTN | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = Relevancy program timed out for message 'MCPToLTT2': LTTCheck.exe

Error - 8/28/2010 9:04:00 AM | Computer Name = CLINTN | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = Relevancy program timed out for message 'MCPToLTT_ROW': LTTCheck.exe

Error - 8/28/2010 12:49:17 PM | Computer Name = CLINTN | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = Relevancy program timed out for message 'MCPToLTT2': LTTCheck.exe

Error - 8/28/2010 12:52:56 PM | Computer Name = CLINTN | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = Relevancy program timed out for message 'MCPToLTT_ROW': LTTCheck.exe

Error - 8/28/2010 4:53:55 PM | Computer Name = CLINTN | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = Relevancy program timed out for message 'MCPToLTT2': LTTCheck.exe

Error - 8/28/2010 4:57:36 PM | Computer Name = CLINTN | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = Relevancy program timed out for message 'MCPToLTT_ROW': LTTCheck.exe

Error - 8/28/2010 8:51:49 PM | Computer Name = CLINTN | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = Relevancy program timed out for message 'MCPToLTT2': LTTCheck.exe

[ System Events ]
Error - 8/30/2010 9:00:01 AM | Computer Name = CLINTN | Source = Schedule | ID = 7901
Description = The At153.job command failed to start due to the following error:
%%2147943850

Error - 8/30/2010 9:00:01 AM | Computer Name = CLINTN | Source = Schedule | ID = 7901
Description = The At177.job command failed to start due to the following error:
%%2147943850

Error - 8/30/2010 9:00:01 AM | Computer Name = CLINTN | Source = Schedule | ID = 7901
Description = The At33.job command failed to start due to the following error: %%2147943850

Error - 8/30/2010 9:00:02 AM | Computer Name = CLINTN | Source = Schedule | ID = 7901
Description = The At57.job command failed to start due to the following error: %%2147943850

Error - 8/30/2010 9:00:02 AM | Computer Name = CLINTN | Source = Schedule | ID = 7901
Description = The At81.job command failed to start due to the following error: %%2147943850

Error - 8/30/2010 9:00:02 AM | Computer Name = CLINTN | Source = Schedule | ID = 7901
Description = The At9.job command failed to start due to the following error: %%2147943850

Error - 8/30/2010 9:03:24 AM | Computer Name = CLINTN | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}.
The
error: "%1450" Happened while starting this command: "C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe"
-Embedding

Error - 8/30/2010 9:15:12 AM | Computer Name = CLINTN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Upnp Server 9 service
to connect.

Error - 8/30/2010 9:15:12 AM | Computer Name = CLINTN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the LiveShare P2P Server
9 service to connect.

Error - 8/30/2010 9:15:12 AM | Computer Name = CLINTN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.


< End of report >

#7 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:11:29 AM

Posted 30 August 2010 - 10:26 AM

Hi there,

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#8 cjn007

cjn007
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Louisiana
  • Local time:11:29 AM

Posted 30 August 2010 - 11:06 AM

QUOTE(mpascal @ Aug 30 2010, 10:26 AM) View Post
Hi there,

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.


I have Symantec Corporate edition on my computer and it wouldn't let me disable realtime protection because of our group policy. Combofix was still able to run though.

Here is the log:
ComboFix 10-08-29.04 - ClintN 08/30/2010 10:49:23.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1942.869 [GMT -5:00]
Running from: c:\documents and settings\clintn.MONROE\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\clintn.MONROE\g2mdlhlpx.exe
C:\Install.exe
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
c:\program files\CCleaner\ccleaner.exe
c:\program files\Common Files\Installshield\UpdateService\ISUSPM.exe
c:\program files\Common Files\Java\Java Update\jusched.exe
c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
c:\program files\EncompassInsurance\Encompass Optimization Install\EncompassMove.exe
c:\program files\Lenovo Fingerprint Software\fpapp.exe
c:\program files\Lenovo\Client Security Solution\cssauth.exe
c:\program files\ScanSoft\PaperPort\IndexSearch.exe
c:\program files\ScanSoft\PaperPort\pptd40nt.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\Spiceworks\bin\spicetray_silent.exe
c:\windows\system32\ACE.dll

CODE
<pre>
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe ---^> c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
c:\program files\CCleaner\ccleaner .exe ---^> c:\program files\CCleaner\ccleaner.exe
c:\program files\Common Files\Installshield\UpdateService\ISUSPM .exe ---^> c:\program files\Common Files\Installshield\UpdateService\ISUSPM.exe
c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager .exe ---^> c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate .exe ---^> c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
c:\program files\Lenovo\Client Security Solution\cssauth .exe ---^> c:\program files\Lenovo\Client Security Solution\cssauth.exe
c:\program files\ScanSoft\PaperPort\IndexSearch .exe ---^> c:\program files\ScanSoft\PaperPort\IndexSearch.exe
c:\program files\ScanSoft\PaperPort\pptd40nt .exe ---^> c:\program files\ScanSoft\PaperPort\pptd40nt.exe
c:\program files\Skype\Phone\Skype .exe ---^> c:\program files\Skype\Phone\Skype.exe
c:\program files\Spiceworks\bin\spicetray_silent .exe ---^> c:\program files\Spiceworks\bin\spicetray_silent.exe
</pre>

.
.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))))
.

2010-08-30 15:59 . 2010-08-30 15:59 256 ----a-w- c:\temp\pool.bin
2010-08-30 15:58 . 2010-08-30 15:58 -------- d-----w- c:\temp\WPDNSE
2010-08-30 15:58 . 2010-08-30 15:58 -------- d-----w- c:\temp\Desktop Authority
2010-08-30 14:35 . 2010-08-30 14:40 102135128 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\Extractor.exe
2010-08-30 13:43 . 2010-08-30 13:43 -------- d-----w- c:\temp\PwOfficeTemp
2010-08-30 13:43 . 2010-08-30 15:24 -------- d-----w- c:\temp\amd64
2010-08-30 13:41 . 2010-08-30 15:41 -------- d-----w- c:\temp\VPMECTMP
2010-08-27 19:35 . 2010-08-27 19:35 8754 ----a-r- c:\documents and settings\clintn.MONROE\Application Data\Microsoft\Installer\{1448F57C-23C6-4E84-9A5C-DAE7CE09A740}\_6FEFF9B68218417F98F549.exe
2010-08-27 19:35 . 2010-08-27 19:35 -------- d-----w- c:\program files\EncompassInsurance
2010-08-27 16:57 . 2010-08-27 16:57 -------- d-----w- c:\documents and settings\clintn.MONROE\Desktopboot.images
2010-08-26 15:56 . 2010-03-26 10:31 81920 ------w- c:\windows\system32\igfxCoIn_v5248.dll
2010-08-25 20:33 . 2010-08-25 20:33 -------- d-----w- C:\IVANS
2010-08-25 20:33 . 2010-08-25 20:33 -------- d-----w- C:\TM.NET Setup
2010-08-23 13:12 . 2010-08-30 15:56 186696 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-15 08:04 . 2010-08-15 18:22 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2010-08-13 19:27 . 2010-08-13 19:27 -------- d-----w- C:\ScriptLogic
2010-08-11 22:45 . 2010-08-11 22:45 -------- d-----w- c:\program files\Ipswitch
2010-08-11 22:39 . 2010-08-11 22:39 -------- d-----w- c:\program files\Advanced IP Scanner
2010-08-11 22:25 . 2010-06-21 15:27 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-08-11 22:25 . 2010-04-27 13:05 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-08-11 22:25 . 2010-04-27 13:05 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-08-11 22:25 . 2010-06-24 12:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-08-11 22:25 . 2010-06-24 12:21 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-08-11 22:25 . 2010-06-24 12:21 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-08-11 22:25 . 2010-06-24 12:21 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-08-11 22:25 . 2010-06-24 12:21 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-08-11 22:25 . 2010-06-24 12:21 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-11 22:24 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-08-11 18:53 . 2010-08-11 18:53 108300 ----a-w- c:\documents and settings\clintn.MONROE\TRACE_BOOT+DRIVERS_1_1.BIN
2010-08-09 21:15 . 2010-08-09 21:15 -------- d-----w- c:\program files\JavaFX
2010-08-09 21:14 . 2010-08-09 21:14 -------- d-----w- c:\program files\Sun
2010-08-04 02:38 . 2010-08-04 02:38 1821192 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\vcredist_x86.exe
2010-08-04 02:38 . 2010-08-04 02:38 400728 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\BBDesktopInstaller.exe
2010-08-04 02:38 . 2010-08-04 02:38 2959376 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\dotnetfx35setup.exe
2010-08-04 02:38 . 2010-08-04 02:38 128472 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\Helper.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 16:00 . 2010-05-28 15:14 -------- d-----w- c:\documents and settings\clintn.MONROE\Application Data\Skype
2010-08-30 15:59 . 2010-07-06 16:07 72512 ----a-w- c:\documents and settings\clintn.MONROE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-30 15:58 . 2009-09-29 13:09 -------- d-----w- c:\program files\CCleaner
2010-08-30 15:57 . 2008-11-06 13:38 -------- d-----w- c:\program files\Symantec
2010-08-30 15:54 . 2008-08-21 17:05 -------- d-----w- c:\program files\Lenovo Fingerprint Software
2010-08-30 15:26 . 2008-11-06 13:38 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-30 15:26 . 2010-07-07 17:52 83208 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-08-30 15:26 . 2010-07-07 17:52 73496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-08-30 15:24 . 2008-08-21 17:08 -------- d-----w- c:\program files\Common Files\Lenovo
2010-08-30 14:54 . 2010-01-25 14:43 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-08-30 14:52 . 2008-08-21 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-08-30 14:52 . 2008-08-21 17:10 -------- d-----w- c:\program files\Roxio
2010-08-30 14:52 . 2008-08-21 17:10 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-08-30 14:52 . 2008-08-21 17:10 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-08-30 14:43 . 2010-01-25 15:27 -------- d-----w- c:\documents and settings\clintn.MONROE\Application Data\Research In Motion
2010-08-30 14:43 . 2010-01-25 14:43 -------- d-----w- c:\program files\Research In Motion
2010-08-30 14:43 . 2010-01-25 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-08-30 13:15 . 2009-08-25 13:13 -------- d-----w- c:\program files\LogMeIn
2010-08-29 01:15 . 2010-06-30 01:26 -------- d-----w- c:\documents and settings\NetworkService\Application Data\SolidDocuments
2010-08-28 15:37 . 2009-10-16 13:43 1984 ------w- c:\windows\system32\d3d9caps.dat
2010-08-27 19:33 . 2010-01-25 20:41 256 ----a-w- c:\documents and settings\clintn.MONROE\pool.bin
2010-08-27 16:43 . 2010-05-28 15:14 -------- d-----w- c:\documents and settings\clintn.MONROE\Application Data\skypePM
2010-08-27 16:12 . 2009-09-16 14:21 -------- d-----w- c:\documents and settings\clintn.MONROE\Application Data\SolidDocuments
2010-08-27 15:55 . 2010-05-23 09:20 -------- d-----w- c:\program files\PC-Doctor
2010-08-26 15:58 . 2010-05-23 09:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2010-08-26 14:13 . 2008-08-21 16:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-24 13:35 . 2010-06-22 20:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-18 14:43 . 2008-11-23 16:03 -------- d---a-w- c:\program files\PaperWise Suite V6
2010-08-17 16:39 . 2010-07-26 22:17 -------- d-----w- c:\program files\Microsoft Bootvis
2010-08-17 13:17 . 2008-08-21 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-15 03:34 . 2009-05-11 15:51 -------- d-----w- c:\program files\QuickTime
2010-08-11 19:26 . 2008-08-21 17:08 -------- d-----w- c:\program files\Java
2010-08-11 18:35 . 2010-01-12 17:39 -------- d-----w- c:\program files\Common Files\Akamai
2010-07-29 18:12 . 2010-03-29 16:41 -------- d-----w- c:\program files\RMAdmin
2010-07-26 17:02 . 2010-07-26 17:02 765 ----a-w- c:\windows\unins001.dat
2010-07-26 17:02 . 2002-02-10 07:00 72748 ----a-w- c:\windows\unins001.exe
2010-07-26 17:01 . 2010-07-26 17:01 -------- d-----w- c:\program files\Anark
2010-07-26 17:01 . 2010-07-26 17:01 765 ----a-w- c:\windows\unins000.dat
2010-07-26 17:01 . 2002-02-10 07:00 72748 ----a-w- c:\windows\unins000.exe
2010-07-26 17:01 . 2010-07-26 17:01 -------- d-----w- c:\program files\Temp
2010-07-22 21:23 . 2010-07-22 21:23 -------- d-----w- c:\program files\Microsoft.NET
2010-07-22 19:10 . 2010-01-25 15:27 256 ------w- c:\windows\system32\pool.bin
2010-07-21 19:51 . 2009-08-25 22:23 -------- d-----w- c:\program files\Opera
2010-07-17 10:00 . 2010-06-29 16:39 423656 ------w- c:\windows\system32\deployJava1.dll
2010-07-13 15:45 . 2010-07-13 15:45 -------- d-----w- c:\program files\AutoIt3
2010-07-12 18:08 . 2010-07-12 18:08 -------- d-----w- c:\program files\Skype
2010-07-09 20:01 . 2010-07-07 22:56 -------- d-----w- c:\documents and settings\clintn.MONROE\Application Data\DameWare Development
2010-07-09 14:12 . 2010-07-09 14:12 70144 ----a-r- c:\documents and settings\clintn.MONROE\Application Data\Microsoft\Installer\{EA98753C-CB1C-4216-AC09-7EC3D3F62BAF}\IconA2E65BCA.exe
2010-07-09 14:12 . 2010-07-09 14:12 39936 ----a-r- c:\documents and settings\clintn.MONROE\Application Data\Microsoft\Installer\{EA98753C-CB1C-4216-AC09-7EC3D3F62BAF}\Icon1DEF20221.exe
2010-07-09 14:12 . 2010-07-07 22:44 -------- d-----w- c:\program files\DameWare Development
2010-07-09 14:06 . 2010-07-07 22:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-07 22:44 . 2010-07-07 22:44 39936 ----a-r- c:\documents and settings\clintn.MONROE\Application Data\Microsoft\Installer\{B6CEAC47-E909-4AC2-A077-0EFCFECBD6D5}\IconCFC105E3.exe
2010-07-07 22:44 . 2010-07-07 22:44 27136 ----a-r- c:\documents and settings\clintn.MONROE\Application Data\Microsoft\Installer\{B6CEAC47-E909-4AC2-A077-0EFCFECBD6D5}\Icon0FF7A68B.exe
2010-07-07 17:51 . 2010-07-07 17:51 -------- d-----w- c:\program files\Symantec_Client_Security
2010-07-07 03:18 . 2010-07-07 03:18 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Malwarebytes
2010-07-06 22:07 . 2010-07-01 14:58 -------- d-----w- c:\program files\Steam
2010-07-06 18:48 . 2010-07-06 18:48 -------- d-----w- c:\program files\Digital Line Detect
2010-07-06 18:48 . 2010-07-06 18:47 -------- d-----w- c:\program files\NetWaiting
2010-07-06 18:44 . 2008-08-21 16:59 -------- d-----w- c:\program files\CONEXANT
2010-07-06 18:42 . 2008-08-21 16:54 -------- d-----w- c:\program files\Intel
2010-07-06 18:36 . 2010-07-06 18:36 -------- d-----w- c:\documents and settings\clintn.MONROE\Application Data\Intel
2010-07-06 18:36 . 2010-07-06 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2010-07-06 18:36 . 2010-07-06 18:36 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2010-07-06 18:36 . 2010-07-06 18:36 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2010-07-06 18:36 . 2010-07-06 18:36 -------- d-----w- c:\program files\Common Files\Intel
2010-07-06 16:32 . 2010-06-28 13:55 63488 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-06 16:32 . 2010-06-28 13:55 117760 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-03 04:54 . 2008-11-07 04:59 -------- d-----w- c:\program files\Windows Defender
2010-07-01 22:04 . 2010-05-23 05:21 -------- d-----w- c:\documents and settings\clintn.MONROE\Application Data\IObit
2010-07-01 20:58 . 2010-07-01 20:58 136 ----a-w- c:\documents and settings\clintn.MONROE\Local Settings\Application Data\fusioncache.dat
2010-07-01 20:13 . 2010-07-01 20:13 -------- d-----w- c:\program files\Common Files\Skype
2010-07-01 20:13 . 2010-05-28 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-06-30 12:31 . 2006-04-30 06:55 149504 ------w- c:\windows\system32\schannel.dll
2010-06-29 16:00 . 2010-05-23 09:16 32768 ------w- c:\windows\system32\TpKmpSvc.exe
2010-06-28 13:55 . 2010-06-28 13:55 52224 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-24 16:07 . 2010-06-24 16:07 87672 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-24 12:22 . 2006-04-30 06:56 916480 ------w- c:\windows\system32\wininet.dll
2010-06-23 14:24 . 2010-06-23 14:24 2944904 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\Mozilla\Firefox\Profiles\489azkwm.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-06-23 13:44 . 2006-04-30 06:55 1851904 ------w- c:\windows\system32\win32k.sys
2010-06-22 21:04 . 2010-06-22 21:04 1465512 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\Update\patch_551455to551460_32\patch_551455to551460_32.02.exe
2010-06-21 15:27 . 2006-04-30 06:55 354304 ------w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-04-30 06:55 80384 ------w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2006-04-30 07:10 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2006-04-30 06:55 1172480 ------w- c:\windows\system32\msxml3.dll
2010-06-09 13:52 . 2008-07-24 23:45 13408 ------w- c:\windows\system32\drivers\radpms.sys
2010-06-09 13:51 . 2009-08-25 13:13 83360 ------w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-09 13:51 . 2009-08-25 13:13 29568 ------w- c:\windows\system32\LMIport.dll
2010-06-09 13:51 . 2009-08-25 13:13 87424 ------w- c:\windows\system32\LMIinit.dll
2010-06-04 00:17 . 2008-08-21 16:55 165160 ------w- c:\windows\system32\SynTPAPI.dll
2010-06-04 00:17 . 2008-07-04 05:29 120104 ------w- c:\windows\system32\SynTPCo4.dll
2010-06-04 00:17 . 2008-08-21 16:55 214312 ------w- c:\windows\system32\SynCtrl.dll
2010-06-04 00:17 . 2008-08-21 16:55 173352 ------w- c:\windows\system32\SynCOM.dll
2010-06-01 16:44 . 2010-06-21 22:16 3907584 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\Mozilla\Firefox\Profiles\489azkwm.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
2004-08-04 06:56 . 2009-12-03 23:30 561179 ------w- c:\program files\Common Files\dao360.dll
2004-06-17 15:07 . 2009-12-03 23:30 570128 ------w- c:\program files\Common Files\DAO350.DLL
2008-08-16 22:42 . 2008-08-16 22:42 13112 ------w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 22:42 . 2008-08-16 22:42 70456 ------w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 22:42 . 2008-08-16 22:42 91448 ------w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 22:42 . 2008-08-16 22:42 20800 ------w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 22:43 . 2008-08-16 22:43 206136 ------w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 22:42 . 2008-08-16 22:42 31032 ------w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 22:42 . 2008-08-16 22:42 40248 ------w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 13:41 . 2008-05-21 13:41 479232 ------w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 13:41 . 2008-05-21 13:41 548864 ------w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 13:41 . 2008-05-21 13:41 626688 ------w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 18:58 . 2008-06-05 18:58 648504 ------w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 22:42 . 2008-08-16 22:42 23864 ------w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
CODE
<pre>
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy .exe
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9 .exe
c:\program files\EncompassInsurance\Encompass Optimization Install\EncompassMove .exe
c:\program files\IObit\Advanced SystemCare 3\AWC .exe
c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM      .exe
c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM    .exe
c:\program files\Lenovo\HOTKEY\TPOSDSVC .exe
c:\program files\Lenovo Fingerprint Software\fpapp .exe
c:\program files\LogMeIn\x86\LogMeInSystray .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\QuickTime\qttask .exe
c:\program files\RDS\RMClient\JobHisInit .exe
c:\program files\RDS\RMClient\MplSetUp .exe
c:\program files\Steam\Steam .exe
c:\program files\Symantec_Client_Security\Symantec AntiVirus\vptray .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\program files\Synaptics\SynTP\SynTPLpr .exe
c:\program files\ThinkPad\Utilities\EzEjMnAp .exe
c:\program files\ThinkVantage\PrdCtr\LPMGR .exe
c:\program files\ThinkVantage\PrdCtr\LPMLCHK .exe
c:\program files\Windows Defender\MSASCui .exe
c:\windows\system32\TpShocks .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [N/A]
"SplitScreen"="c:\program files\SplitView 2008\SplitScr.exe" [N/A]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"RIMDeviceManager"="c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" [2009-10-13 1590616]
"ISUSPM"="c:\program files\Common Files\Installshield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"Gbridge"="c:\program files\Gbridge LLC\Gbridge\pstartw.exe" [N/A]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2009-09-24 1685816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-08-04 62240]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [N/A]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"Spiceworks"="c:\program files\Spiceworks\bin\spicetray_silent.exe" [2010-03-29 66912]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [N/A]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-05-12 517480]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-11 145432]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2006-03-02 36864]
"MplSetUp"="c:\program files\RDS\RMClient\MplSetUp.exe" [N/A]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]
"JobHisInit"="c:\program files\RDS\RMClient\JobHisInit.exe" [N/A]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2006-03-02 40960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-11 174616]
"EncMove"="c:\program files\EncompassInsurance\Encompass Optimization Install\EncompassMove.exe" [N/A]
"EncMov32"="%ProgramFiles (x86)%\EncmpassInsurance\Encompass Optimization Install\EncompassMove.exe" [N/A]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2010-05-12 208896]
"B2BMC_STARTER"="c:\fipsco life portraits\AHL\B2BMC-Starter.exe" [N/A]
"AMSG"="c:\progra~1\THINKV~1\AMSG\Amsg.exe" [2009-09-03 436800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [N/A]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [N/A]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [N/A]
"vptray"="c:\program files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe" [2003-05-21 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe" [2010-06-30 231888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2008-3-28 596584]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-7-6 50688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Shortcut to TamManager.lnk - c:\program files\PaperWise Suite V6\TamManager.exe [2009-4-23 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)
"MaxGPOScriptWait"= 3600 (0xe10)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoTaskGrouping"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2010-02-05 11:44 180224 ------w- c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-09-25 16:02 16680 ------w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-06-09 13:51 87424 ------w- c:\windows\system32\LMIinit.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spiceworks\\httpd\\bin\\spiceworks-httpd.exe"=
"c:\\Program Files\\Spiceworks\\bin\\spiceworks-finder.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [5/23/2010 4:16 AM 24304]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/9/2009 12:10 PM 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [5/23/2010 4:12 AM 13480]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 7:50 AM 46144]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2/5/2010 6:39 AM 1824064]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [5/23/2010 4:16 AM 132456]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2/5/2010 6:43 AM 98304]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CamMute.exe [5/23/2010 4:13 AM 50536]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [8/21/2008 12:15 PM 53248]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [5/19/2008 9:00 PM 63928]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [5/14/2008 6:25 PM 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 7:50 AM 360448]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 10:19 PM 13592]
R3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\drivers\ATSwpWDF.sys [5/5/2010 3:42 PM 661448]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [8/21/2008 11:36 AM 239760]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [7/24/2008 6:45 PM 13408]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 5:54 PM 37312]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [5/23/2010 4:12 AM 45496]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2/5/2010 6:43 AM 106496]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2/5/2010 6:44 AM 118784]
S3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\drivers\gbridge.sys [5/10/2009 12:46 PM 41216]
S3 hipeer20;Remobo Instant Private Network;c:\windows\system32\drivers\remobo32.sys [4/22/2009 10:21 AM 26112]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [5/4/2010 9:47 AM 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [5/4/2010 9:47 AM 11104]
S4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\documents and settings\clintn.MONROE\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe [9/20/2007 5:10 PM 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-08-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.tfins.com/
uInternet Settings,ProxyServer = http=tfserver:3128
uInternet Settings,ProxyOverride = https://*;webmvr.com;https://www.webmvr.com;hxxp://remotedeposit.ctbonline.com;https://remotedeposit.ctbonline.com;https://amig.com;https://modernlink.amig.com;https://*.amig.com;<local>
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: allstate.com
Trusted Zone: allstate.com\ehg
Trusted Zone: allstate.com\login
Trusted Zone: allstatehelp.com
Trusted Zone: Deerbrook.com
Trusted Zone: Deerbrook.com\interlink
Trusted Zone: encompassinsurance.com
Trusted Zone: encompassinsurance.com\billing
Trusted Zone: encompassinsurance.com\forms
Trusted Zone: encompassinsurance.com\iabi
Trusted Zone: encompassinsurance.com\infoview
Trusted Zone: encompassinsurance.com\interlink
Trusted Zone: encompassinsurance.com\motorclub
Trusted Zone: encompassinsurance.com\policy
Trusted Zone: gotoassist.com
Trusted Zone: interlinkhelp.com
Trusted Zone: travelers.com
Trusted Zone: travelerspc.com
Trusted Zone: travelers.com
Trusted Zone: travelerspc.com
DPF: {16A017B9-6CB4-47C7-8E81-6E9396FAC2B6} - hxxp://tfsecurity/NSIDVRCtrlX.ocx
DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} - hxxps://www.childrenview.net/rooms/smallworld/OCXChecker_6110.cab
DPF: {297AEB8E-D78B-427A-BBC2-E6496017D290} - hxxps://allapp.ahlcorp.com/DataSync/Control/AHLDSync.cab
DPF: {C11F5ACE-2471-49CE-BA64-B3A66D12C846} - hxxps://tfserver.monroe.tfins.com/RSC/invitation.aspx?getActiveX=1
DPF: {DA8484DE-52DB-4860-A986-61A8682E298A} - hxxps://www.childrenview.net/rooms/smallworld/OCXChecker_6110.cab
DPF: {E5238271-D692-408F-A625-275DF49EE4E3} - hxxps://allapp.ahlcorp.com/InfoUpdate/Control/AHLInfoUpdate.CAB
DPF: {E6545011-41C1-41E8-A553-2457571D1BBC} - hxxp://localhost:25684/Sessionctl/control/SessionCtl.cab
FF - ProfilePath - c:\documents and settings\clintn.MONROE\Application Data\Mozilla\Firefox\Profiles\489azkwm.default\
FF - plugin: c:\documents and settings\clintn.MONROE\Application Data\Mozilla\Firefox\Profiles\489azkwm.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-30 11:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP00000057BB1B345A9F9790A5 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,b6,55,e2,61,fd,3d,4d,bc,bb,01,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,b6,55,e2,61,fd,3d,4d,bc,bb,01,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\ATGinaHook.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.DLL
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll
c:\program files\Lenovo\Client Security Solution\css_banner.dll
c:\windows\system32\cssuserdatadispatcher.dll
c:\windows\system32\tvttsp.dll
c:\windows\system32\tcsrpc.dll
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\AFSSClientLib.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(5904)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\progra~1\SYMANT~1\SYMANT~1\DefWatch.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\SYMANT~1\SYMANT~1\Rtvscan.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TpKmpSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\TpShocks.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\program files\Opera\opera.exe
.
**************************************************************************
.
Completion time: 2010-08-30 11:06:25 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-30 16:06
ComboFix2.txt 2010-07-07 21:27

Pre-Run: 69,197,705,216 bytes free
Post-Run: 86,345,441,280 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 7288BCB4D9E98AC4125B2FEF4A6D9148


#9 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:11:29 AM

Posted 30 August 2010 - 11:39 AM

Hi there,

Close any open browsers, and close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the codebox below into it:

CODE
RenV::
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy .exe
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9 .exe
c:\program files\EncompassInsurance\Encompass Optimization Install\EncompassMove .exe
c:\program files\IObit\Advanced SystemCare 3\AWC .exe
c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM      .exe
c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM    .exe
c:\program files\Lenovo\HOTKEY\TPOSDSVC .exe
c:\program files\Lenovo Fingerprint Software\fpapp .exe
c:\program files\LogMeIn\x86\LogMeInSystray .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\QuickTime\qttask .exe
c:\program files\RDS\RMClient\JobHisInit .exe
c:\program files\RDS\RMClient\MplSetUp .exe
c:\program files\Steam\Steam .exe
c:\program files\Symantec_Client_Security\Symantec AntiVirus\vptray .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\program files\Synaptics\SynTP\SynTPLpr .exe
c:\program files\ThinkPad\Utilities\EzEjMnAp .exe
c:\program files\ThinkVantage\PrdCtr\LPMGR .exe
c:\program files\ThinkVantage\PrdCtr\LPMLCHK .exe
c:\program files\Windows Defender\MSASCui .exe
c:\windows\system32\TpShocks .exe
  • Save this as CFScript.txt, in the same location as ComboFix.exe


Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#10 cjn007

cjn007
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Louisiana
  • Local time:11:29 AM

Posted 30 August 2010 - 11:47 AM

I am still unable to disable my antivirus as I stated in my above post, but I will run this script and see how it goes.

#11 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:11:29 AM

Posted 30 August 2010 - 11:49 AM

Okay, don't worry about disabling the anti-virus.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#12 cjn007

cjn007
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Louisiana
  • Local time:11:29 AM

Posted 30 August 2010 - 12:14 PM

ComboFix 10-08-29.04 - ClintN 08/30/2010 11:49:46.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1942.888 [GMT -5:00]
Running from: c:\documents and settings\clintn.MONROE\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\clintn.MONROE\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
c:\program files\Common Files\Java\Java Update\jusched.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
c:\program files\EncompassInsurance\Encompass Optimization Install\EncompassMove.exe
c:\program files\Spiceworks\bin\spicetray_silent.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))))
.

2010-08-30 17:00 . 2010-08-30 17:00 53248 ----a-w- c:\temp\catchme.dll
2010-08-30 17:00 . 2010-08-30 17:00 -------- d-----w- c:\temp\Desktop Authority
2010-08-30 16:49 . 2010-08-30 16:49 -------- d-----w- c:\temp\WPDNSE
2010-08-30 16:13 . 2010-08-30 16:32 -------- d-----w- c:\temp\VPMECTMP
2010-08-30 16:09 . 2010-08-30 16:09 -------- d-----w- c:\temp\PwOfficeTemp
2010-08-27 19:35 . 2010-08-27 19:35 -------- d-----w- c:\program files\EncompassInsurance
2010-08-27 16:57 . 2010-08-27 16:57 -------- d-----w- c:\documents and settings\clintn.MONROE\Desktopboot.images
2010-08-26 15:56 . 2010-03-26 10:31 81920 ------w- c:\windows\system32\igfxCoIn_v5248.dll
2010-08-25 20:33 . 2010-08-25 20:33 -------- d-----w- C:\IVANS
2010-08-25 20:33 . 2010-08-25 20:33 -------- d-----w- C:\TM.NET Setup
2010-08-23 13:12 . 2010-08-30 16:58 186776 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-15 08:04 . 2010-08-15 18:22 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2010-08-13 19:27 . 2010-08-13 19:27 -------- d-----w- C:\ScriptLogic
2010-08-11 22:45 . 2010-08-11 22:45 -------- d-----w- c:\program files\Ipswitch
2010-08-11 22:39 . 2010-08-11 22:39 -------- d-----w- c:\program files\Advanced IP Scanner
2010-08-11 22:25 . 2010-06-21 15:27 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-08-11 22:25 . 2010-04-27 13:05 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-08-11 22:25 . 2010-04-27 13:05 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-08-11 22:25 . 2010-06-24 12:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-08-11 22:25 . 2010-06-24 12:21 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-08-11 22:25 . 2010-06-24 12:21 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-08-11 22:25 . 2010-06-24 12:21 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-08-11 22:25 . 2010-06-24 12:21 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-08-11 22:25 . 2010-06-24 12:21 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-11 22:24 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-08-11 18:53 . 2010-08-11 18:53 108300 ----a-w- c:\documents and settings\clintn.MONROE\TRACE_BOOT+DRIVERS_1_1.BIN
2010-08-09 21:15 . 2010-08-09 21:15 -------- d-----w- c:\program files\JavaFX
2010-08-09 21:14 . 2010-08-09 21:14 -------- d-----w- c:\program files\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 17:02 . 2008-08-21 17:05 -------- d-----w- c:\program files\Lenovo Fingerprint Software
2010-08-30 17:02 . 2009-05-11 15:51 -------- d-----w- c:\program files\QuickTime
2010-08-30 17:02 . 2009-09-29 13:09 -------- d-----w- c:\program files\CCleaner
2010-08-30 16:50 . 2008-11-07 04:59 -------- d-----w- c:\program files\Windows Defender
2010-08-30 16:50 . 2010-07-01 14:58 -------- d-----w- c:\program files\Steam
2010-08-30 16:49 . 2010-06-22 20:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-30 16:10 . 2010-01-25 15:27 -------- d-----w- c:\documents and settings\clintn.MONROE\Application Data\Research In Motion
2010-08-30 16:00 . 2010-05-28 15:14 -------- d-----w- c:\documents and settings\clintn.MONROE\Application Data\Skype
2010-08-30 15:59 . 2010-07-06 16:07 72512 ----a-w- c:\documents and settings\clintn.MONROE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-30 15:57 . 2008-11-06 13:38 -------- d-----w- c:\program files\Symantec
2010-08-30 15:26 . 2008-11-06 13:38 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-30 15:26 . 2010-07-07 17:52 83208 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-08-30 15:26 . 2010-07-07 17:52 73496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-08-30 15:24 . 2008-08-21 17:08 -------- d-----w- c:\program files\Common Files\Lenovo
2010-08-30 14:54 . 2010-01-25 14:43 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-08-30 14:52 . 2008-08-21 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-08-30 14:52 . 2008-08-21 17:10 -------- d-----w- c:\program files\Roxio
2010-08-30 14:52 . 2008-08-21 17:10 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-08-30 14:52 . 2008-08-21 17:10 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-08-30 14:43 . 2010-01-25 14:43 -------- d-----w- c:\program files\Research In Motion
2010-08-30 14:43 . 2010-01-25 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-08-30 14:40 . 2010-08-30 14:35 102135128 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\Extractor.exe
2010-08-30 13:15 . 2009-08-25 13:13 -------- d-----w- c:\program files\LogMeIn
2010-08-29 01:15 . 2010-06-30 01:26 -------- d-----w- c:\documents and settings\NetworkService\Application Data\SolidDocuments
2010-08-28 15:37 . 2009-10-16 13:43 1984 ------w- c:\windows\system32\d3d9caps.dat
2010-08-27 19:35 . 2010-08-27 19:35 8754 ----a-r- c:\documents and settings\clintn.MONROE\Application Data\Microsoft\Installer\{1448F57C-23C6-4E84-9A5C-DAE7CE09A740}\_6FEFF9B68218417F98F549.exe
2010-08-27 19:33 . 2010-01-25 20:41 256 ----a-w- c:\documents and settings\clintn.MONROE\pool.bin
2010-08-27 16:43 . 2010-05-28 15:14 -------- d-----w- c:\documents and settings\clintn.MONROE\Application Data\skypePM
2010-08-27 16:12 . 2009-09-16 14:21 -------- d-----w- c:\documents and settings\clintn.MONROE\Application Data\SolidDocuments
2010-08-27 15:55 . 2010-05-23 09:20 -------- d-----w- c:\program files\PC-Doctor
2010-08-26 15:58 . 2010-05-23 09:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2010-08-26 14:13 . 2008-08-21 16:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-18 14:43 . 2008-11-23 16:03 -------- d---a-w- c:\program files\PaperWise Suite V6
2010-08-17 16:39 . 2010-07-26 22:17 -------- d-----w- c:\program files\Microsoft Bootvis
2010-08-17 13:17 . 2008-08-21 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-11 19:26 . 2008-08-21 17:08 -------- d-----w- c:\program files\Java
2010-08-11 18:35 . 2010-01-12 17:39 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-04 02:38 . 2010-08-04 02:38 1821192 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\vcredist_x86.exe
2010-08-04 02:38 . 2010-08-04 02:38 400728 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\BBDesktopInstaller.exe
2010-08-04 02:38 . 2010-08-04 02:38 2959376 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\dotnetfx35setup.exe
2010-08-04 02:38 . 2010-08-04 02:38 128472 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\Helper.exe
2010-07-29 18:12 . 2010-03-29 16:41 -------- d-----w- c:\program files\RMAdmin
2010-07-26 17:02 . 2010-07-26 17:02 765 ----a-w- c:\windows\unins001.dat
2010-07-26 17:02 . 2002-02-10 07:00 72748 ----a-w- c:\windows\unins001.exe
2010-07-26 17:01 . 2010-07-26 17:01 -------- d-----w- c:\program files\Anark
2010-07-26 17:01 . 2010-07-26 17:01 765 ----a-w- c:\windows\unins000.dat
2010-07-26 17:01 . 2002-02-10 07:00 72748 ----a-w- c:\windows\unins000.exe
2010-07-26 17:01 . 2010-07-26 17:01 -------- d-----w- c:\program files\Temp
2010-07-22 21:23 . 2010-07-22 21:23 -------- d-----w- c:\program files\Microsoft.NET
2010-07-22 19:10 . 2010-01-25 15:27 256 ------w- c:\windows\system32\pool.bin
2010-07-21 19:51 . 2009-08-25 22:23 -------- d-----w- c:\program files\Opera
2010-07-17 10:00 . 2010-06-29 16:39 423656 ------w- c:\windows\system32\deployJava1.dll
2010-07-13 15:45 . 2010-07-13 15:45 -------- d-----w- c:\program files\AutoIt3
2010-07-12 18:08 . 2010-07-12 18:08 -------- d-----w- c:\program files\Skype
2010-07-09 20:01 . 2010-07-07 22:56 -------- d-----w- c:\documents and settings\clintn.MONROE\Application Data\DameWare Development
2010-07-09 14:12 . 2010-07-09 14:12 70144 ----a-r- c:\documents and settings\clintn.MONROE\Application Data\Microsoft\Installer\{EA98753C-CB1C-4216-AC09-7EC3D3F62BAF}\IconA2E65BCA.exe
2010-07-09 14:12 . 2010-07-09 14:12 39936 ----a-r- c:\documents and settings\clintn.MONROE\Application Data\Microsoft\Installer\{EA98753C-CB1C-4216-AC09-7EC3D3F62BAF}\Icon1DEF20221.exe
2010-07-09 14:12 . 2010-07-07 22:44 -------- d-----w- c:\program files\DameWare Development
2010-07-09 14:06 . 2010-07-07 22:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-07 22:44 . 2010-07-07 22:44 39936 ----a-r- c:\documents and settings\clintn.MONROE\Application Data\Microsoft\Installer\{B6CEAC47-E909-4AC2-A077-0EFCFECBD6D5}\IconCFC105E3.exe
2010-07-07 22:44 . 2010-07-07 22:44 27136 ----a-r- c:\documents and settings\clintn.MONROE\Application Data\Microsoft\Installer\{B6CEAC47-E909-4AC2-A077-0EFCFECBD6D5}\Icon0FF7A68B.exe
2010-07-07 17:51 . 2010-07-07 17:51 -------- d-----w- c:\program files\Symantec_Client_Security
2010-07-07 03:18 . 2010-07-07 03:18 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Malwarebytes
2010-07-06 18:48 . 2010-07-06 18:48 -------- d-----w- c:\program files\Digital Line Detect
2010-07-06 18:48 . 2010-07-06 18:47 -------- d-----w- c:\program files\NetWaiting
2010-07-06 18:44 . 2008-08-21 16:59 -------- d-----w- c:\program files\CONEXANT
2010-07-06 18:42 . 2008-08-21 16:54 -------- d-----w- c:\program files\Intel
2010-07-06 18:36 . 2010-07-06 18:36 -------- d-----w- c:\documents and settings\clintn.MONROE\Application Data\Intel
2010-07-06 18:36 . 2010-07-06 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2010-07-06 18:36 . 2010-07-06 18:36 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2010-07-06 18:36 . 2010-07-06 18:36 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2010-07-06 18:36 . 2010-07-06 18:36 -------- d-----w- c:\program files\Common Files\Intel
2010-07-06 16:32 . 2010-06-28 13:55 63488 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-06 16:32 . 2010-06-28 13:55 117760 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-01 22:04 . 2010-05-23 05:21 -------- d-----w- c:\documents and settings\clintn.MONROE\Application Data\IObit
2010-07-01 20:58 . 2010-07-01 20:58 136 ----a-w- c:\documents and settings\clintn.MONROE\Local Settings\Application Data\fusioncache.dat
2010-07-01 20:13 . 2010-07-01 20:13 -------- d-----w- c:\program files\Common Files\Skype
2010-07-01 20:13 . 2010-05-28 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-06-30 12:31 . 2006-04-30 06:55 149504 ------w- c:\windows\system32\schannel.dll
2010-06-29 16:00 . 2010-05-23 09:16 32768 ------w- c:\windows\system32\TpKmpSvc.exe
2010-06-28 13:55 . 2010-06-28 13:55 52224 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-24 16:07 . 2010-06-24 16:07 87672 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-24 12:22 . 2006-04-30 06:56 916480 ------w- c:\windows\system32\wininet.dll
2010-06-23 14:24 . 2010-06-23 14:24 2944904 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\Mozilla\Firefox\Profiles\489azkwm.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-06-23 13:44 . 2006-04-30 06:55 1851904 ------w- c:\windows\system32\win32k.sys
2010-06-22 21:04 . 2010-06-22 21:04 1465512 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\Update\patch_551455to551460_32\patch_551455to551460_32.02.exe
2010-06-21 15:27 . 2006-04-30 06:55 354304 ------w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-04-30 06:55 80384 ------w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2006-04-30 07:10 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2006-04-30 06:55 1172480 ------w- c:\windows\system32\msxml3.dll
2010-06-09 13:52 . 2008-07-24 23:45 13408 ------w- c:\windows\system32\drivers\radpms.sys
2010-06-09 13:51 . 2009-08-25 13:13 83360 ------w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-09 13:51 . 2009-08-25 13:13 29568 ------w- c:\windows\system32\LMIport.dll
2010-06-09 13:51 . 2009-08-25 13:13 87424 ------w- c:\windows\system32\LMIinit.dll
2010-06-04 00:17 . 2008-08-21 16:55 165160 ------w- c:\windows\system32\SynTPAPI.dll
2010-06-04 00:17 . 2008-07-04 05:29 120104 ------w- c:\windows\system32\SynTPCo4.dll
2010-06-04 00:17 . 2008-08-21 16:55 214312 ------w- c:\windows\system32\SynCtrl.dll
2010-06-04 00:17 . 2008-08-21 16:55 173352 ------w- c:\windows\system32\SynCOM.dll
2004-08-04 06:56 . 2009-12-03 23:30 561179 ------w- c:\program files\Common Files\dao360.dll
2004-06-17 15:07 . 2009-12-03 23:30 570128 ------w- c:\program files\Common Files\DAO350.DLL
2008-08-16 22:42 . 2008-08-16 22:42 13112 ------w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 22:42 . 2008-08-16 22:42 70456 ------w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 22:42 . 2008-08-16 22:42 91448 ------w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 22:42 . 2008-08-16 22:42 20800 ------w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 22:43 . 2008-08-16 22:43 206136 ------w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 22:42 . 2008-08-16 22:42 31032 ------w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 22:42 . 2008-08-16 22:42 40248 ------w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 13:41 . 2008-05-21 13:41 479232 ------w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 13:41 . 2008-05-21 13:41 548864 ------w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 13:41 . 2008-05-21 13:41 626688 ------w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 18:58 . 2008-06-05 18:58 648504 ------w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 22:42 . 2008-08-16 22:42 23864 ------w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
CODE
<pre>
c:\program files\CCleaner\ccleaner .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Installshield\UpdateService\ISUSPM .exe
c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager .exe
c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
c:\program files\Lenovo\Client Security Solution\cssauth .exe
c:\program files\Lenovo\HOTKEY\TPOSDSVC .exe
c:\program files\Lenovo Fingerprint Software\fpapp .exe
c:\program files\LogMeIn\x86\LogMeInSystray .exe
c:\program files\QuickTime\qttask .exe
c:\program files\RDS\RMClient\JobHisInit .exe
c:\program files\RDS\RMClient\MplSetUp .exe
c:\program files\ScanSoft\PaperPort\pptd40nt .exe
c:\program files\Skype\Phone\Skype .exe
c:\program files\Symantec_Client_Security\Symantec AntiVirus\vptray .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\program files\ThinkVantage\PrdCtr\LPMGR .exe
c:\program files\ThinkVantage\PrdCtr\LPMLCHK .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [N/A]
"SplitScreen"="c:\program files\SplitView 2008\SplitScr.exe" [N/A]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [N/A]
"RIMDeviceManager"="c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" [N/A]
"ISUSPM"="c:\program files\Common Files\Installshield\UpdateService\ISUSPM.exe" [N/A]
"Gbridge"="c:\program files\Gbridge LLC\Gbridge\pstartw.exe" [N/A]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"TpShocks"="TpShocks.exe" [2008-06-07 181536]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [N/A]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-08-04 62240]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [N/A]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [N/A]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [N/A]
"Spiceworks"="c:\program files\Spiceworks\bin\spicetray_silent.exe" [N/A]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [N/A]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-05-12 517480]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-11 145432]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [N/A]
"MplSetUp"="c:\program files\RDS\RMClient\MplSetUp.exe" [N/A]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [N/A]
"JobHisInit"="c:\program files\RDS\RMClient\JobHisInit.exe" [N/A]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2010-08-30 36356]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-11 174616]
"EncMove"="c:\program files\EncompassInsurance\Encompass Optimization Install\EncompassMove.exe" [N/A]
"EncMov32"="%ProgramFiles (x86)%\EncmpassInsurance\Encompass Optimization Install\EncompassMove.exe" [N/A]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [N/A]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2010-05-12 208896]
"B2BMC_STARTER"="c:\fipsco life portraits\AHL\B2BMC-Starter.exe" [N/A]
"AMSG"="c:\progra~1\THINKV~1\AMSG\Amsg.exe" [2009-09-03 436800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [N/A]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [N/A]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [N/A]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [N/A]
"vptray"="c:\program files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe" [2010-06-30 231888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2008-3-28 596584]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-7-6 50688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Shortcut to TamManager.lnk - c:\program files\PaperWise Suite V6\TamManager.exe [2009-4-23 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)
"MaxGPOScriptWait"= 3600 (0xe10)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoTaskGrouping"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2010-02-05 11:44 180224 ------w- c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-09-25 16:02 16680 ------w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-06-09 13:51 87424 ------w- c:\windows\system32\LMIinit.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spiceworks\\httpd\\bin\\spiceworks-httpd.exe"=
"c:\\Program Files\\Spiceworks\\bin\\spiceworks-finder.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [5/23/2010 4:16 AM 24304]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/9/2009 12:10 PM 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [5/23/2010 4:12 AM 13480]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 7:50 AM 46144]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2/5/2010 6:39 AM 1824064]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [5/23/2010 4:16 AM 132456]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2/5/2010 6:43 AM 98304]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CamMute.exe [5/23/2010 4:13 AM 50536]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [8/21/2008 12:15 PM 53248]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [5/19/2008 9:00 PM 63928]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [5/14/2008 6:25 PM 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 7:50 AM 360448]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 10:19 PM 13592]
R3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\drivers\ATSwpWDF.sys [5/5/2010 3:42 PM 661448]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [8/21/2008 11:36 AM 239760]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [7/24/2008 6:45 PM 13408]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 5:54 PM 37312]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [5/23/2010 4:12 AM 45496]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2/5/2010 6:43 AM 106496]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2/5/2010 6:44 AM 118784]
S3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\drivers\gbridge.sys [5/10/2009 12:46 PM 41216]
S3 hipeer20;Remobo Instant Private Network;c:\windows\system32\drivers\remobo32.sys [4/22/2009 10:21 AM 26112]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [5/4/2010 9:47 AM 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [5/4/2010 9:47 AM 11104]
S4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\documents and settings\clintn.MONROE\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe [9/20/2007 5:10 PM 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-08-30 c:\windows\Tasks\At25.job
- c:\documents and settings\All Users\Application Data\7103D137.exe [2010-08-30 17:06]

2010-08-30 c:\windows\Tasks\At26.job
- c:\documents and settings\All Users\Application Data\7103D137.exe [2010-08-30 17:06]

2010-08-30 c:\windows\Tasks\At27.job
- c:\documents and settings\All Users\Application Data\7103D137.exe [2010-08-30 17:06]

2010-08-30 c:\windows\Tasks\At28.job
- c:\documents and settings\All Users\Application Data\7103D137.exe [2010-08-30 17:06]

2010-08-30 c:\windows\Tasks\At29.job
- c:\documents and settings\All Users\Application Data\7103D137.exe [2010-08-30 17:06]

2010-08-30 c:\windows\Tasks\At30.job
- c:\documents and settings\All Users\Application Data\7103D137.exe [2010-08-30 17:06]

2010-08-30 c:\windows\Tasks\At31.job
- c:\documents and settings\All Users\Application Data\7103D137.exe [2010-08-30 17:06]

2010-08-30 c:\windows\Tasks\At32.job
- c:\documents and settings\All Users\Application Data\7103D137.exe [2010-08-30 17:06]

2010-08-30 c:\windows\Tasks\At33.job
- c:\documents and settings\All Users\Application Data\7103D137.exe [2010-08-30 17:06]

2010-08-30 c:\windows\Tasks\At34.job
- c:\documents and settings\All Users\Application Data\7103D137.exe [2010-08-30 17:06]

2010-08-30 c:\windows\Tasks\At35.job
- c:\documents and settings\All Users\Application Data\7103D137.exe [2010-08-30 17:06]

2010-08-30 c:\windows\Tasks\At36.job
- c:\documents and settings\All Users\Application Data\7103D137.exe [2010-08-30 17:06]

2010-08-30 c:\windows\Tasks\At37.job
- c:\documents and settings\All Users\Application Data\7103D137.exe [2010-08-30 17:06]

2010-08-30 c:\windows\Tasks\At38.job
- c:\documents and settings\All Users\Application Data\7103D137.exe [2010-08-30 17:06]

2010-08-30 c:\windows\Tasks\At39.job
- c:\documents and settings\All Users\Application Data\7103D137.exe [2010-08-30 17:06]

2010-08-30 c:\windows\Tasks\At40.job
- c:\documents and settings\All Users\Application Data\7103D137.exe [2010-08-30 17:06]

2010-08-30 c:\windows\Tasks\At41.job
- c:\documents and settings\All Users\Application Data\7103D137.exe [2010-08-30 17:06]

2010-08-30 c:\windows\Tasks\At42.job
- c:\documents and settings\All Users\Application Data\7103D137.exe [2010-08-30 17:06]

2010-08-30 c:\windows\Tasks\At43.job
- c:\documents and settings\All Users\Application Data\7103D137.exe [2010-08-30 17:06]

2010-08-30 c:\windows\Tasks\At44.job
- c:\documents and settings\All Users\Application Data\7103D137.exe [2010-08-30 17:06]

2010-08-30 c:\windows\Tasks\At45.job
- c:\documents and settings\All Users\Application Data\7103D137.exe [2010-08-30 17:06]

2010-08-30 c:\windows\Tasks\At46.job
- c:\documents and settings\All Users\Application Data\7103D137.exe [2010-08-30 17:06]

2010-08-30 c:\windows\Tasks\At47.job
- c:\documents and settings\All Users\Application Data\7103D137.exe [2010-08-30 17:06]

2010-08-30 c:\windows\Tasks\At48.job
- c:\documents and settings\All Users\Application Data\7103D137.exe [2010-08-30 17:06]

2010-08-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.tfins.com/
uInternet Settings,ProxyServer = http=tfserver:3128
uInternet Settings,ProxyOverride = https://*;webmvr.com;https://www.webmvr.com;hxxp://remotedeposit.ctbonline.com;https://remotedeposit.ctbonline.com;https://amig.com;https://modernlink.amig.com;https://*.amig.com;<local>
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: allstate.com
Trusted Zone: allstate.com\ehg
Trusted Zone: allstate.com\login
Trusted Zone: allstatehelp.com
Trusted Zone: Deerbrook.com
Trusted Zone: Deerbrook.com\interlink
Trusted Zone: encompassinsurance.com
Trusted Zone: encompassinsurance.com\billing
Trusted Zone: encompassinsurance.com\forms
Trusted Zone: encompassinsurance.com\iabi
Trusted Zone: encompassinsurance.com\infoview
Trusted Zone: encompassinsurance.com\interlink
Trusted Zone: encompassinsurance.com\motorclub
Trusted Zone: encompassinsurance.com\policy
Trusted Zone: gotoassist.com
Trusted Zone: interlinkhelp.com
Trusted Zone: travelers.com
Trusted Zone: travelerspc.com
Trusted Zone: travelers.com
Trusted Zone: travelerspc.com
DPF: {16A017B9-6CB4-47C7-8E81-6E9396FAC2B6} - hxxp://tfsecurity/NSIDVRCtrlX.ocx
DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} - hxxps://www.childrenview.net/rooms/smallworld/OCXChecker_6110.cab
DPF: {297AEB8E-D78B-427A-BBC2-E6496017D290} - hxxps://allapp.ahlcorp.com/DataSync/Control/AHLDSync.cab
DPF: {C11F5ACE-2471-49CE-BA64-B3A66D12C846} - hxxps://tfserver.monroe.tfins.com/RSC/invitation.aspx?getActiveX=1
DPF: {DA8484DE-52DB-4860-A986-61A8682E298A} - hxxps://www.childrenview.net/rooms/smallworld/OCXChecker_6110.cab
DPF: {E5238271-D692-408F-A625-275DF49EE4E3} - hxxps://allapp.ahlcorp.com/InfoUpdate/Control/AHLInfoUpdate.CAB
DPF: {E6545011-41C1-41E8-A553-2457571D1BBC} - hxxp://localhost:25684/Sessionctl/control/SessionCtl.cab
FF - ProfilePath - c:\documents and settings\clintn.MONROE\Application Data\Mozilla\Firefox\Profiles\489azkwm.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-30 12:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,b6,55,e2,61,fd,3d,4d,bc,bb,01,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,b6,55,e2,61,fd,3d,4d,bc,bb,01,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\ATGinaHook.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.DLL
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll
c:\program files\Lenovo\Client Security Solution\css_banner.dll
c:\windows\system32\cssuserdatadispatcher.dll
c:\windows\system32\tvttsp.dll
c:\windows\system32\tcsrpc.dll
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\AFSSClientLib.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(5564)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\progra~1\SYMANT~1\SYMANT~1\DefWatch.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\SYMANT~1\SYMANT~1\Rtvscan.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\windows\system32\TpKmpSVC.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\TpShocks.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\msiexec.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
.
**************************************************************************
.
Completion time: 2010-08-30 12:10:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-30 17:10
ComboFix2.txt 2010-08-30 16:06
ComboFix3.txt 2010-07-07 21:27

Pre-Run: 84,698,001,408 bytes free
Post-Run: 85,770,756,096 bytes free

- - End Of File - - 7CAB048A035FF56FD98D5B99EA9B4872


#13 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:11:29 AM

Posted 30 August 2010 - 12:21 PM

Hi there,

Close any open browsers so it does not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the codebox below into it:

CODE
RenV::
c:\program files\CCleaner\ccleaner .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Installshield\UpdateService\ISUSPM .exe
c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager .exe
c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
c:\program files\Lenovo\Client Security Solution\cssauth .exe
c:\program files\Lenovo\HOTKEY\TPOSDSVC .exe
c:\program files\Lenovo Fingerprint Software\fpapp .exe
c:\program files\LogMeIn\x86\LogMeInSystray .exe
c:\program files\QuickTime\qttask .exe
c:\program files\RDS\RMClient\JobHisInit .exe
c:\program files\RDS\RMClient\MplSetUp .exe
c:\program files\ScanSoft\PaperPort\pptd40nt .exe
c:\program files\Skype\Phone\Skype .exe
c:\program files\Symantec_Client_Security\Symantec AntiVirus\vptray .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\program files\ThinkVantage\PrdCtr\LPMGR .exe
c:\program files\ThinkVantage\PrdCtr\LPMLCHK .exe

AtJob::

File::
c:\documents and settings\All Users\Application Data\7103D137.exe
  • Save this as CFScript.txt, in the same location as ComboFix.exe


Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#14 cjn007

cjn007
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Louisiana
  • Local time:11:29 AM

Posted 30 August 2010 - 01:42 PM

ComboFix 10-08-29.04 - ClintN 08/30/2010 13:20:01.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1942.1038 [GMT -5:00]
Running from: c:\documents and settings\clintn.MONROE\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\clintn.MONROE\Desktop\CFScript.txt

FILE ::
"c:\documents and settings\All Users\Application Data\7103D137.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\7103D137.exe
c:\temp\{657D16DF-BAE3-4481-8BFE-D3E6A85434A0}\_ISRES.DLL
c:\temp\{657D16DF-BAE3-4481-8BFE-D3E6A85434A0}\IGdi.dll
c:\temp\{657D16DF-BAE3-4481-8BFE-D3E6A85434A0}\ISRT.DLL
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job

.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))))
.

2010-08-30 18:33 . 2010-08-30 18:33 -------- d-----w- c:\temp\WPDNSE
2010-08-30 18:33 . 2010-08-30 18:33 53248 ----a-w- c:\temp\catchme.dll
2010-08-30 18:10 . 2010-08-30 18:28 -------- d-----w- c:\temp\{657D16DF-BAE3-4481-8BFE-D3E6A85434A0}
2010-08-30 17:03 . 2010-08-30 17:11 -------- d-----w- c:\temp\amd64
2010-08-30 17:00 . 2010-08-30 18:32 -------- d-----w- c:\temp\Desktop Authority
2010-08-30 16:13 . 2010-08-30 18:14 -------- d-----w- c:\temp\VPMECTMP
2010-08-30 16:09 . 2010-08-30 16:09 -------- d-----w- c:\temp\PwOfficeTemp
2010-08-30 14:35 . 2010-08-30 14:40 102135128 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\Extractor.exe
2010-08-27 19:35 . 2010-08-27 19:35 8754 ----a-r- c:\documents and settings\clintn.MONROE\Application Data\Microsoft\Installer\{1448F57C-23C6-4E84-9A5C-DAE7CE09A740}\_6FEFF9B68218417F98F549.exe
2010-08-27 19:35 . 2010-08-27 19:35 -------- d-----w- c:\program files\EncompassInsurance
2010-08-27 16:57 . 2010-08-27 16:57 -------- d-----w- c:\documents and settings\clintn.MONROE\Desktopboot.images
2010-08-26 15:56 . 2010-03-26 10:31 81920 ------w- c:\windows\system32\igfxCoIn_v5248.dll
2010-08-25 20:33 . 2010-08-25 20:33 -------- d-----w- C:\IVANS
2010-08-25 20:33 . 2010-08-25 20:33 -------- d-----w- C:\TM.NET Setup
2010-08-23 13:12 . 2010-08-30 18:29 186856 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-15 08:04 . 2010-08-15 18:22 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2010-08-13 19:27 . 2010-08-13 19:27 -------- d-----w- C:\ScriptLogic
2010-08-11 22:45 . 2010-08-11 22:45 -------- d-----w- c:\program files\Ipswitch
2010-08-11 22:39 . 2010-08-11 22:39 -------- d-----w- c:\program files\Advanced IP Scanner
2010-08-11 22:25 . 2010-06-21 15:27 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-08-11 22:25 . 2010-04-27 13:05 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-08-11 22:25 . 2010-04-27 13:05 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-08-11 22:25 . 2010-06-24 12:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-08-11 22:25 . 2010-06-24 12:21 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-08-11 22:25 . 2010-06-24 12:21 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-08-11 22:25 . 2010-06-24 12:21 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-08-11 22:25 . 2010-06-24 12:21 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-08-11 22:25 . 2010-06-24 12:21 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-11 22:24 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-08-11 18:53 . 2010-08-11 18:53 108300 ----a-w- c:\documents and settings\clintn.MONROE\TRACE_BOOT+DRIVERS_1_1.BIN
2010-08-09 21:15 . 2010-08-09 21:15 -------- d-----w- c:\program files\JavaFX
2010-08-09 21:14 . 2010-08-09 21:14 -------- d-----w- c:\program files\Sun
2010-08-04 02:38 . 2010-08-04 02:38 1821192 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\vcredist_x86.exe
2010-08-04 02:38 . 2010-08-04 02:38 400728 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\BBDesktopInstaller.exe
2010-08-04 02:38 . 2010-08-04 02:38 2959376 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\dotnetfx35setup.exe
2010-08-04 02:38 . 2010-08-04 02:38 128472 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\Helper.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 18:34 . 2008-08-21 17:05 -------- d-----w- c:\program files\Lenovo Fingerprint Software
2010-08-30 18:34 . 2009-05-11 15:51 -------- d-----w- c:\program files\QuickTime
2010-08-30 18:34 . 2009-09-29 13:09 -------- d-----w- c:\program files\CCleaner
2010-08-30 18:09 . 2010-06-30 01:26 -------- d-----w- c:\documents and settings\NetworkService\Application Data\SolidDocuments
2010-08-30 17:06 . 2010-08-30 17:06 112 ----a-w- c:\documents and settings\All Users\Application Data\HBqc0Il.dat
2010-08-30 16:50 . 2008-11-07 04:59 -------- d-----w- c:\program files\Windows Defender
2010-08-30 16:50 . 2010-07-01 14:58 -------- d-----w- c:\program files\Steam
2010-08-30 16:49 . 2010-06-22 20:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-30 16:10 . 2010-01-25 15:27 -------- d-----w- c:\documents and settings\clintn.MONROE\Application Data\Research In Motion
2010-08-30 16:00 . 2010-05-28 15:14 -------- d-----w- c:\documents and settings\clintn.MONROE\Application Data\Skype
2010-08-30 15:59 . 2010-07-06 16:07 72512 ----a-w- c:\documents and settings\clintn.MONROE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-30 15:57 . 2008-11-06 13:38 -------- d-----w- c:\program files\Symantec
2010-08-30 15:26 . 2008-11-06 13:38 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-30 15:26 . 2010-07-07 17:52 83208 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-08-30 15:26 . 2010-07-07 17:52 73496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-08-30 15:24 . 2008-08-21 17:08 -------- d-----w- c:\program files\Common Files\Lenovo
2010-08-30 14:54 . 2010-01-25 14:43 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-08-30 14:52 . 2008-08-21 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-08-30 14:52 . 2008-08-21 17:10 -------- d-----w- c:\program files\Roxio
2010-08-30 14:52 . 2008-08-21 17:10 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-08-30 14:52 . 2008-08-21 17:10 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-08-30 14:43 . 2010-01-25 14:43 -------- d-----w- c:\program files\Research In Motion
2010-08-30 14:43 . 2010-01-25 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-08-30 13:15 . 2009-08-25 13:13 -------- d-----w- c:\program files\LogMeIn
2010-08-28 15:37 . 2009-10-16 13:43 1984 ------w- c:\windows\system32\d3d9caps.dat
2010-08-27 19:33 . 2010-01-25 20:41 256 ----a-w- c:\documents and settings\clintn.MONROE\pool.bin
2010-08-27 16:43 . 2010-05-28 15:14 -------- d-----w- c:\documents and settings\clintn.MONROE\Application Data\skypePM
2010-08-27 16:12 . 2009-09-16 14:21 -------- d-----w- c:\documents and settings\clintn.MONROE\Application Data\SolidDocuments
2010-08-27 15:55 . 2010-05-23 09:20 -------- d-----w- c:\program files\PC-Doctor
2010-08-26 15:58 . 2010-05-23 09:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2010-08-26 14:13 . 2008-08-21 16:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-18 14:43 . 2008-11-23 16:03 -------- d---a-w- c:\program files\PaperWise Suite V6
2010-08-17 16:39 . 2010-07-26 22:17 -------- d-----w- c:\program files\Microsoft Bootvis
2010-08-17 13:17 . 2008-08-21 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-11 19:26 . 2008-08-21 17:08 -------- d-----w- c:\program files\Java
2010-08-11 18:35 . 2010-01-12 17:39 -------- d-----w- c:\program files\Common Files\Akamai
2010-07-29 18:12 . 2010-03-29 16:41 -------- d-----w- c:\program files\RMAdmin
2010-07-26 17:02 . 2010-07-26 17:02 765 ----a-w- c:\windows\unins001.dat
2010-07-26 17:02 . 2002-02-10 07:00 72748 ----a-w- c:\windows\unins001.exe
2010-07-26 17:01 . 2010-07-26 17:01 -------- d-----w- c:\program files\Anark
2010-07-26 17:01 . 2010-07-26 17:01 765 ----a-w- c:\windows\unins000.dat
2010-07-26 17:01 . 2002-02-10 07:00 72748 ----a-w- c:\windows\unins000.exe
2010-07-26 17:01 . 2010-07-26 17:01 -------- d-----w- c:\program files\Temp
2010-07-22 21:23 . 2010-07-22 21:23 -------- d-----w- c:\program files\Microsoft.NET
2010-07-22 19:10 . 2010-01-25 15:27 256 ------w- c:\windows\system32\pool.bin
2010-07-21 19:51 . 2009-08-25 22:23 -------- d-----w- c:\program files\Opera
2010-07-17 10:00 . 2010-06-29 16:39 423656 ------w- c:\windows\system32\deployJava1.dll
2010-07-13 15:45 . 2010-07-13 15:45 -------- d-----w- c:\program files\AutoIt3
2010-07-12 18:08 . 2010-07-12 18:08 -------- d-----w- c:\program files\Skype
2010-07-09 20:01 . 2010-07-07 22:56 -------- d-----w- c:\documents and settings\clintn.MONROE\Application Data\DameWare Development
2010-07-09 14:12 . 2010-07-09 14:12 70144 ----a-r- c:\documents and settings\clintn.MONROE\Application Data\Microsoft\Installer\{EA98753C-CB1C-4216-AC09-7EC3D3F62BAF}\IconA2E65BCA.exe
2010-07-09 14:12 . 2010-07-09 14:12 39936 ----a-r- c:\documents and settings\clintn.MONROE\Application Data\Microsoft\Installer\{EA98753C-CB1C-4216-AC09-7EC3D3F62BAF}\Icon1DEF20221.exe
2010-07-09 14:12 . 2010-07-07 22:44 -------- d-----w- c:\program files\DameWare Development
2010-07-09 14:06 . 2010-07-07 22:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-07 22:44 . 2010-07-07 22:44 39936 ----a-r- c:\documents and settings\clintn.MONROE\Application Data\Microsoft\Installer\{B6CEAC47-E909-4AC2-A077-0EFCFECBD6D5}\IconCFC105E3.exe
2010-07-07 22:44 . 2010-07-07 22:44 27136 ----a-r- c:\documents and settings\clintn.MONROE\Application Data\Microsoft\Installer\{B6CEAC47-E909-4AC2-A077-0EFCFECBD6D5}\Icon0FF7A68B.exe
2010-07-07 17:51 . 2010-07-07 17:51 -------- d-----w- c:\program files\Symantec_Client_Security
2010-07-07 03:18 . 2010-07-07 03:18 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Malwarebytes
2010-07-06 18:48 . 2010-07-06 18:48 -------- d-----w- c:\program files\Digital Line Detect
2010-07-06 18:48 . 2010-07-06 18:47 -------- d-----w- c:\program files\NetWaiting
2010-07-06 18:44 . 2008-08-21 16:59 -------- d-----w- c:\program files\CONEXANT
2010-07-06 18:42 . 2008-08-21 16:54 -------- d-----w- c:\program files\Intel
2010-07-06 18:36 . 2010-07-06 18:36 -------- d-----w- c:\documents and settings\clintn.MONROE\Application Data\Intel
2010-07-06 18:36 . 2010-07-06 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2010-07-06 18:36 . 2010-07-06 18:36 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2010-07-06 18:36 . 2010-07-06 18:36 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2010-07-06 18:36 . 2010-07-06 18:36 -------- d-----w- c:\program files\Common Files\Intel
2010-07-06 16:32 . 2010-06-28 13:55 63488 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-06 16:32 . 2010-06-28 13:55 117760 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-01 22:04 . 2010-05-23 05:21 -------- d-----w- c:\documents and settings\clintn.MONROE\Application Data\IObit
2010-07-01 20:58 . 2010-07-01 20:58 136 ----a-w- c:\documents and settings\clintn.MONROE\Local Settings\Application Data\fusioncache.dat
2010-07-01 20:13 . 2010-07-01 20:13 -------- d-----w- c:\program files\Common Files\Skype
2010-07-01 20:13 . 2010-05-28 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-06-30 12:31 . 2006-04-30 06:55 149504 ------w- c:\windows\system32\schannel.dll
2010-06-29 16:00 . 2010-05-23 09:16 32768 ------w- c:\windows\system32\TpKmpSvc.exe
2010-06-28 13:55 . 2010-06-28 13:55 52224 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-24 16:07 . 2010-06-24 16:07 87672 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-24 12:22 . 2006-04-30 06:56 916480 ------w- c:\windows\system32\wininet.dll
2010-06-23 14:24 . 2010-06-23 14:24 2944904 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\Mozilla\Firefox\Profiles\489azkwm.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-06-23 13:44 . 2006-04-30 06:55 1851904 ------w- c:\windows\system32\win32k.sys
2010-06-22 21:04 . 2010-06-22 21:04 1465512 ----a-w- c:\documents and settings\clintn.MONROE\Application Data\Update\patch_551455to551460_32\patch_551455to551460_32.02.exe
2010-06-21 15:27 . 2006-04-30 06:55 354304 ------w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-04-30 06:55 80384 ------w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2006-04-30 07:10 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2006-04-30 06:55 1172480 ------w- c:\windows\system32\msxml3.dll
2010-06-09 13:52 . 2008-07-24 23:45 13408 ------w- c:\windows\system32\drivers\radpms.sys
2010-06-09 13:51 . 2009-08-25 13:13 83360 ------w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-09 13:51 . 2009-08-25 13:13 29568 ------w- c:\windows\system32\LMIport.dll
2010-06-09 13:51 . 2009-08-25 13:13 87424 ------w- c:\windows\system32\LMIinit.dll
2010-06-04 00:17 . 2008-08-21 16:55 165160 ------w- c:\windows\system32\SynTPAPI.dll
2010-06-04 00:17 . 2008-07-04 05:29 120104 ------w- c:\windows\system32\SynTPCo4.dll
2010-06-04 00:17 . 2008-08-21 16:55 214312 ------w- c:\windows\system32\SynCtrl.dll
2010-06-04 00:17 . 2008-08-21 16:55 173352 ------w- c:\windows\system32\SynCOM.dll
2004-08-04 06:56 . 2009-12-03 23:30 561179 ------w- c:\program files\Common Files\dao360.dll
2004-06-17 15:07 . 2009-12-03 23:30 570128 ------w- c:\program files\Common Files\DAO350.DLL
2008-08-16 22:42 . 2008-08-16 22:42 13112 ------w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 22:42 . 2008-08-16 22:42 70456 ------w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 22:42 . 2008-08-16 22:42 91448 ------w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 22:42 . 2008-08-16 22:42 20800 ------w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 22:43 . 2008-08-16 22:43 206136 ------w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 22:42 . 2008-08-16 22:42 31032 ------w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 22:42 . 2008-08-16 22:42 40248 ------w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 13:41 . 2008-05-21 13:41 479232 ------w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 13:41 . 2008-05-21 13:41 548864 ------w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 13:41 . 2008-05-21 13:41 626688 ------w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 18:58 . 2008-06-05 18:58 648504 ------w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 22:42 . 2008-08-16 22:42 23864 ------w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
CODE
<pre>
c:\program files\CCleaner\ccleaner .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Installshield\UpdateService\ISUSPM .exe
c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager .exe
c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
c:\program files\Lenovo\Client Security Solution\cssauth .exe
c:\program files\Lenovo\HOTKEY\TPOSDSVC .exe
c:\program files\Lenovo Fingerprint Software\fpapp .exe
c:\program files\LogMeIn\x86\LogMeInSystray .exe
c:\program files\QuickTime\qttask .exe
c:\program files\RDS\RMClient\JobHisInit .exe
c:\program files\RDS\RMClient\MplSetUp .exe
c:\program files\ScanSoft\PaperPort\pptd40nt .exe
c:\program files\Skype\Phone\Skype .exe
c:\program files\Symantec_Client_Security\Symantec AntiVirus\vptray .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\program files\ThinkVantage\PrdCtr\LPMGR .exe
c:\program files\ThinkVantage\PrdCtr\LPMLCHK .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [N/A]
"SplitScreen"="c:\program files\SplitView 2008\SplitScr.exe" [N/A]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [N/A]
"RIMDeviceManager"="c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" [N/A]
"ISUSPM"="c:\program files\Common Files\Installshield\UpdateService\ISUSPM.exe" [N/A]
"Gbridge"="c:\program files\Gbridge LLC\Gbridge\pstartw.exe" [N/A]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"TpShocks"="TpShocks.exe" [2008-06-07 181536]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [N/A]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-08-04 62240]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [N/A]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [N/A]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [N/A]
"Spiceworks"="c:\program files\Spiceworks\bin\spicetray_silent.exe" [N/A]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [N/A]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-05-12 517480]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-11 145432]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [N/A]
"MplSetUp"="c:\program files\RDS\RMClient\MplSetUp.exe" [N/A]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [N/A]
"JobHisInit"="c:\program files\RDS\RMClient\JobHisInit.exe" [N/A]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2010-08-30 36356]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-11 174616]
"EncMove"="c:\program files\EncompassInsurance\Encompass Optimization Install\EncompassMove.exe" [N/A]
"EncMov32"="%ProgramFiles (x86)%\EncmpassInsurance\Encompass Optimization Install\EncompassMove.exe" [N/A]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [N/A]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2010-05-12 208896]
"B2BMC_STARTER"="c:\fipsco life portraits\AHL\B2BMC-Starter.exe" [N/A]
"AMSG"="c:\progra~1\THINKV~1\AMSG\Amsg.exe" [2009-09-03 436800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [N/A]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [N/A]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [N/A]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [N/A]
"vptray"="c:\program files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe" [2010-06-30 231888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2008-3-28 596584]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-7-6 50688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Shortcut to TamManager.lnk - c:\program files\PaperWise Suite V6\TamManager.exe [2009-4-23 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)
"MaxGPOScriptWait"= 3600 (0xe10)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoTaskGrouping"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2010-02-05 11:44 180224 ------w- c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-09-25 16:02 16680 ------w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-06-09 13:51 87424 ------w- c:\windows\system32\LMIinit.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spiceworks\\httpd\\bin\\spiceworks-httpd.exe"=
"c:\\Program Files\\Spiceworks\\bin\\spiceworks-finder.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [5/23/2010 4:16 AM 24304]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/9/2009 12:10 PM 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [5/23/2010 4:12 AM 13480]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 7:50 AM 46144]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [5/23/2010 4:16 AM 132456]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2/5/2010 6:43 AM 98304]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CamMute.exe [5/23/2010 4:13 AM 50536]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [8/21/2008 12:15 PM 53248]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [5/19/2008 9:00 PM 63928]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [5/14/2008 6:25 PM 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 7:50 AM 360448]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 10:19 PM 13592]
R3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\drivers\ATSwpWDF.sys [5/5/2010 3:42 PM 661448]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [8/21/2008 11:36 AM 239760]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [7/24/2008 6:45 PM 13408]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 5:54 PM 37312]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2/5/2010 6:39 AM 1824064]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [5/23/2010 4:12 AM 45496]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2/5/2010 6:43 AM 106496]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2/5/2010 6:44 AM 118784]
S3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\drivers\gbridge.sys [5/10/2009 12:46 PM 41216]
S3 hipeer20;Remobo Instant Private Network;c:\windows\system32\drivers\remobo32.sys [4/22/2009 10:21 AM 26112]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [5/4/2010 9:47 AM 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [5/4/2010 9:47 AM 11104]
S4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\documents and settings\clintn.MONROE\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe [9/20/2007 5:10 PM 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-08-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.tfins.com/
uInternet Settings,ProxyServer = http=tfserver:3128
uInternet Settings,ProxyOverride = https://*;webmvr.com;https://www.webmvr.com;hxxp://remotedeposit.ctbonline.com;https://remotedeposit.ctbonline.com;https://amig.com;https://modernlink.amig.com;https://*.amig.com;<local>
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: allstate.com
Trusted Zone: allstate.com\ehg
Trusted Zone: allstate.com\login
Trusted Zone: allstatehelp.com
Trusted Zone: Deerbrook.com
Trusted Zone: Deerbrook.com\interlink
Trusted Zone: encompassinsurance.com
Trusted Zone: encompassinsurance.com\billing
Trusted Zone: encompassinsurance.com\forms
Trusted Zone: encompassinsurance.com\iabi
Trusted Zone: encompassinsurance.com\infoview
Trusted Zone: encompassinsurance.com\interlink
Trusted Zone: encompassinsurance.com\motorclub
Trusted Zone: encompassinsurance.com\policy
Trusted Zone: gotoassist.com
Trusted Zone: interlinkhelp.com
Trusted Zone: travelers.com
Trusted Zone: travelerspc.com
Trusted Zone: travelers.com
Trusted Zone: travelerspc.com
DPF: {16A017B9-6CB4-47C7-8E81-6E9396FAC2B6} - hxxp://tfsecurity/NSIDVRCtrlX.ocx
DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} - hxxps://www.childrenview.net/rooms/smallworld/OCXChecker_6110.cab
DPF: {297AEB8E-D78B-427A-BBC2-E6496017D290} - hxxps://allapp.ahlcorp.com/DataSync/Control/AHLDSync.cab
DPF: {C11F5ACE-2471-49CE-BA64-B3A66D12C846} - hxxps://tfserver.monroe.tfins.com/RSC/invitation.aspx?getActiveX=1
DPF: {DA8484DE-52DB-4860-A986-61A8682E298A} - hxxps://www.childrenview.net/rooms/smallworld/OCXChecker_6110.cab
DPF: {E5238271-D692-408F-A625-275DF49EE4E3} - hxxps://allapp.ahlcorp.com/InfoUpdate/Control/AHLInfoUpdate.CAB
DPF: {E6545011-41C1-41E8-A553-2457571D1BBC} - hxxp://localhost:25684/Sessionctl/control/SessionCtl.cab
FF - ProfilePath - c:\documents and settings\clintn.MONROE\Application Data\Mozilla\Firefox\Profiles\489azkwm.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-30 13:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,b6,55,e2,61,fd,3d,4d,bc,bb,01,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,b6,55,e2,61,fd,3d,4d,bc,bb,01,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\ATGinaHook.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.DLL
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll
c:\program files\Lenovo\Client Security Solution\css_banner.dll
c:\windows\system32\cssuserdatadispatcher.dll
c:\windows\system32\tvttsp.dll
c:\windows\system32\tcsrpc.dll
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(4312)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\progra~1\SYMANT~1\SYMANT~1\DefWatch.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\SYMANT~1\SYMANT~1\Rtvscan.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TpKmpSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\TpShocks.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\msiexec.exe
c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
.
**************************************************************************
.
Completion time: 2010-08-30 13:40:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-30 18:40
ComboFix2.txt 2010-08-30 17:10
ComboFix3.txt 2010-08-30 16:06
ComboFix4.txt 2010-07-07 21:27

Pre-Run: 82,713,210,880 bytes free
Post-Run: 86,016,405,504 bytes free

- - End Of File - - AB723124EFAEC477F98E89D566CAE974


#15 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:11:29 AM

Posted 30 August 2010 - 01:52 PM

Hi there,

Close any open browsersso they do not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the codebox below into it:

CODE
RenV::
c:\program files\CCleaner\ccleaner .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Installshield\UpdateService\ISUSPM .exe
c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager .exe
c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
c:\program files\Lenovo\Client Security Solution\cssauth .exe
c:\program files\Lenovo\HOTKEY\TPOSDSVC .exe
c:\program files\Lenovo Fingerprint Software\fpapp .exe
c:\program files\LogMeIn\x86\LogMeInSystray .exe
c:\program files\QuickTime\qttask .exe
c:\program files\RDS\RMClient\JobHisInit .exe
c:\program files\RDS\RMClient\MplSetUp .exe
c:\program files\ScanSoft\PaperPort\pptd40nt .exe
c:\program files\Skype\Phone\Skype .exe
c:\program files\Symantec_Client_Security\Symantec AntiVirus\vptray .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\program files\ThinkVantage\PrdCtr\LPMGR .exe
c:\program files\ThinkVantage\PrdCtr\LPMLCHK .exe
  • Save this as CFScript.txt, in the same location as ComboFix.exe


Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users